Security
Epson, in a code of conduct called "Principles of Corporate Behavior," states "We protect the security of people and company assets, and we exercise strict care in the management of all information." The company has put in place a system for ensuring the security of employees and visitors. Employees recognize the importance of security and follow good security practices. The company's assets (financial, tangible, intellectual, brand, information, and other assets) are properly managed, and the assets of other parties are respected. We strictly control personal data and confidential information to prevent leaks.
Information Security
Epson has set forth essential information security principles and rules in a Basic Information Security Policy. The company is building an information security governance framework and fostering a corporate culture that reflect the importance and principles of good information security practices.
Information Security Framework
Epson's various business units build and maintain their own information security systems based on Group-wide rules. The senior executive of the company serves as the Group Chief Information Security Officer and promotes the information security governance. Under this organization, the systems and controls of each business unit are internally assessed to check whether information security risks are being managed effectively. A maturity indicator has also been established for information security actions to gauge the maturity level of each business unit.
Program
Epson conducts the following programs in line with the Epson Group Basic Information Security Policy:
- Programs to maintain compliance by revising internal systems and understanding the trends in laws, regulations, and guidelines of nations and regions
- Programs to raise awareness and educate employees
- Risk assessments
Cyber Security
To deal with increasingly sophisticated cyber security threats and attacks, we have established a medium-term plan that defines our policy on cyber security measures on a global level and are strengthening our countermeasures. For reference, we have used the "Cyber Security Management Guidelines" of the Ministry of Economy of Japan, Trade and Industry and the "Cyber Security Framework" developed by the U.S. National Institute of Standards and Technology.
As part of this effort, we have begun monitoring cyberattacks, and are responding promptly to alerts regarding malware, including ransomware. We also use case studies of past incidents as training material and revise our response procedures accordingly.
We continue to improve and reinforce our cyber security. To detect cyberattacks as early as possible and to minimize potential damage, we have introduced managed detection and response (MDR), a service that monitors computers and networks and detects and responds to suspicious behavior.
Training
The following training programs are implemented to increase employees' information security awareness and ability to respond to various external threats:
- An information security course that all officers and employees are required to complete
- A training on responding to targeted e-mail attacks
- Risk assessment education for managers
- Inspection programs that check whether the company's information security is improving
Personal Data Protection
We at Epson are acting to protect the personal data of our customers, business partners, and employees to reward their trust and fulfill our social responsibility. Countries and regions around the world are establishing and amending laws and regulations governing personal data protection and privacy protection. The E.U.'s General Data Protection Regulation (GDPR) is a prominent example.
Epson is part of the Japan Electronics and Information Technology Industries Association and reviews its internal rules to identify necessary revisions regarding the protection of personal data.
Basic Approach to Personal Data Protection
Internal regulations at Epson require us to establish controls based on the 11 principles outlined in ISO/IEC 29100. Group companies furthermore establish their own Privacy Statements and Privacy Policies based on laws and regulations in their own countries and publish them on their national websites.
Personal Data Management Framework
At Epson, personal data is part of our information security and we work to protect it with our information security organization and systems.
Training
Epson trains its employees on data handling rules and the importance of personal data protection in accordance with the type and level of personal data.
- A course for employees who handle personal data
- Online courses regarding Europe's General Data Protection Regulation
List of certifications
Information Security Management System (ISMS) Certification (As of June 2024)
| Name of organization | Seiko Epson Corporation |
|---|---|
| Certification standard | ISO/IEC 27001:2013 / JIS Q 27001:2014 |
| Scope of certification and registration |
The following business in DX Division The following business in VSM Project |
| Certifying organization | BSI Group Japan Co., Ltd. |
| Certification registration No. | IS 507352 |
| Name of organization | Epson Avasys Corporation |
|---|---|
| Certification standard | ISO/IEC 27001:2013 / JIS Q 27001:2014 |
| Scope of certification and registration | -The embedded software development and application development for IT devices -The Technical documentation and translation for the above-mentioned IT related products and services -The Quality evaluation for IT devices and application software -The Business application system development -The Operation and administration of internal backbone network, servers, and information systems |
| Certifying organization | BSI Group Japan Co., Ltd. |
| Certification registration No. | IS 85200 |
Privacy Mark (As of June 2024)
| Name of organization | Epson Sales Japan Corporation |
|---|---|
| Certification standard | JIS Q 15001 |
| Period of validity | April 12, 2021 to April 11, 2023 |
| Certifying organization | The Association of Computer Software |
| Certification registration No. | No. 10520010 (09) |
| Name of organization | Epson Direct Corporation |
|---|---|
| Certification standard | JIS Q 15001 |
| Period of validity | December 12, 2020 to December 11, 2022 |
| Certifying organization | BJapan Institute for Promotion of Digital Economy and Community |
| Certification registration No. | No. 10580040 (08) |
Intellectual Property Protection
Epson protects the rights to its proprietary technologies so as to support the smooth and ongoing development of its existing businesses and the development and growth of new businesses. These actions ensure that our IP portfolio contributes to corporate earnings. We also respect the rights of others and implement measures to prevent infringement of those rights.
Official Account
