Basic Information Security Policy

Established on April 1, 2007
Revised on April 1, 2020

Epson's Basic Information Security Policy, established based on the company's Management Philosophy and Principles of Corporate Behavior, describes our information security approach and requirements. Epson Group companies, their officers and their employees must recognize the importance of information security, exercise effective information security governance, and build information security into the corporate culture so that Epson continues to be a company that is trusted by its stakeholders. (Established April 1, 2007)

It is therefore company policy to ensure that:

All information^* used in business activities are recognized as important management assets, and information security activities are treated as a critical management concern.

^* Including customer and other personal information; confidential information relating to sales and marketing, products, technology, production, and know-how, and suppliers; and information systems that store and use such information.
A standard information security policy is established for worldwide operations, information security responsibility and management systems are identified, and a management system capable of protecting and controlling information assets is built.
Information security risks confronted in business activities are appropriately assessed and managed, to justify the trust placed in the company by stakeholders and to keep business.
Continuous training and education are provided to Epson Group companies, their officers and their employees so that security consciousness is integrated into the corporate culture.
A compliance program is developed and implemented to ensure compliance with laws, agreements and regulations related to information security management.
The information security management system is reviewed, maintained and improved on a continuing basis by Epson management.

Yasunori Ogawa
President and CEO
Seiko Epson Corporation