Epson, in a code of conduct called “Principles of Corporate Behavior,” states “We will protect the security of people and corporate assets and exercise prudence in handling information, and maintain the security of management resources (corporate assets).” The company has put in place a system for ensuring the security of employees and visitors. Employees recognize the importance of security and follow good security practices. The company’s assets (financial, tangible, intellectual, brand, information, and other assets) are properly managed, and the assets of other parties are respected. We strictly control personal data and confidential information to prevent leaks.
Epson has set forth essential information security principles and rules in a Basic Information Security Policy. The company is building an information security governance framework and fostering a corporate culture that reflect the importance and principles of good information security practices.
Epson’s various business units build and maintain their own information security systems based on Group-wide rules. The senior executive of the company serves as the Group Chief Information Security Officer and promotes the information security governance. Under this organization, the systems and controls of each business unit are internally assessed to check whether information security risks are being managed effectively. A maturity indicator has also been established for information security actions to gauge the maturity level of each business unit. The business units improve their own activities based on the indicator. The department that supervises the information security activities of the Epson Group monitors the activities of the business units and instructs them to make improvements where needed.
In addition to these internal assessments, the Seiko Epson Printing Solutions Operations Division, Wearable Products Operations Division, and DX Division, along with Epson Avasys, have earned and maintain ISO 27001-compliant Information Security Management System (ISMS) certification. They have also earned ISMS Cloud Security Certification (ISO/IEC 27017) so that customers can use services with greater peace of mind. In addition, to raise employee awareness of the importance of information security, we provide online courses in information security, conduct targeted email attack drills across Epson subsidiaries in Asia and Oceania along with sites in Japan, and train managers to assess information security risks. These and similar actions are taken across the global Epson Group.
We have established a grand design that specifies policies concerning cyber security measures to enable us to contend with cyber security threats and respond to attacks, which are becoming increasingly sophisticated and insidious. As references, we used the Cybersecurity Management Guidelines issued by the Ministry of Economy, Trade and Industry and the Cyber Security Framework set up by the US National Institute of Standards and Technology. As part of this effort, we created a Security Operation Center that covers Asia, Europe, and the Americas. The center successfully prevented an incident from materializing by quickly responding to an alert issued in relation to Emotet malware, which circulated heavily in FY2019. We have also installed a new type of anti-virus software on PCs that detects malicious behavior and shuts down attacks of all types before PCs can be exposed to danger. We will continue improving and reinforcing our readiness to the ever-changing threats.
Personal Data Protection
We at Epson are acting to protect the personal data of our customers, business partners, and employees to reward their trust and fulfill our social responsibility. Countries and regions around the world are establishing and amending laws and regulations governing personal data protection and privacy protection. The E.U.’s General Data Protection Regulation (GDPR) is a prominent example. To accurately understand the nature of changes being made, Epson participates in an international privacy protection association and ascertains whether internal rules need to be revised. In addition, Epson Sales Japan and Epson Direct, domestic subsidiaries that handle personal data belonging to customers, manage personal data protection based on the PrivacyMark System. In FY2019, we offered three online courses in personal data protection:
- a course in information security that all officers and employees are required to complete,
- a course for employees who handle personal data on the job, and
- a course concerning the GDPR
Epson has also installed a system that temporarily halts email before it is sent to external recipients. The system asks the sender to confirm whether the mail contains personal data or confidential information that can be sent to external recipients. PCs that store personal identification numbers are also equipped with a tool that records their operations.
Intellectual Property Protection
Epson protects the rights to its proprietary technologies so as to support the smooth and ongoing development of its existing businesses and the development and growth of new businesses. These actions ensure that our IP portfolio contributes to corporate earnings. We also respect the rights of others and implement measures to prevent infringement of those rights.
Anti-Counterfeiting Measures around the World
To protect the trusted Epson brand, we actively seek to seize counterfeit goods and other fraudulent articles that infringe the Epson trademark or our other intellectual property rights before they reach consumers.
We have set up anti-counterfeiting centers around the world that are staffed by people who monitor the goods produced and sold by manufacturers and retailers, and especially e-commerce retailers. We fight counterfeiting in a number of ways. For example, we share information with the police and other enforcement authorities to increase raids on counterfeiters. We educate customs officials to better enable them to recognize counterfeits and block their import and export. We also work with e-commerce site operators to halt the sale of imitation goods that violate our rights. The actions we take stop the distribution of counterfeit goods and help reassure consumers that the goods they buy are genuine Epson brand products.