Our business strategy is set by Fuji Xerox Asia Pacific Pte Ltd as part of our medium-range planning process. Operational direction is agreed within an annual operating plan that is developed in accordance with Fuji Xerox Asia Pacific Pte Ltd guidelines and agreed prior to the commencement of our financial year.
Our corporate constitution and the communication matrix between Fuji Xerox Asia Pacific Pte Ltd and our organisation govern the board of directors and management respectively. Fuji Xerox Australia’s board of directors includes our managing director and the chief financial officer, president and general managers from Fuji Xerox Asia Pacific Pte Ltd and Fuji Xerox Co Ltd.
Operational control at a local level rests with the managing director who is supported by the broader executive leadership team (ELT). The ELT meets formally on a monthly basis, with additional meetings called in response to particular issues.
Ethics and Integrity[G4-56]
Fuji Xerox Australia documents through policy and procedure our expectation of all employees to meet high standards of ethics, integrity and behaviour. All employees sign the policy statement acknowledging their understanding and commitment to our policy.
Fuji Xerox Australia has a dedicated risk function in place, responsible for ensuring that all key risks are known and assessed, and that adequate plans are in place to mitigate these risks to the extent possible. As part of this, we have a documented risk management framework which provides guidance on Fuji Xerox Australia’s risk appetite. [G4-14]
Our Risk and Audit Committee (RAC) includes our managing director and ELT. The RAC meet quarterly and oversee the enterprises’ risk and assurance functions including the company’s risk profile, progress being made against plans to mitigate specific risks, and the program of work for risk management and internal audit.
Sustainability risks are covered in the risk profile and on a quarterly basis, the risk function meets with key sustainability stakeholders from across the business to ensure that any sustainability risks and suggested plans for their mitigation are raised with the RAC.
The risk function reports directly to the managing director and has unimpeded access to investigate any area of the business that it sees fit in order to ensure that risks are being adequately and effectively mitigated.
[G4-DMA] Aspect: Customer privacy, [G4-PR8]
As our business progresses our services and solutions offerings and with the rapid move to digitisation and disruptive technologies in the market, we believe effectively managing information security is an imperative. In order for our customers to entrust us to manage and maintain their information assets and to utilise our services and solution, we are working on optimising the information security structure within the company.
Fuji Xerox Co Ltd set the direction for all Fuji Xerox companies across the Asia Pacific region to implement and attain certification for an Information Security Management System (ISMS) in accordance with ISO27001:2013. Since February 2015 Fuji Xerox Australia has implemented a number of information security controls in order to safeguard information assets. Fuji Xerox Australia attained ISO27001:2013 certification in December 2016 for our headquarter office and is looking to expand the scope of its ISMS to additional sites. Senior Management meet regularly to review our ISMS and drive plans for continuous improvement.
Attaining and maintaining certification is not without its challenges in a diverse business with complex systems, particularly with the need for cultural and behavioural changes for employees unfamiliar with ISMS requirements and tight timeframe to implement all changes.
In the reporting period Fuji Xerox Australia has not had any substantiated complaints from customers, regulatory bodies or other third parties relating to breaches of customer privacy or losses of data.
Leverage best practice governance frameworks to improve organisational accountability and performance while building a resilient business that delivers on the expectations of stakeholders.
Governance and risk:
Develop an integrated framework for policy, procedure and delegations of authority.
Review key policies, procedures and delegations and establish a phased timeline for other policy, procedure and delegations based upon materiality and the impact of other projects.
Provide communications and training to support the enterprise risk management framework in key focus areas.
Refresh the Fuji Xerox Australia corporate risk profile.
Launch new incident management process.
Policy and Procedure Management framework and Delegations of Authority developed.
Business Continuity Management and Compliance Management Framework developed and published.
Human Resources and Purchasing and Procurement policies and procedures reviewed and updated.
Risk management framework developed and awareness training rolled out across the organisation.
New risk profile developed and reviewed quarterly by the RAC.
Incident management process launched.
Develop a consolidated compliance program for all of Fuji Xerox Australia’s activities.
Compliance Management Framework developed.
Accreditation renewed under ISO 9001 and 14001
Compliance Register setting out specific compliance obligations and related activities and owners to be developed.
Develop integrated risk-based assurance plan.
Risk based internal audit plan in place and in operation.
|Complete risk based deep dives and internal audits in accordance with the plan to more effectively mitigate some of the most significant risks facing our business.||
All work conducted per the established plan.
All recommendations tracked and progress reported to the ELT to ensure effective implementation.
|Complete the Compliance Register and commence the development of Compliance Plans for material compliance obligations.||
We have developed a Compliance Management Policy, Procedure and Register. Our first compliance plans are in progress for compliance to ISO9001, ISO14001 and ISO27001.
|Finalise the business continuity management framework for testing in early FY16/17.
Business continuity management framework complete, including the development and testing of detailed disaster recovery plans.
|Prepare for accreditation to ISO27001 for Information Security Management.
|Update policy and procedure for quality management and environmental management and ensure ISO9001 and ISO14001 accreditations are maintained.||
Both our quality management and environmental management procedures have been updated and released.
Better embed risk management into the day-to-day operations of the business.
Improve risk mitigation by improving processes and controls in key areas of focus.
Achieve certification to ISO27001 for our headquarter office.
Implementing compliance plans in accordance with our material compliance obligations.