Information Security

The EIZO Group recognizes its social responsibility to protect and appropriately manage the information and related assets (collectively referred to as “information assets”) acquired through its business activities against various information security threats. By adhering to the following principles and ensuring robust information security, we aim to maintain the trust of all stakeholders involved in our business:

1. We will establish a management framework to maintain information security and appropriately manage information assets. We will also set, implement, and evaluate information security objectives, and continuously improve the management system.
2. We will develop internal regulations based on this basic policy and implement information security measures in accordance with them. We will continuously assess and enhance the effectiveness of these measures.
3. We will implement organizational, technical, human, and physical measures appropriate to the nature of each information asset to prevent incidents such as leakage, falsification, loss, theft, or destruction. In the event of an incident, we will respond promptly and appropriately, investigate the root cause, and take preventive actions to avoid recurrence.
4. We will comply with all applicable laws, regulations, codes, guidelines, and contractual obligations related to information security.
5. We will provide regular and ongoing training to employees to raise awareness of the importance of information security and ensure proper management of information is well understood and firmly embedded throughout the organization.

Mr. Kiyotaka Hira
Senior Operating Officer
General Affairs

May 19, 2022 (Established)

In accordance with the EIZO Group Information Security Policy, the EIZO Group carries out the following initiatives:

• Monitoring legal and regulatory developments, as well as guidelines in each country and region, and updating internal systems to ensure compliance
• Raising employee awareness through education and training programs
• Conducting risk assessments
• Performing vulnerability assessments
• Responding to information security incidents and implementing corrective measures
• Information Security Committee Activities: monitoring the progress of information security activities

To enhance awareness of information security and strengthen the ability to respond to a wide range of external threats, the EIZO Group regularly conducts the following training programs:

• Information security training for all employees, including executives
• Cybersecurity drills, such as targeted email attack (spear-phishing) simulations
• Training on information security risk assessment

The EIZO Group has established a Personal Data Protection Policy and internal management rules aligned with the General Data Protection Regulation (GDPR) of the European Union. We have developed a personal data protection framework and appropriately manage the personal data we hold.
These policies and regulations are communicated throughout the organization via various training and educational programs.
To ensure compliance with relevant laws and regulations in accordance with our policies, we also undergo third-party audits based on the requirements of ISO/IEC 27001, the international standard for information security management.
In the event of a confirmed or suspected data breach involving personal information held by the EIZO Group, the matter is promptly reported to the Chief Privacy Officer under our Information Security Management System.
A process is in place to immediately assess the facts and impact of the incident and report to relevant authorities such as the Personal Information Protection Commission.
In FY2021, a third party unlawfully used an employee’s email account to send targeted phishing emails. Upon receiving a report from an employee, our CSIRT (Computer Security Incident Response Team) responded swiftly to contain the incident and prevent further damage. A risk assessment was subsequently conducted, and measures were implemented to prevent recurrence.

To address increasingly sophisticated cybersecurity threats and attacks, the EIZO Group has formulated a medium-term plan that outlines its cybersecurity policies.
This plan is based on Japan’s “Cybersecurity Management Guidelines” issued by the Ministry of Economy, Trade and Industry (METI), as well as the Cybersecurity Framework (CSF) developed by the U.S. National Institute of Standards and Technology (NIST).
As part of our efforts to strengthen these measures, we have implemented a Security Operation Center (SOC) that monitors internet communications 24 hours a day, 365 days a year.
This system enables us to detect and respond to cyberattacks or suspicious activities at an early stage, thereby minimizing potential damage.
Additionally, we conduct incident response drills based on real-world scenarios to review and refine our response procedures.

ISMS (Information Security Management System) Certification (As of April 2025)