Secure by Design

Lexmark’s expertise as an industry leader in document and device security forms the backbone of our technology. This systematic approach to security delivers a critical benefit to our customers: the confidence to efficiently and cost-effectively get the job done, knowing their devices and data are protected every step of the way.

n6 grey6 triangle

  product design

Intentional software and hardware design for complete security

Lexmark hardware and embedded firmware are only part of your organisation’s output ecosystem. For optimal protection, the software used to support printers and multifunction devices must be developed to the highest of industry standards. And developers creating this software should be experts who can immediately respond to security-related issues.

Lexmark’s Secure Software Development Lifecycle (SSDL) is a series of processes designed to address all aspects of security related to software development from planning through design and implementation, including quality assurance, release and maintenance.

The SSDL offers unparallelled protection checkpoints to meet your organisation’s unique security requirements.

Secure training icon

Training

Every Lexmark developer goes through rigourous security training to develop software using the most secure code writing practises.

Secure requirements icon

Requirements

Ongoing dialogue with security experts and customers help determine the features and requirements that are built into each Lexmark device.

Secure design icon

Design

Using secure development practises, Lexmark engineers distil requirements gathered into detailed feature specifications and threat modelling helps analyse and reduce each product’s attack surface.

Secure implementation icon

Implementation

The implementation process leverages the appropriate security-related configurations and analysis tools during the software build process.

Secure verification icon

Verification

Before any code is shipped, Lexmark goes through a rigourous, multi-point testing phase to check for vulnerabilities and code stability.

Secure release icon

Release

To ensure security and control, a limited number of developers are authorised to release code; this prevents the potential for malicious software release.

Secure response icon

Response

If a vulnerability is discovered, Lexmark immediately assesses the issue and alerts our customers; we quickly resolve the problem as needed and provide remediation instruction.

Simply put, nobody matches Lexmark’s commitment to developing the most hardened print software in the industry, designed to enhance security across your entire network.


​  supply chain integrity

Security you can trust across the supply chain

Lexmark is committed to operating in a responsible manner in all areas of our business, including our global supply chain. Through every step of the supply chain, Lexmark works hard to ensure that our employees, manufacturers and suppliers adhere to the highest standards of compliance, security and social responsibility.

lexmark-supply-chain

Across Lexmark’s supply chain, employees and supply partners operate in full compliance with laws and regulations where products are manufactured and distributed by Lexmark. This includes membership and participation in the Responsible Business Alliance (RBA) that strengthens our organisational efforts in support of human rights, labour standards, and other corporate social responsibility values to ensure a conflict-free supply chain. Our suppliers are required to allow Lexmark-conducted social and environmental responsibility (SER) audits on the physical premises where supplier manufactured products are provided to Lexmark.

Lexmark carefully manages every phase of supply chain management including:

  • Supplier management: In addition to operating in full legal compliance, suppliers are expected to adopt the RBA code of conduct and must report on the origin and source for materials used in their manufacturing processes.
  • Supplier audits: Lexmark aligns with best practises for security and continually audits suppliers at a higher standard.
  • Manufacturing audits: Monthly audits of electronic components ensure compliance with the design and boot security measures.
  • Code of Conduct: Lexmark’s Supplier Code of Conduct defines our supply chain partners’ commitment to Lexmark’s social and environmental policies as they apply to their business operations.
  • Employee training: Lexmark employees are responsible for and committed to delivering on our environmental, social and governance (ESG) objectives and guidelines.

Our customers trust Lexmark as a technology partner committed to integrity, security and transparency in all its supply chain operations, to deliver the highest levels of performance and protection. In fact, Lexmark is the first imaging manufacturer to receive ISO 20243 certification for supply chain integrity.


​  security features

Security built into every device and solution

At Lexmark, we don’t treat security as an afterthought or optional feature. In fact, security is an integral design and engineering component embedded into all of our products, tools, and services. Our advanced security capabilities help minimise threats and vulnerabilities.

Lexmark’s comprehensive approach to security covers a full spectrum of features and functions designed to protect every aspect of your output environment.

Lexmark meets the most stringent industry and government security standards including Common Criteria and Federal Information Processing Standard (FIPS). Our security ecosystem is designed to overcome the most complex data protection challenges for every business, in every industry.

Secure devices icon

Devices

Industry-leading features including hard disc encryption, secure boot technology, continuous boot verification, and signed and encrypted firmware are built into every Lexmark device.

Secure data icon

Data

To protect critical data, security features include authentication and authorisation flexibility, user/group security, access controls, security templates, login restrictions and operator panel lock functionality.

Secure network icon

Network

Encryption and security features like TCP connection filtering, port filtering, TLS 1.2, SMBv3, fax/network separation and secure authentication protect your network across the organisation.

SecurityIcons

Users

Secure access features in Lexmark products ensure that only authenticated and authorised users can work with sensitive, valuable and protected information.

Secure tools icon

Tools

Security tools like Markvision Enterprise and Lexmark Cloud Fleet Management enable device and security configuration across fleets as well as conformance monitoring.

Secure services icon

Services

Lexmark Managed Print, Assessment and Consulting Services utilise analytics that give organisations greater visibility and control at every stage of adoption, along with consulting services to ensure fleet security.


​  industry Certifications

Validated security to protect your organisation

Lexmark designs hardware and solutions with the industry’s most stringent specifications to ensure sensitive information is protected across the network. Devices are validated for Information Technology Hardcopy Device and System Security, using the 2600-2008 IEEE Standard. In addition, Lexmark is the first imaging manufacturer to receive ISO 20243 certification for supply chain integrity.

Lexmark third-party certifications

​ Hardware

​ Information

​ Standards

​ Supply Chain

​ Encryption

​ Cyber Security

Lexmark analyst evaluations

Learn more now about our analyst evaluations and third-party validations designed to protect your most critical information.


​  vulnerability management

Stay current to stay secure

Lexmark delivers printers and software that minimise security-related vulnerabilities. Our security experts constantly monitor multiple channels to identify potential security vulnerabilities, and if the need arises, react quickly to limit exposure to threat:

  • Design: Lexmark’s Secure Software Development Lifecycle (SSDL) is designed to address software security throughout planning, implementation, quality assurance, release and maintenance stages.
  • Assessment: Vulnerabilities are analysed by security experts to determine potential impacts and whether the vulnerability is possible in Lexmark’s implementation.
  • Resolution: If a vulnerability is detected, a process is initiated to log, track, patch and test the fix. An updated code release is provided and Lexmark issues a security advisory if needed.

At Lexmark, reducing exposure to vulnerabilities is our priority so users can focus on what’s important: supporting your customers and moving your business forwards. Learn more about our vulnerability and security advisory process designed to protect your most critical assets.


​  privacy programme

Designed to protect your organisation’s most valuable information

Lexmark's privacy programme, Privacy at Lexmark (P@L), is a robust organisation of over 80 employees at both the corporate and business unit levels. Led by a data protection officer located at Lexmark's headquarters in Lexington, Kentucky, the programme's mission is the creation and maintenance of repeatable processes designed to respect and protect the data privacy of our customers and their users, and to comply with global privacy regulations.

This programme was recently recognised as a CSO50 Award Winner, which recognises organisations that demonstrate outstanding business value and thought leadership for security initiatives.

Learn more now about Lexmark’s security and privacy policies.


​ Security in practice

Industry-leading protection for your output environment

If you are looking for new ways to lock down print security while improving operational performance, it’s time to partner with an expert. Lexmark understands the reality of security threats and responds with a full-spectrum approach that secures your data in every possible way.