Security
Epson, in a code of conduct called "Principles of Corporate Behavior," states "We protect the security of people and company assets, and we exercise strict care in the management of all information." The company has put in place a system for ensuring the security of employees and visitors. Employees recognize the importance of security and follow good security practices. The company's assets (financial, tangible, intellectual, brand, information, and other assets) are properly managed, and the assets of other parties are respected. We strictly control personal data and confidential information to prevent leaks.
Information Security
Epson has set forth essential information security principles and rules in the Epson Group Basic Information Security Policy. The company is building an information security governance framework and fostering a corporate culture that reflect the importance and principles of good information security practices.
Information Security Framework
Epson has a system in which each business unit is responsible for establishing and maintaining its information security framework based on standard Group-wide regulations under the governance of Chief Information Security Officer (Group CISO). Under this system, the systems and controls of each business unit are internally assessed to check whether information security risks are being managed effectively.

Program
Epson conducts the following programs in line with the Epson Group Basic Information Security Policy:
・Programs to maintain compliance by revising internal systems and understanding the trends in laws, regulations, and guidelines of nations and regions
・Programs to raise awareness and educate employees
・Risk assessments
Cyber Security
To deal with increasingly sophisticated cyber security threats and attacks, we have established a medium-term plan that defines our cybersecurity strategy on a global level and are strengthening our countermeasures. For reference, we have used the Cyber Security Management Guidelines of the Ministry of Economy of Japan, Trade and Industry and the Cybersecurity Framework developed by the U.S. National Institute of Standards and Technology.
As part of this effort, we have established a 24/7 security monitoring system, enabling a rapid response to alerts related to malware, including ransomware. We also use case studies of past incidents as training material and revise our response procedures accordingly.
We continue to improve and reinforce our cyber security. To detect cyberattacks as early as possible and to minimize potential damage, we have introduced managed detection and response (MDR), a service that monitors IT equipment and networks and detects and responds to suspicious behavior.
Training
The following training programs are implemented to increase employees' information security awareness and ability to respond to various external threats:
・An information security course that all officers and employees are required to complete
・A training on responding to targeted e-mail attacks
・Risk assessment education for managers
・Inspection programs that check whether the company's information security is improving
Personal Data Protection
Laws and regulations related to personal data protection and privacy protection are being enacted and revised in various countries and regions, including the EU General Data Protection Regulation (GDPR). Epson accurately collects and understands the requirements for personal data protection and reviews its internal rules.
To fulfill our social responsibility and meet the trust of our customers, business partners, and employees, Epson is engaged in personal data protection activities company-wide.
Basic Approach to Personal Data Protection
Internal regulations at Epson require us to establish controls based on the 11 principles outlined in ISO/IEC 29100. Group companies furthermore establish their own Privacy Statements and Privacy Policies based on laws and regulations in their own countries and publish them on their national websites.
Personal Data Management Framework
At Epson, personal data is part of our information security and we work to protect it with our information security organization and systems.
Training
Epson trains its employees on data handling rules and the importance of personal data protection in accordance with the type and level of personal data.
・A course for employees who handle personal data
・Online courses regarding Europe's General Data Protection Regulation
List of Certifications
Information Security Management System (ISMS) Certification (As of December 2024)
Name of organization | Seiko Epson Corporation |
---|---|
Certification standard | ISO/IEC 27001:2022 / JIS Q 27001:2023 |
Scope of certification and registration | The following business in DX Division - Operation management of cloud service to accounts business - Operation management of common platform - Operation management of health guidance service The following business in Printing Solutions Division - Operation management of cloud print and scan service - Operation management of remote monitoring system |
Certification body | BSI Group Japan Co., Ltd. |
Certification registration No. | IS 507352 |
Name of organization | Epson Avasys Corporation |
---|---|
Certification standard | ISO/IEC 27001:2022 / JIS Q 27001:2023 |
Scope of certification and registration | - The embedded software development and application development for IT devices - The related technical documentation and translation - The quality evaluation for IT devices and application software - The system development, quality evaluation, operation, and maintenance for business application - The technical development and support for core network, servers, and information systems - The technical development and support for cloud services - The system engineering services |
Certification body | BSI Group Japan Co., Ltd. |
Certification registration No. | IS 85200 |
ISMS Cloud Security Certification (As of December 2024)
Name of organization | Epson Avasys Corporation |
---|---|
Certification standard | JIP-ISMS517-1.0 (ISO/IEC 27017:2015) |
Scope of certification and registration | ISO/IEC27001 (JIS Q 27001) Certificate Number: IS 85200 ISMS Cloud Security Management System for the development, operation, and maintenance as a cloud service provider of "commutas", and for the use as a cloud service customer of Amazon Web Services for "commutas". |
Certification body | BSI Group Japan Co., Ltd. |
Certification registration No. | CLOUD 806539 |
Privacy Mark (As of December 2024)
Name of organization | Epson Sales Japan Corporation |
---|---|
Certification standard | JIS Q15001 |
Assessment body | Software Association of Japan (SAJ) |
Registration No. | 10520010 |
Name of organization | Epson Direct Corporation |
---|---|
Certification standard | JIS Q15001 |
Assessment body | Japan Institute for Promotion of Digital Economy and Community (JIPDEC) |
Registration No. | 10580040 |
Intellectual Property Protection
Epson believes that it is important to “Convert intellectual property (IP) in the broad sense (as well as IP rights, this includes assets like brands and data) into assets that drive sustainable growth of Epson’s value.” Under this belief, to achieve sustainability and enrich communities, which is the aim of our corporate vision, the Intellectual Property Division works closely with management, operations divisions, and development and strategy departments, converts IP into value by proactively utilizing all IP, and enhances Epson’s value and supports the realization of its sustainable growth by tirelessly engaging in such activities. We also respect the rights of third parties, and are committed to the protection of their intellectual property rights. We also respect the rights of others and implement measures to prevent infringement of those rights.