Organizational Governance

Security

Epson, in a code of conduct called “Principles of Corporate Behavior,” states “We protect the security of people and company assets, and we exercise strict care in the management of all information.” The company has put in place a system for ensuring the security of employees and visitors. Employees recognize the importance of security and follow good security practices. The company’s assets (financial, tangible, intellectual, brand, information, and other assets) are properly managed, and the assets of other parties are respected. We strictly control personal data and confidential information to prevent leaks.


Information Security

Epson has set forth essential information security principles and rules in a Basic Information Security Policy. The company is building an information security governance framework and fostering a corporate culture that reflect the importance and principles of good information security practices.


Information Security Framework

Epson’s various business units build and maintain their own information security systems based on Group-wide rules. The senior executive of the company serves as the Group Chief Information Security Officer and promotes the information security governance. Under this organization, the systems and controls of each business unit are internally assessed to check whether information security risks are being managed effectively. A maturity indicator has also been established for information security actions to gauge the maturity level of each business unit.

Program

Epson conducts the following programs in line with the Epson Group Basic Information Security Policy:

  • Programs to maintain compliance by revising internal systems and understanding the trends in laws, regulations, and guidelines of nations and regions
  • Programs to raise awareness and educate employees
  • Risk assessments


Cyber Security

We have established a grand design that specifies policies concerning cyber security measures to enable us to contend with cyber security threats and respond to attacks, which are becoming increasingly sophisticated and insidious. As references, we used the Cybersecurity Management Guidelines issued by the Ministry of Economy, Trade and Industry and the Cyber Security Framework set up by the US National Institute of Standards and Technology.

As part of this effort, we have begun running a Security Operation Center that covers Asia, Europe, and the Americas. This center responds swiftly to attacks by malware, including ransomware. It also uses case studies of past incidents as training material and revises procedures on how to respond.

We have also installed a new type of anti-malware software on PCs that detects malicious behavior and shuts down attacks of all types before PCs can be exposed to danger. We will continue improving and reinforcing our readiness to the ever-changing threats.

Training

The following training programs are implemented to increase employees' information security awareness and ability to respond to various external threats:

  • An information security course that all officers and employees are required to complete
  • A training on responding to targeted e-mail attacks
  • Risk assessment education for managers
  • Inspection programs that check whether the company’s information security is improving


Personal Data Protection

We at Epson are acting to protect the personal data of our customers, business partners, and employees to reward their trust and fulfill our social responsibility. Countries and regions around the world are establishing and amending laws and regulations governing personal data protection and privacy protection. The E.U.’s General Data Protection Regulation (GDPR) is a prominent example.

Epson is part of the Japan Electronics and Information Technology Industries Association and reviews its internal rules to identify necessary revisions regarding the protection of personal data.

Basic Approach to Personal Data Protection

Internal regulations at Epson require us to establish controls based on the 11 principles outlined in ISO/IEC 29100. Group companies furthermore establish their own Privacy Statements and Privacy Policies based on laws and regulations in their own countries and publish them on their national websites.

Personal Data Management Framework

At Epson, personal data is part of our information security and we work to protect it with our information security organization and systems.

Training

Epson trains its employees on data handling rules and the importance of personal data protection in accordance with the type and level of personal data.

  • A course for employees who handle personal data
  • Online courses regarding Europe’s General Data Protection Regulation


List of certifications

Information Security Management System (ISMS) Certification

Name of organization Seiko Epson Corporation
Certification standard ISO/IEC 27001:2013 / JIS Q 27001:2014
Scope of certification and registration

The following business in DX Division
 - Operation management of cloud service to accounts business
 - Operation management of common platform
 - Operation management of subscription platform

The following business in Printing Solutions Division
 - Operation management of cloud print and scan service
 - Operation management of remote monitoring system

The following business in VSM Project
 - Operation management of health guidance

Certifying organization BSI Group Japan Co., Ltd.
Certification registration No. IS 507352
Name of organization Epson Avasys Corporation
Certification standard ISO/IEC 27001:2013 / JIS Q 27001:2014
Scope of certification and registration -The embedded software development and application development for IT devices
-The Technical documentation and translation for the above-mentioned IT related products and services
-The Quality evaluation for IT devices and application software
-The Business application system development
-The Operation and administration of internal backbone network, servers, and information systems
Certifying organization BSI Group Japan Co., Ltd.
Certification registration No. IS 85200


ISMS Cloud Security Certification

Name of organization Seiko Epson Corporation
Certification standard JIP-ISMS517-1.0 (ISO/IEC 27017:2015)
Scope of certification and registration ISO/IEC27001 (JIS Q 27001) Certificate Number:IS 507352 The ISMS cloud security management system for the provision of "Common platform services"(AWS) operation as a cloud service provider and for the use of Amazon Web services as a cloud service customer
Certifying organization BSI Group Japan Co., Ltd.
Certification registration No. CLOUD 688933


Privacy Mark

Name of organization Epson Sales Japan Corporation
Certification standard JIS Q 15001
Period of validity April 12, 2021 to April 11, 2023
Certifying organization The Association of Computer Software
Certification registration No. No. 10520010 (09)
Name of organization Epson Direct Corporation
Certification standard JIS Q 15001
Period of validity December 12, 2020 to December 11, 2022
Certifying organization BJapan Institute for Promotion of Digital Economy and Community
Certification registration No. No. 10580040 (08)


Intellectual Property Protection

Epson protects the rights to its proprietary technologies so as to support the smooth and ongoing development of its existing businesses and the development and growth of new businesses. These actions ensure that our IP portfolio contributes to corporate earnings. We also respect the rights of others and implement measures to prevent infringement of those rights.

Anti-Counterfeiting Measures around the World

To protect the trusted Epson brand, we actively seek to seize counterfeit goods and other fraudulent articles that infringe the Epson trademark or our other intellectual property rights before they reach consumers.

We have set up anti-counterfeiting centers around the world that are staffed by people who monitor the goods produced and sold by manufacturers and retailers, and especially e-commerce retailers. We fight counterfeiting in a number of ways. For example, we share information with the police and other enforcement authorities to increase raids on counterfeiters. We educate customs officials to better enable them to recognize counterfeits and block their import and export. We also work with e-commerce site operators to halt the sale of imitation goods that violate our rights. The actions we take stop the distribution of counterfeit goods and help reassure consumers that the goods they buy are genuine Epson brand products.

Participating in an IP protection conference
organized by customs officials in China
Educating customs officials and police
about real and counterfeit goods in the UAE
Educating customs officials
about real and counterfeit goods in Japan

Links for Intellectual Property-Related Activities