Information Security

The EIZO Group recognizes its social responsibility to protect and appropriately manage the information and related assets (collectively referred to as “information assets”) acquired through its business activities against various information security threats. By adhering to the following principles and ensuring robust information security, we aim to maintain the trust of all stakeholders involved in our business:

1. Maintain a management framework that ensures information security and the appropriate handling of information assets. Define, implement, and evaluate information security objectives, with continual improvement of the management system.
2. Internal regulations are developed based on this basic policy, and information security measures are implemented accordingly. The effectiveness of these measures is continuously assessed and enhanced.
3. Organizational, technical, human, and physical measures appropriate to the nature of each information asset are applied to prevent incidents such as leakage, falsification, loss, theft, or destruction. In the event of an incident, prompt and appropriate response will be taken, including root cause analysis and implementation of preventive measures to avoid recurrence.
4. Compliance with all applicable laws, regulations, codes, guidelines, and contractual obligations related to information security.
5. Regular and ongoing training is provided to Officers and employees to raise awareness of the importance of information security and to ensure proper information management is understood and embedded throughout the organization.

Mr. Kiyotaka Hira
Senior Operating Officer
General Affairs

May 19, 2022 (Established)
July 25, 2025 (Revised)

In accordance with the EIZO Group Information Security Policy, the EIZO Group carries out the following initiatives:

• Monitor legal regulations and guideline trends across each country and region, ensuring compliance through internal system updates
• Improve awareness, provide education, and conduct training sessions for executives and employees
• Perform risk assessments annually and as needed
• Conduct annual vulnerability assessments
• Perform internal audits on an annual basis
• Respond to incidents promptly and implement appropriate corrective measures
• Monitor the progress of information security initiatives via regular meetings of the 'Information Security Committee'

To enhance information security awareness and improve our capacity to address various external threats, we regularly conduct the following training programs:

• Information security training for all employees, including executive leadership
• Cybersecurity awareness training with spear-phishing simulation
• Information security risk assessment training
• Incident escalation and reporting training

The EIZO Group has established a Personal Data Protection Policy and internal management rules aligned with the General Data Protection Regulation (GDPR) of the European Union. We have developed a personal data protection framework and appropriately manage the personal data we hold.
These policies and regulations are communicated throughout the organization via various training and educational programs.
To ensure compliance with relevant laws and regulations in accordance with our policies, we also undergo third-party audits based on the requirements of ISO/IEC 27001, the international standard for information security management.
In the event of a confirmed or suspected data breach involving personal information held by the EIZO Group, the matter is promptly reported to the Chief Privacy Officer under our Information Security Management System.
A process is in place to immediately assess the facts and impact of the incident and report to relevant authorities such as the Personal Information Protection Commission.
In FY2021, a third party unlawfully used an employee’s email account to send targeted phishing emails. Upon receiving a report from an employee, our CSIRT (Computer Security Incident Response Team) responded swiftly to contain the incident and prevent further damage. A risk assessment was subsequently conducted, and measures were implemented to prevent recurrence.

To address increasingly sophisticated cybersecurity threats and attacks, the EIZO Group has formulated a medium-term plan that outlines its cybersecurity policies.
This plan is based on Japan’s “Cybersecurity Management Guidelines” issued by the Ministry of Economy, Trade and Industry (METI), as well as the Cybersecurity Framework (CSF) developed by the U.S. National Institute of Standards and Technology (NIST).
As part of our efforts to strengthen these measures, we have implemented a Security Operation Center (SOC) that monitors internet communications 24 hours a day, 365 days a year.
This system enables us to detect and respond to cyberattacks or suspicious activities at an early stage, thereby minimizing potential damage.
Additionally, we conduct incident response drills based on real-world scenarios to review and refine our response procedures.

ISMS (Information Security Management System) Certification (As of October 2025)