01732 759725 40 VOX POP continued... PrintIT Reseller: What steps have you taken to ensure you meet the disclosure obligations specified in the PSTI regulations for example, setting up a central point for end-users to report vulnerabilities on devices directly to manufacturers, and a requirement to provide information about the minimum length of time for a product’s security update lifecycle? Kyocera has developed a webpage dedicated to providing key information about PSTI, explaining the implications of the legislation, what can be expected (e.g. what’s in the box)... The Product Security and Telecommunications Infrastructure Act 2022 (PSTI) came into effect on April 29, 2024. Part 1 of the Act (which is the focus of this Vox Pop) is intended to improve the UK’s resilience to cyber-attacks by imposing new security requirements for connectable products. Here, we invite some of the print sector’s leading vendors to discuss how the new mandated minimum security requirements will impact the industry and what steps they have taken to comply The impact of PSTI Matt Hayman, Head of Governance & Standards, Kyocera Group UK: Applied from April 29, 2024, all Kyocera consumer A4 printers and MFPs will have a unique ‘admin’ password included in the box together with their ‘statement of compliance’ documents. In this way access to internal settings and device security is secured to the owner of the device alone, removing the risk of attack through default and easily guessable passwords. Kyocera has developed a webpage dedicated to providing key information about PSTI, explaining the implications of the legislation, what can be expected (e.g. what’s in the box) and importantly, how long devices shall be supported for (in terms of firmware and software updates). This webpage is supplemented with information specific to our channel partners on the PSTI section of our partner portal, including video podcasts and FAQs. Furthermore, the site provides details of Kyocera’s Vulnerability Disclosure Policy (VDP), signposting to publicly communicate security vulnerabilities as well as helping to support academic bodies and security organisations in the important work they perform testing for potential vulnerabilities that can impact the consumer and businesses alike. For Kyocera, complying with the PSTI Act isn’t just about ticking boxes; it’s about customer service and safeguarding our customers in this increasingly connected world. All security vulnerabilities are announced on our website where we also make security patches and the tools to implement them available. For our warranty customers, our remote resolution team is ready to help and for our fully managed print services customers, it’s all part of the service. Sarah Mackay, Head of Operations, UTAX: With some of UTAX’s A4 devices being identified as products that could be suitable for consumer use, they have been preparing for PSTI from the manufacturing process right through to service. Relevant devices will now be shipped with a statement of compliance and a unique password in each box. They have also created a web page to specifically address the new regulations, this page includes a form enabling customers to report a vulnerability or known security issue with a UTAX PSTI-compliant device. Julian Hodges, Head of Product Marketing, Sharp UK: Sharp ensures that any products in the scope of the new regulation are fully compliant with all the requirements. This includes making available statements of compliance for each product and detailing the defined support period. In addition, we also have a central point available on our website for end-users to report potential product security vulnerabilities. Phillip John, Category Manager – Office, Konica Minolta: Konica Minolta has published a statement of compliance with the PSTI Act for its devices, and this is available online from the Konica Minolta download centre, the Konica Minolta website, as well as upon request. This document highlights the products that are covered, details the length of time updates are available, as well as giving contact information to discuss any compliancerelated concerns. A process has been introduced to manage any compliance-related enquiries, which will be reviewed regularly and improved if required. Matt Hayman
RkJQdWJsaXNoZXIy NDUxNDM=