Epson Security Statement

・IPsec/IP filtering (Security Architecture for Internet Protocol/Internet Protocol filtering) IPsec protocol encrypts communications between the printer and a computer or user, protecting the data from leaking. IP filtering determines if the incoming communication is correct based on the IP address and prevents unauthorized access by filtering out the incoming communication from unauthorized terminal devices.

・IEEE 802.1X authentication Our devices support IEEE 802.1X, an authentication standard that prevents unauthorized devices from being able to connect to a LAN network. It allows using the device in a network environment requiring high security.

・Enabling/disabling the computer's USB connection USB access from a computer to the device can be disabled.

・Enabling/disabling external memory interfaces Memory card or USB memory interfaces can be disabled.

・Addressing virus intrusions through USB memory Since there is no functionality to run a program from a USB memory, there is no risk of viruses being transmitted from a USB memory to the device.

・Password-protected printing This feature enables printing only when password is entered directly on the device. Using this feature prevents data leaks that result from unauthorized browsing of the documents in the printer output bin.

・Watermark printing This feature enables the creation of original documents with embedded watermark patterns. If someone attempts to copy or scan these documents, words such as “copy” or “duplicate” will appear, helping to reduce unauthorized use.

・Stamp mark feature It allows superimposing stamp marks, such as “Classified” or “Important,” on documents when printing. Reminding the recipient of the importance of being cautious when handling the document can minimize unauthorized use.

・ Encrypted PDF Scanned data can be converted into an encrypted PDF file. It prevents unauthorized third parties from browsing scanned documents.

・Address book protection Requiring an administrator password for bulk editing of the address book on the device helps prevent data leaks and unauthorized data tampering. Moreover, batch export is saved as an encrypted file, preventing any leakage of fax numbers, email addresses, and other personal information during operations such as replacing the device or performing a backup.

・Handling document data for processing on the device Print, copy, and scan data is temporarily stored on the device but is deleted after the target job completion or if the device loses power.

・Password encryption All the important customer passwords stored in the device are encrypted to protect them from leakage.

・Panel lock When using the panel lock feature, the administrator password will be required to change any settings through the device control panel. Making it impossible to access the settings screen directly prevents configuration changes by users in environments such as open offices or public facilities.

・Limited user access It is possible to limit which functions (print, copy, scan, fax, box) are available to each user. Additionally, after logging in to the control panel, the user will be automatically logged out after a certain period of inactivity.

・Authenticated printing and authenticated scanning With the Epson Print Admin or Epson Print Admin Serverless option, it is possible to use an IC card or another authentication device to ensure that printing or scanning is performed in front of an authorized person. This helps prevent the misplacement of printed documents and information leaks from printed and scanned materials.

・Device initialization When disposing of or transferring a device to another party, all the configurations and data stored in the device can be reset to factory defaults in order to prevent leakage of confidential information.

・Enabling/disabling USB connection to a computer USB access from a computer to the device can be disabled.

・Addressing virus intrusions through USB memory Since there is no functionality to run a program from a USB memory, there is no risk of viruses being transmitted from a USB memory to the device.

・Password-protected printing This feature enables printing only when password is entered directly on the device. Using this feature prevents data leaks that result from unauthorized browsing of the documents in the printer output bin.

・Watermark printing This feature enables the creation of original documents with embedded watermark patterns. If someone attempts to copy or scan these documents, words such as “copy” or “duplicate” will appear, helping to reduce unauthorized use.

・Stamp mark feature It allows superimposing stamp marks, such as “Classified” or “Important,” on documents when printing. Reminding the recipient of the importance of being cautious when handling the document can minimize unauthorized use.

・Handling document data for processing on the device Print, copy, and scan data is temporarily stored on the device but is deleted after the target job completion or if the device loses power.

・Password encryption All the important passwords stored in the device are encrypted to protect them from leakage.

・Panel lock When using the panel lock feature, the administrator password will be required to change any settings through the device control panel. Making it impossible to access the settings screen directly prevents configuration changes by users in environments such as open offices or public facilities.

・Device initialization When disposing of or transferring a device to another party, all the configurations and data stored in the device can be reset to factory defaults in order to prevent leakage of confidential information.

・Password encryption and password policies The customer password saved in the device is encrypted to protect it from leaks. This password is required to set the device network and TM-i functions.

・Disposal of receipt data The receipt data (print data), used for business operations, is deleted after printing to protect your clients’ purchase data from leaks and tampering. However, the customized settings and information, such as your company’s logo and coupon data, are recorded in non-volatile memory and retained even after printing or while rebooting.

・User data initialization and resetting to factory defaults When disposing of or moving a device to another location, all the configurations and data recorded in the unit (stored in non-volatile memory) are reset to factory defaults (initialized) to prevent leaks of information, such as the logo and print settings.

・Enabling/disabling settings for various interfaces (fixed use via USB, or Network, or Serial I/F) Unauthorized external access can be prevented by setting a fixed interface for the customer's use, for example, by blocking network communication. Additionally, unauthorized intrusions in the local environment through USB PnP connections can be prevented by disabling USB communication. However, peripheral devices (such as Barcode Scanners and Display Modules) can remain connected via USB-TypeA.

・IPsec/IP filtering (Security Architecture for Internet Protocol/Internet Protocol filtering) IPsec protocol encrypts communications between the printer and a computer or user, protecting the data from leaking.
IP filtering approves the transmitted data by their IP address and prevents unauthorized access by filtering out the transmitted data from unauthorized terminal devices.

・HTTPS/TLS connection (Hypertext Transfer Protocol Secure/Transport Layer Security connection) When accessing the internal Web server (WebConfig), incoming communications are encrypted to help safeguard against data leaks. Additionally, encryption protects any information sent through the server's direct print function, such as receipt data. We utilize the latest encryption technology, TLS1.3.

・IEEE 802.1X, WPA3 (Wi-Fi Protected Access 3) IEEE 802.1X is an authentication standard that prevents unauthorized devices from being able to connect to a LAN network. It allows using the device in a network environment requiring high security.
WPA3 is the latest standard for wireless local network security. All devices with the Wi-Fi function use WPA3, protecting important customer information assets from data leaks and tampering.

・SNMPv3 (Simple Network Management Protocol version 3) SNMPv3 is a protocol for monitoring and controlling information on devices that supports encryption and authentication. SNMPv3 protects the device from unauthorized configuration changes and data leaks.

・Restricted access to the control panel The range of functions available through the control panel can be limited for each device.
Allowing access only to the functions minimally necessary to the operator’s duties helps reduce the risks of unauthorized manipulation of the device settings or data transmission settings.

・Firmware signature verification The use of digital signature technology prevents unauthorized firmware updates. When the device is prompted for a firmware update, this feature checks the attached digital signature and only executes the update if the firmware is authorized.

・Password encryption and password policies The customer password saved in the device is encrypted to protect it from leaks. This password is required to view and change settings using the Settings tool (WebConfig).

・Disposal of print data The label data (print data), used for business operations, is deleted after printing to protect the data from leaks and tampering. However, your logo, additional information, and customized settings are recorded in non-volatile memory and retained even after printing or while rebooting.

・User data initialization and resetting to factory defaults When disposing of or moving a device to another location, all the configurations and data recorded in the unit (stored in non-volatile memory) are reset to factory defaults (initialized) to prevent leaks of information, such as the logo and print settings.

・Run-time intrusion detection This function monitors control programs running on the device and terminates unauthorized invasive programs.

・Enabling/disabling network function settings (fixed use via USB) Blocking the network function helps ensure the prevention of unauthorized external intrusions.

・IPsec/IP filtering (Security Architecture for Internet Protocol/Internet Protocol filtering) IPsec protocol encrypts communications between the printer and a computer or user, protecting the data from leaking.
IP filtering approves the transmitted data by their IP address and prevents unauthorized access by filtering out the transmitted data from unauthorized terminal devices.

・HTTPS/TLS connection (Hypertext Transfer Protocol Secure/Transport Layer Security connection) These protocols encrypt the transmitted data when they access the internal Web server (WebConfig), helping prevent data leaks.
Epson uses TLS1.3, the latest encryption technology.

・IEEE 802.1X, WPA3 (Wi-Fi Protected Access 3) IEEE 802.1X is an authentication standard that prevents unauthorized devices from being able to connect to a LAN network. It allows using the device in a network environment requiring high security.
WPA3 is the latest standard for wireless local network security. All devices with the Wi-Fi function use WPA3, protecting important customer information assets from data leaks and tampering.

・SNMPv3 (Simple Network Management Protocol version 3) SNMPv3 is a protocol for monitoring and controlling information on devices that supports encryption and authentication. SNMPv3 protects the device from unauthorized configuration changes and data leaks.

・Restricted access to print, scan, copy functions You can limit the scope of functions (such as print, scan, copy) accessible by each user.
Allowing access only to the functions minimally necessary to the user's duties helps minimize the risks of unauthorized browsing and leaks of document data.

・User authentication in conjunction with access restriction to certain functions User authentication can be carried out by password input or by using authentication devices such as ID card readers. You can limit which user can access each of these functions.
*1 Authentication devices such as IC card readers are required separately.

・Logging and auditing You can keep a record of print, copy, scan, fax transition/reception, and configuration changes, which can all be stored in an audit log on the device.
Regular review of the audit log allows for early detection of any unauthorized use and follow-up investigation after occurrence of any security-related incidents.

・Firmware signature verification The use of digital signature technology prevents unauthorized firmware updates. When the device is prompted for a firmware update, this feature checks the attached digital signature and only executes the update if the firmware is authorized.

・Secure boot This feature checks the program code upon the device startup and only allows its operation after successful confirmation of the code.

・Password encryption Passswords saved in the device are encrypted to protect them from leaks

・TPM(Trusted Platform Module: security chip) Critically important information (such as private keys) used for encryption is stored on a dedicated security chip (TPM) installed on the device.

・Encryption of data recorded on SSD When data is recorded to the SSD within the device, the same content is encrypted.
This way, all the important customer data is protected from data leaks and tampering.

・Initialization of user data and erasing stored data from the SSD When disposing of or transferring the device to another party,
all the configurations and data stored in the device (including the data saved on the internal SSD) are initialized and deleted in order to prevent leaks of any confidential information.

・Authenticated printing and authenticated scanning With the Epson Print Admin or Epson Print Admin Serverless option, you can require printing authentication using an IC card or another authentication device to ensure that the authorized person is present to pick up the printed materials. This helps prevent the misplacement of important documents and leaks of confidential information.

・Run-time intrusion detection This function monitors control programs running on the device and terminates unauthorized invasive programs.

・IPsec/IP filtering (Security Architecture for Internet Protocol/Internet Protocol filtering) IPsec protocol encrypts communications between the printer and a computer or user, protecting the data from leaking.
IP filtering approves the transmitted data by their IP address and prevents unauthorized access by filtering out the transmitted data from unauthorized terminal devices.

・HTTPS/TLS connection These protocols encrypt the transmitted data when they access the internal Web server (WebConfig), helping prevent data leaks.

・IEEE 802.1X, WPA3 (Wi-Fi Protected Access 3) IEEE 802.1X is an authentication standard that prevents unauthorized devices from being able to connect to a LAN network. It allows using the device in a network environment requiring high security.
WPA3 is the latest standard for wireless local network security. All devices with the Wi-Fi function use WPA3, protecting important customer information assets from data leaks and tampering.

・SNMPv3 (Simple Network Management Protocol version 3) SNMPv3 is a protocol for monitoring and controlling information on devices that supports encryption and authentication. SNMPv3 protects the device from unauthorized configuration changes and data leaks.

・S/MIME(Secure/Multipurpose Internet Mail Extensions) When using functions such as Scan to Mail or fax forwarding, this protocol encrypts and adds digital signatures to electronic messages protecting them from tampering and leaks.