Epson, in a code of conduct called "Principles of Corporate Behavior," states "We protect the security of people and company assets, and we exercise strict care in the management of all information." The company has put in place a system for ensuring the security of employees and visitors. Employees recognize the importance of security and follow good security practices. The company's assets (financial, tangible, intellectual, brand, information, and other assets) are properly managed, and the assets of other parties are respected. We strictly control personal data and confidential information to prevent leaks.

Information Security

Epson has set forth essential information security principles and rules in a Basic Information Security Policy. The company is building an information security governance framework and fostering a corporate culture that reflect the importance and principles of good information security practices.

Information Security Framework

Epson's various business units build and maintain their own information security systems based on Group-wide rules. The senior executive of the company serves as the Group Chief Information Security Officer and promotes the information security governance. Under this organization, the systems and controls of each business unit are internally assessed to check whether information security risks are being managed effectively. A maturity indicator has also been established for information security actions to gauge the maturity level of each business unit.


Epson conducts the following programs in line with the Epson Group Basic Information Security Policy:

  • Programs to maintain compliance by revising internal systems and understanding the trends in laws, regulations, and guidelines of nations and regions
  • Programs to raise awareness and educate employees
  • Risk assessments

Cyber Security

To deal with increasingly sophisticated cyber security threats and attacks, we have established a medium-term plan that defines our policy on cyber security measures on a global level and are strengthening our countermeasures. For reference, we have used the "Cyber Security Management Guidelines" of the Ministry of Economy of Japan, Trade and Industry and the "Cyber Security Framework" developed by the U.S. National Institute of Standards and Technology.

As part of this effort, we have begun monitoring cyberattacks, and are responding promptly to alerts regarding malware, including ransomware. We also use case studies of past incidents as training material and revise our response procedures accordingly.
We have installed a new type of anti-malware software on PCs that detects malicious behavior and shuts down attacks of all types before PCs can be exposed to danger. We will continue improving and reinforcing our readiness to the ever-changing threats.


The following training programs are implemented to increase employees' information security awareness and ability to respond to various external threats:

  • An information security course that all officers and employees are required to complete
  • A training on responding to targeted e-mail attacks
  • Risk assessment education for managers
  • Inspection programs that check whether the company's information security is improving

Personal Data Protection

We at Epson are acting to protect the personal data of our customers, business partners, and employees to reward their trust and fulfill our social responsibility. Countries and regions around the world are establishing and amending laws and regulations governing personal data protection and privacy protection. The E.U.'s General Data Protection Regulation (GDPR) is a prominent example.

Epson is part of the Japan Electronics and Information Technology Industries Association and reviews its internal rules to identify necessary revisions regarding the protection of personal data.

Basic Approach to Personal Data Protection

Internal regulations at Epson require us to establish controls based on the 11 principles outlined in ISO/IEC 29100. Group companies furthermore establish their own Privacy Statements and Privacy Policies based on laws and regulations in their own countries and publish them on their national websites.

Personal Data Management Framework

At Epson, personal data is part of our information security and we work to protect it with our information security organization and systems.


Epson trains its employees on data handling rules and the importance of personal data protection in accordance with the type and level of personal data.

  • A course for employees who handle personal data
  • Online courses regarding Europe's General Data Protection Regulation

List of certifications

Information Security Management System (ISMS) Certification (As of August 2023)

Name of organization Seiko Epson Corporation
Certification standard ISO/IEC 27001:2013 / JIS Q 27001:2014
Scope of certification and registration

The following business in DX Division
 - Operation management of cloud service to accounts business
 - Operation management of common platform
The following business in Printing Solutions Division
 - Operation management of cloud print and scan service
 - Operation management of remote monitoring system

The following business in VSM Project
- Operation management of health guidance

Certifying organization BSI Group Japan Co., Ltd.
Certification registration No. IS 507352

Name of organization Epson Avasys Corporation
Certification standard ISO/IEC 27001:2013 / JIS Q 27001:2014
Scope of certification and registration -The embedded software development and application development for IT devices
-The Technical documentation and translation for the above-mentioned IT related products and services
-The Quality evaluation for IT devices and application software
-The Business application system development
-The Operation and administration of internal backbone network, servers, and information systems
Certifying organization BSI Group Japan Co., Ltd.
Certification registration No. IS 85200

Privacy Mark (As of June 2023)

Name of organization Epson Sales Japan Corporation
Certification standard JIS Q 15001
Period of validity April 12, 2021 to April 11, 2023
Certifying organization The Association of Computer Software
Certification registration No. No. 10520010 (09)

Name of organization Epson Direct Corporation
Certification standard JIS Q 15001
Period of validity December 12, 2020 to December 11, 2022
Certifying organization BJapan Institute for Promotion of Digital Economy and Community
Certification registration No. No. 10580040 (08)

Intellectual Property Protection

Epson protects the rights to its proprietary technologies so as to support the smooth and ongoing development of its existing businesses and the development and growth of new businesses. These actions ensure that our IP portfolio contributes to corporate earnings. We also respect the rights of others and implement measures to prevent infringement of those rights.