Securing Devices

Controlling Access

Protecting Documents

Safeguarding All Valuable Data

Keeping your business your business. Your business may be at risk. Toshiba can help.

Security is a growing concern for companies of all sizes. With Toshiba SecureMFP,™ we employ innovative methods of protecting valuable data in order to help businesses of all sizes meet the increasing security challenges.

Protect your data The 2009 Data Breach and your business Investigation Report found that 74% of security breaches The Association of Certified Fraud resulted from external sources Examiners found that companies and 20% were traced to in the United States lose more than insiders. Reports from a $600 billion a year due to fraud, and variety of resources have document fraud is a large part of this come to these same conclusions: data statistic. Now that MFPs (Multifunction theft is common, it happens regularly, Up toOver $600 billion Products) and laser printers are able and everyone is aware that it’s a lost each year to fraud to store data, they’ve become an

serious problem. That’s why we deliver Up to1 in 5 security breaches integral part of business networks, and serious security solutions. In addition come from inside a critical point of vulnerability. They to protecting against security breaches Up toLeft unsecured, an MFP retain latent document images and and possible litigation, we assist in can pose one of the contact information, leaving sensitive keeping businesses compliant with greatest threats to your information and mission-critical data ever-increasing government regulations organization at risk. These threats to security can

such as HIPAA, FERPA, Sarbanes- Up to50%-70% of all identity come from anyone, anywhere. Oxley, and eDiscovery, to name a few. theft occurs in the workplace

That networked MFP in the corner of your office just might be the most significant entry point for hackers to hijack sensitive data from your business. Up SeSecures Print Output

Protects Data Device security authenticated sources and ensures Creates Secure PDF the integrity of all communications.

In order to protect the confidentiality ControlledControls Access and integrity of your data, we continually Access security develop comprehensive security Toshiba has measures for Toshiba devices. Many developed simple of our MFPs come standard with hard yet highly effective Control access drive encryption and data overwrite to your MFP methods of features. For other models, we offer with Network establishing access Advanced Encryption functionality Authentication. security without providing on-the-fly encryption and inconveniencing decryption of data written to the users. Network device’s hard disk drive. The Data Authentication Overwrite Kit ensures that all data allows administrators to control is erased after every fax, copy, scan, access at the device in the same and print job in order to prevent latent way it’s controlled from the desktop. storage of valuable data. Because Department Codes provide MFPs and network printers function valuable data tracking and usage as complex network devices, we information, giving authorized users have developed several solutions that full functionality at the device. Usage specifically address network security. Limitations enable administrators IPv6 ensures IP security with a larger to set limits for copy and print jobs, IP address range, protection from as well as track and control costs. scanning and attacks, and support for Strong Passwords utilizes a ten- authentication and confidentiality as part digit alphanumeric administrative of our optional IPsec. Secure Sockets password for added protection along Layer (SSL) employs encryption with a log-on attempt limitation. To technology to protect all data traveling streamline the user login process, to and from the MFP, while IP Filtering our SmartCard Authentication acts like a firewall to protect your requires the simple swipe of a card internal network from intruders. Also, while allowing limited user access SMB Signing adds a digital signature to specific features and functions. to verify that data is received from Security where it counts, because it counts everywhere.

Toshiba takes the security of your documents very seriously. And we are ready to help protect your critical data with our suite of Digital Rights Management (DRM) Solutions from Fasoo. Fasoo is a world leader in Enterprise DRM with more than a decade of experience in the industry.

Document security Reliable Protection: Constantly protects files, including Fasoo’s DRM applications will help shared files for legitimate uses. your company provide even greater • Data at Rest protection against unauthorized • Data in Transit access to sensitive financial, technical • Data in Use and personal information. You can Extended easily control access to Microsoft Dynamic Permission Controls: Features of Office Documents, PDFs, engineering Controls file access privileges of Fasoo DRM drawings, images and other common users, groups and/or environments. file formats. These threats come Revokes documents after • Who & Where (user, group, delivery with a dynamic from both inside and outside of your device and network address) permission control. organization, and this technology helps • How (view, edit, print, copy/paste, Prevents unauthorized use you to better address these risks. of screen capture tools, screen capture and decrypt) remote desktop software • When (expiration date, validity and virtual machines. Fasoo DRM enables you to: period and how many times) Supports native applica- • Prevent unintended information tions and file formats that disclosure or exposure are transparent to users. Audit Trail: • Ensure a secure information Tracks activities of users, files sharing environment changes in configuration. • Better manage workflows and • Who (user and group) simplify secure collaboration • What (document name and path) • How (view, edit, print and decrypt) Fasoo DRM is the best core security • Where (IP address) infrastructure for organizations • When (time log) struggling to reduce data loss and improve work efficiency.

Every day, billions of pages of confidential information – medical records, legal documents and financial data – are produced and distributed using office copiers, printers and MFPs. Label End of Security Vulnerability Report Document Security Life Access Security Security VulnerabilityDevice Security Report

Device Security Access Security Document Security End of Label

Life

EOL Level EOL

Document Level Document

Access Level Access

Device Level Device

Program Implemented Program

Fasoo.com

Print to hold via 08 Code 08 via hold to Print

Private Print via 08 Code 08 via Print Private

Hardcopy Security Hardcopy

Private Print Private

Print to Hold to Print

SecurePDF

Rigndale Followme Rigndale

CopyAudit Touch CopyAudit

SmartCard

RBAC

Network Authentication Network

Department Codes Department

IPSec

Data Overwrite Data

Advanced Encryption Advanced eBridge Technology eBridge Serial Number Model HP Color LaserJet 26o5dtn CNGC72706W HP Color LaserJet 2820 CNHC75H017 Model Serial Number eBridge Technology Advanced Encryption Data Overwrite IPSec Department Codes Network Authentication RBAC SmartCard CopyAudit Touch Rigndale Followme SecurePDF Print to Hold Private Print Security Hardcopy Private Print via 08 Code Print to hold via 08 Code Fasoo.com Implemented Program Device Level Access Level Document Level EOL Level HP Color LaserJet 4645 JPCBD00282 HP Color LaserJet 26o5dtn CNGC72706W HP Color LaserJetHP Color 4700 LaserJet JP4LB29243 2820 CNHC75H017 HP Color LaserJetHP Color 4700 LaserJet JPTLB706597937YLM 4645 JPCBD00282 LEXMARK T650 HP Color LaserJet 4700 JP4LB29243 TOSHIBA e-STUDIO523THP Color LaserJet CZC828596 4700 JPTLB70659 TOSHIBA e-STUDIO600LEXMARK T650 CQJ723147 7937YLM Our experts TOSHIBA e-STUDIO451c CFJ511748 Encompass Security TOSHIBA e-STUDIO523T CZC828596 TOSHIBA TOSHIBAe-STUDIO452 e-STUDIO600 CIC614486 CQJ723147 will map out TOSHIBATOSHIBA e-STUDIO3510c e-STUDIO451c CVI611760 CFJ511748 Assessment TOSHIBA e-STUDIO3530c CZF810922 your devices TOSHIBA e-STUDIO452 CIC614486 TOSHIBA e-STUDIO3510c CVI611760 TOSHIBA e-STUDIO3530c CZF810922 Toshiba utilizes innovative security and provide No Security Basic Security Enhanced Security Optimal Security technologies and expert personnel a detailed No Security Basic Security Enhanced Security Optimal Security Security who are trained and certified as Vulnerability part of our Encompass Security Report. Vulnerability Assessment Program. Our Professional Services Consultants will: • Assess device, fleet, and enterprise document security • Assess all points of vulnerability including brands and devices that may not be manufactured by Toshiba • Provide a tailored security plan • Help implement the plan efficiently and effectively

Our Encompass Security Assessment includes four areas of focus: • Device Security • Access Security • Document Security • End of Life/Disposal Security Secure your data, before it leaves the building.

Toshiba has an extensive End of Life Security Policy to ensure all of your critical data is removed from the copier hard drive before it leaves your organization. Toshiba devices, as well as many other brands, can be scrubbed to remove any and all information that may still be stored on the hard disk drive.

MFP End of Life Security Policies At the end of your lease, you can choose which level of security suits the needs of your organization.

Basic Security Enhanced In addition to BASIC includes removing ENHANCED Security includes OPTIMAL the procedures SECURITY the uncleansed SECURITY overwriting all of SECURITY included in the hard disk drive the data on your Enhanced End‐ (HDD) and existing Toshiba of‐Life Security returning it. You are then responsible MFP, including NVRAM and Fax Scrub, Toshiba will provide you with for disposing of the HDD. If your data. If your MFP has been financed, the actual MFP Hard Drive. You are MFP has been financed, the lessor the lessor requires that the MFP is then responsible for disposing of requires that the MFP is returned returned in good operating condition. the cleansed HDD. We will install a in good operating condition. In this In this case, reloading the system new functional HDD in the device case, a new HDD is then installed firmware is required so that the MFP to restore it to full functionality. and reloaded with system firmware will be operational. This level ensures so that the MFP will be operational. that data is irretrievable and that the Security Procedure: HDD is restored to functional status. • HDD Scrub Security Procedure: • NVRAM and Fax Data Scrub • Remove and return uncleansed Security Procedure: • Remove and return cleansed HDD to customer • HDD Data Scrub HDD to customer • Install new HDD • NVRAM and Fax Data Scrub • Install new HDD • NVRAM and Fax Data Scrub • Reload System Firmware

Certificate of Data Destruction

Remove critical data from your hard

This Certification hereby affirms that the following actions were successfully completed on disk drive before disposing of your MFP. the subject equipment. Model/Serial #______SecureMFP Label | 06.05.09_r4

Certificate of Data Destruction We will provide you with a Certificate of Data Destruction for all devices that have reached End of Life within your organization. SECURITY RATING This device has been evaluated and meets the following security levels.

Is data Is access Are documents Is disposal safe? locked down? protected? secure? Protect and defend

With SecureMFP, each device is NO BASICNO ENHANCEDNO OPTIMALNO assessed and labeled to indicate SECURITY SECURITYSECURITY SECURITY SECURITYSECURITY the level of security. The following four areas of security are identified:

™ • Device Security • Access Security For more info on securing your device go to: www.securemfp.com • Document Security • End of Life/Disposal Security Toshiba can help you achieve a uniform level of security across BASIC BASIC BASIC SECURITY SECURITY SECURITY your network in order to protect valuable data and intellectual property. Allow one of our Professional Services Consultants to show you how we can best ENHANCED ENHANCED ENHANCED provide the level of security your SECURITY SECURITY SECURITY company requires while reducing revenue losses and ensuring that regulatory requirements are met. OPTIMAL OPTIMAL OPTIMAL SECURITY SECURITY SECURITY For more info visit www.securemfp.com

Keylines indicate die cut. indicates waste liner Toshiba’s Security Toolkit - Standard Certifications & Standards Regulatory Compliance with all Toshiba e-STUDIO Devices. DoD – The Department of Defense HIPAA – The Health Insurance Device The U.S. Department of Defense Portability and Accountability Act • SSL Toshiba security solutions offer • IPv6 manual outlines rigid policies and • IP Filtering standards in the interest of protecting advanced features that address the • SMB Signing the security of the United States. privacy and security of protected patient • IPSec* Toshiba meets these policies with information, including secure device • Data Overwrite Disk Overwrite solutions that clear access, private printing capabilities, • Advanced Encryption and sanitize hard disk drives that an audit trail, and features that allow only authorized users to receive Access may contain classified information. • Email Authentication confidential data or documents. • Network Authentication CCEVS – Common Criteria • Role Based Access Evaluation and Validation Scheme GLB – The Gramm-Leach-Bliley Act • Usage Limitations The CCEVS program recognizes and The Financial Privacy Rule and the • SmartCard Authentication* validates security solutions based Safeguards Rule mandated through • Strong Passwords the Gramm-Leach-Bliley Act pertain • Department Codes upon an internationally accepted methodology. Toshiba products comply to the disclosure of private financial Document with the Common Criteria Evaluated information. The rules require all • SecurePDF Assurance Level, and conform to ISO/ financial institutions to design and • Private Print IEC15408 (Information Technology maintain systems to support the • HardCopy Security Security Evaluation Criteria). protection of customer information. • Job Log Toshiba products support this directive. *Optional security solutions FERPA – The Family Education Rights and Privacy Act FERPA requires a heightened level of security for educational institutions in order to comply with the U.S. Department of Education. Password-restricted printing, controlled device access, and data encryption and/or deletion ensure that sensitive information is protected on Toshiba multifunction devices.

SOX – The Sarbanes-Oxley Act Corporate governance regulations such as the Sarbanes-Oxley Act Corporate Office 2 Musick, Irvine, CA 92618-1631 are enforced on Toshiba MFP Tel: 949-462-6000 East Coast 959 Route 46 East, 5th Floor, Parsippany, NJ 07054 devices through data security Tel: 973-316-2700 safeguards focused on restricting Midwest 8770 W. Bryn Mawr Ave., Suite 700, Chicago, IL 60631 Tel: 773-380-6000 access to information, tracking data, South 2037 Bakers Mill Rd., Dacula, GA 30019 and protecting data integrity. Tel: 678-546-9385 West Coast 142 Technology, Suite 150, Irvine, CA 92618 Tel: 949-462-6262 Web Site www.copiers.toshiba.com

SMFP BRO - Feb. 2011 MC 4M