1. Home
  2. News Releases
  3. Back Issues
  4. January FY2022
  5. Information Security Service Standards 2nd Edition and Examination and Registration Authority Standards for Information Security Services 2nd Edition Publicized

Information Security Service Standards 2nd Edition and Examination and Registration Authority Standards for Information Security Services 2nd Edition Publicized

January 31, 2022

The Ministry of Economy, Trade and Industry (METI) has revised the “Information Security Services Standards” and the “Examination and Registration Authority Standards for Information Security Services” and released the 2nd edition of each in order to create an environment where information security services can be used with peace of mind.

1. Background

In recent years, the number of cyber-attacks has increased, and their methods are becoming more and more sophisticated. Simply buying security products is not enough to protect against them, and it is necessary to consider using information security services provided by businesses.

However, ordinary service users, not experts in this field, often face difficulties in determining the quality of information services provided by many information service providers when choosing an appropriate provider.

To address this situation, METI considered it important to establish a system in which a third party objectively determines whether such service providers strive to maintain and improve the predetermined quality of their information security services, compiles their results in a register, and publicizes it so that people intending to use such services can refer to the results.

To this end, in February 2018, METI publicized the “Information Security Service Standards” and “Examination and Registration Authority Standards for Information Security Services” in order to provide a system that information security service users can refer to when selecting a provider and use the services with peace of mind.

As it has been more than three years since they were published, the standards have been referred to by a certain number of companies. In order to further disseminate the information security service examination and registration system based on these standards, METI formed the Study Group on Promoting the Dissemination of Information Security Services and reviewed the “Information Security Service Standards” and “Examination and Registration Authority Standards for Information Security Services” to make updated versions.

METI formed the Study Group on the Security Service Standard and publicized the 2nd editions of the “Information Security Service Standards” and “Examination and Registration Authority Standards for Information Security Services” based on expert opinions, public comments, and other feedback.

2. Outline of the revision

1. Information Security Service Standards

The following items from the Supplementary Provisions needed review and are changed to “Examples of Measures that Contribute to Securing Technology and Quality in Information Security Services”:

2. Examination and Registration Authority Standards for Information Security Services

Revisions have been made to reflect the revisions to the “Information Security Service Standards.”

Division in Charge

Cybersecurity Division, Commerce and Information Policy Bureau

Related website