Table 1 Security Guidelines and Certification Systems.
From: Building cloud computing environments for genome analysis in Japan
ISMS Cloud Security Certification https://isms.jp/english/index.html | ISMS Accreditation Center (ISMS-AC) | Providers Customers | Assuming ISMS certification, ISO/IEC 27017 control measures will be added to ISO/IEC 27001 control measures. |
Cloud Security Mark https://www.jasa.jp/en/ | Japan Information Security Audit Association | Providers | The basic statement requirements are defined in the Cloud Information Security Management Standard based on the “Information Security Management Guidelines for the Use of Cloud Services” published by METI. |
Information system Security Management and Assessment Program (ISMAP) https://www.ismap.go.jp/csm | Digital Agency, MIC, METI, and IPA | Providers | In principle, government agencies will procure services from those listed on the ISMAP Cloud Services List. |
Common Standards for Cybersecurity Measures for Government Agencies and Related Agencies https://www.nisc.go.jp/eng/pdf/kijyunr3-en.pdf | NISC | Customers (Government agencies) | Based on the Cyber Security Basic Law (Law No. 104 of 2014), the standards for measures related to cybersecurity for national administrative agencies, etc., are determined. |
Information Security Guidelines for Cloud Service https://www.soumu.go.jp/main_sosiki/joho_tsusin/eng/pressrelease/2021/9/30_06.html | MIC | Providers | Guidelines outlining information security measures that cloud providers should implement. |
Guideline for the Security Management of Medical Information Systems, Version 5.2 https://www.mhlw.go.jp/stf/shingi/0000516275_00002.htm | MHLW, METI and MIC | Customers (Healthcare professionals) | |
Guidelines for Safety Management of Medical Information by Providers of Information Systems and Services Handling Medical Information https://www.meti.go.jp/policy/mono_info_service/healthcare/teikyoujigyousyagl.html | MHLW, METI and MIC | Providers |
