Security
Secure Product Development and Product Security
Security and integrity of our products, customer systems and infrastructure, and availability of our services are at the top of our mind in our product development process and product services. We follow the Confidentiality, Integrity, and Availability Triad.
The following provides a basic overview of our processes and security features embedded in our products. For more detailed information on the security of our products, services, and solutions, please, refer to your local Canon representative.
Security of our hardware and software products and services is crucial as more and more products can be used remotely and are connected via the internet, operate wireless, or provide cloud-based services.
Our hardware and software products are developed according to industry security standard working methods and equipped with state-of-the-art features to protect our printers and controllers, PRISMA workflow as well as application software from security threats.
Developing secure products is one of our highest priorities and an integrated part of the product development process. Security starts at the inception of the product. With threat modeling and attack surface analysis, the architecture and the design of the product are constantly assessed for security threats. The design of our products is governed by security aspects and during development, we regularly test and audit the products for vulnerabilities.
We implement appropriate security features and key mechanisms, such as user authentication and access, audit logging, hardening, and encryption.
This includes appropriate features and functionality for the safe and secure disposal of products at the end of their support lifetime.
Specific market segments, customers, and applications may even ask for additional security requirements on our products which are taken additionally into account.
Our products are developed according to a System Development Lifecycle (SDLC) process, which is an agile-based development process that, among others, models itself with and resembles the processes as defined by the National Institute of Standards and Technology (NIST) and Open Web Application Security Project (OWASP).
Our maintenance and support agreements regularly provide product and security updates for our hardware and software products, as well as our cloud applications. This includes security updates as well for their components until the end of their respective end of support life.
When a product is considered at the end of its life, appropriate security processes allow customers to safely and securely dispose of their confidential and personal data stored in the Canon environment on-premise and in the cloud.
Canon offers security update services remotely or by local Canon service representatives subject to regular maintenance agreements. Our remote interaction with On Remote Service to our products meets ISO27001 standards.
Depending on the product type, product system security updates can also be managed directly by the customer (e.g. by visiting https://downloads.cpp.canon).
For customers operating in critical and highly secured environments in which remote update services are not allowed, Canon offers onsite update services by Canon-trained and certified service engineers. For more information on these onsite services, please contact a local Canon sales or service representative.
Responses to reported vulnerabilities are treated according to our Incident Response Procedure with a team of security experts evaluating vulnerabilities, incidents, and security risks and propose solutions and risk mitigation actions.
Canon PSIRT (Product Security Incident Response Team) is the organization responsible for responding to vulnerabilities that are associated with products and services from Canon Inc..
Advisories and notifications as well as the reporting of security issues for Canon Inc. products, can be found here: https://psirt.canon