Security
Epson, in a code of conduct called "Principles of Corporate Behavior," states "We protect the security of people and company assets, and we exercise strict care in the management of all information." The company has put in place a system for ensuring the security of employees and visitors. Employees recognize the importance of security and follow good security practices. The company's assets (financial, tangible, intellectual, brand, information, and other assets) are properly managed, and the assets of other parties are respected. We strictly control personal data and confidential information to prevent leaks.
Information Security
Epson has set forth essential information security principles and rules in a Basic Information Security Policy. The company is building an information security governance framework and fostering a corporate culture that reflect the importance and principles of good information security practices.
Information Security Framework
Epson's various business units build and maintain their own information security systems based on Group-wide rules. The senior executive of the company serves as the Group Chief Information Security Officer and promotes the information security governance. Under this organization, the systems and controls of each business unit are internally assessed to check whether information security risks are being managed effectively. A maturity indicator has also been established for information security actions to gauge the maturity level of each business unit.
Program
Epson conducts the following programs in line with the Epson Group Basic Information Security Policy:
- Programs to maintain compliance by revising internal systems and understanding the trends in laws, regulations, and guidelines of nations and regions
- Programs to raise awareness and educate employees
- Risk assessments
Cyber Security
To deal with increasingly sophisticated cyber security threats and attacks, we have established a medium-term plan that defines our policy on cyber security measures on a global level and are strengthening our countermeasures. For reference, we have used the "Cyber Security Management Guidelines" of the Ministry of Economy of Japan, Trade and Industry and the "Cyber Security Framework" developed by the U.S. National Institute of Standards and Technology.
As part of this effort, we have begun monitoring cyberattacks, and are responding promptly to alerts regarding malware, including ransomware. We also use case studies of past incidents as training material and revise our response procedures accordingly.
We continue to improve and reinforce our cyber security. To detect cyberattacks as early as possible and to minimize potential damage, we have introduced managed detection and response (MDR), a service that monitors computers and networks and detects and responds to suspicious behavior.
Training
The following training programs are implemented to increase employees' information security awareness and ability to respond to various external threats:
- An information security course that all officers and employees are required to complete
- A training on responding to targeted e-mail attacks
- Risk assessment education for managers
- Inspection programs that check whether the company's information security is improving
Personal Data Protection
We at Epson are acting to protect the personal data of our customers, business partners, and employees to reward their trust and fulfill our social responsibility. Countries and regions around the world are establishing and amending laws and regulations governing personal data protection and privacy protection. The E.U.'s General Data Protection Regulation (GDPR) is a prominent example.
Epson is part of the Japan Electronics and Information Technology Industries Association and reviews its internal rules to identify necessary revisions regarding the protection of personal data.
Basic Approach to Personal Data Protection
Internal regulations at Epson require us to establish controls based on the 11 principles outlined in ISO/IEC 29100. Group companies furthermore establish their own Privacy Statements and Privacy Policies based on laws and regulations in their own countries and publish them on their national websites.
Personal Data Management Framework
At Epson, personal data is part of our information security and we work to protect it with our information security organization and systems.
Training
Epson trains its employees on data handling rules and the importance of personal data protection in accordance with the type and level of personal data.
- A course for employees who handle personal data
- Online courses regarding Europe's General Data Protection Regulation
List of Certifications
Information Security Management System (ISMS) Certification (As of December 2024)
| Name of organization | Seiko Epson Corporation |
|---|---|
| Certification standard | ISO/IEC 27001:2022 / JIS Q 27001:2023 |
| Scope of certification and registration |
The following business in DX Division |
| Certification body | BSI Group Japan Co., Ltd. |
| Certification registration No. | IS 507352 |
| Name of organization | Epson Avasys Corporation |
|---|---|
| Certification standard | ISO/IEC 27001:2022 / JIS Q 27001:2023 |
| Scope of certification and registration | - The embedded software development and application development for IT devices - The related technical documentation and translation - The quality evaluation for IT devices and application software - The system development, quality evaluation, operation, and maintenance for business application - The technical development and support for core network, servers, and information systems - The technical development and support for cloud services - The system engineering services |
| Certification body | BSI Group Japan Co., Ltd. |
| Certification registration No. | IS 85200 |
ISMS Cloud Security Certification (As of December 2024)
| Name of organization | Epson Avasys Corporation |
|---|---|
| Certification standard | JIP-ISMS517-1.0 (ISO/IEC 27017:2015) |
| Scope of certification and registration | ISO/IEC27001 (JIS Q 27001) Certificate Number: IS 85200 ISMS Cloud Security Management System for the development, operation, and maintenance as a cloud service provider of "commutas", and for the use as a cloud service customer of Amazon Web Services for "commutas". |
| Certification body | BSI Group Japan Co., Ltd. |
| Certification registration No. | CLOUD 806539 |
Privacy Mark (As of December 2024)
| Name of organization | Epson Sales Japan Corporation |
|---|---|
| Certification standard | JIS Q 15001 |
| Assessment body | Software Association of Japan (SAJ) |
| Registration No. | 10520010 |
| Name of organization | Epson Direct Corporation |
|---|---|
| Certification standard | JIS Q 15001 |
| Assessment body | Japan Institute for Promotion of Digital Economy and Community(JIPDEC) |
| Registration No. | 10580040 |
Intellectual Property Protection
Epson protects the rights to its proprietary technologies so as to support the smooth and ongoing development of its existing businesses and the development and growth of new businesses. These actions ensure that our IP portfolio contributes to corporate earnings. We also respect the rights of others and implement measures to prevent infringement of those rights.
Official Account
