Epson, in a code of conduct called “Principles of Corporate Behavior,” states “We will protect the security of people and corporate assets and exercise prudence in handling information, and maintain the security of management resources (corporate assets).” The company has put in place a system for ensuring the security of employees and visitors. Employees recognize the importance of security and follow good security practices. The company’s assets (financial, tangible, intellectual, brand, information, and other assets) are properly managed, and the assets of other parties are respected. We strictly control personal data and confidential information to prevent leaks.
Epson has set forth essential information security principles and rules in a Basic Information Security Policy. The company is building an information security governance framework and fostering a corporate culture that reflect the importance and principles of good information security practices.
Our business units (including Group companies) build and maintain their own information security systems based on Group-wide rules. Internal evaluations are conducted to assess these systems and controls and to check whether information security risks are under control. We have established six different information security management levels that we use to measure the maturity of each business unit. The business units improve their information security systems based on their current management level. The information security supervisory department monitors the activities of the business units and instructs them to make improvements where needed.
In addition to these internal assessments, the Seiko Epson Printing Solutions Operations Division and DX Division, along with Epson Avasys, have earned and maintain ISO 27001-compliant Information Security Management System (ISMS) certification. They have also earned ISMS Cloud Security Certification (ISO/IEC 27017) so that customers can use services with greater peace of mind. In addition, to raise employee awareness of the importance of information security, we provide online courses in information security, conduct targeted email attack drills, and train managers to assess information security risks. These and similar actions are taken across the global Epson Group.
We have in place a multilayer defense system to protect against cyber security threats. For example, we have installed a web application firewall to protect our public websites from external attacks. We have also installed a new type of anti-virus software on PCs that detects malicious behavior and shuts down attacks of all types before PCs can be exposed to danger.
However, since threats to cyber security are becoming increasingly sophisticated and insidious, we are working with a security consulting firm to identify and shore up any vulnerabilities in our existing security measures.
Personal Data Protection
We at Epson are acting to protect the personal data of our customers, business partners, and employees to reward their trust and fulfill our social responsibility. Countries and regions around the world are establishing and amending laws and regulations governing personal data protection and privacy protection. The E.U.’s General Data Protection Regulation (GDPR) is a prominent example. To accurately understand the nature of changes being made, Epson participates in an international privacy protection association and ascertains whether internal rules need to be revised. In addition, Epson Sales Japan and Epson Direct, domestic subsidiaries that handle personal data belonging to customers, manage personal data protection based on the PrivacyMark System.
In FY2018, we offered three online courses in personal data protection to our employees: (1) a course in information security that all officers and employees are required to complete every year and that covers the basics, such as details about what constitutes personal data; (2) a course for employees who handle personal data on the job, which has been completed by a total of 15,850 individuals as of the end of March 2019; and (3) a course concerning the GDPR, which has been completed by a total of 9,727 individuals as of the end of March 2019.
Epson has also installed a system that temporarily halts email before it is sent to external recipients. The system asks the sender to confirm whether the mail contains personal data or confidential information that can be sent to external recipients. In addition, PCs that store personal identification numbers are monitored for suspicious activity.
Intellectual Property Protection
Epson protects the rights to its proprietary technologies so as to support the smooth and ongoing development of its existing businesses and the development and growth of new businesses. These actions ensure that our IP portfolio contributes to corporate earnings. We also respect the rights of others and implement measures to prevent infringement of those rights.
Anti-Counterfeiting Measures around the World
To protect the trusted Epson brand, we actively seek to seize counterfeit goods and other fraudulent articles that infringe the Epson trademark or our other intellectual property rights before they reach consumers.
We have set up anti-counterfeiting centers around the world that are staffed by people who monitor the goods produced and sold by manufacturers and retailers, and especially e-commerce retailers. We fight counterfeiting in a number of ways. For example, we share information with the police and other enforcement authorities to increase raids on counterfeiters. We educate customs officials to better enable them to recognize counterfeits and block their import and export. We also work with e-commerce site operators to halt the sale of imitation goods that violate our rights. The actions we take stop the distribution of counterfeit goods and help reassure consumers that the goods they buy are genuine Epson brand products.