Our goal is to establish a safe and secure digital society where people can

Transcription

1 1

2 Our goal is to establish a safe and secure digital society where people can safely access a connected digital economy through the use of a federated ID framework benefit from disaster mitigation information based on open and accurate geospatial and transportation framework data use new services from linking health information and other content JIPDEC envisions a safe and secure information environment purchasing history location history medical records online advertising Through the actions of our daily routines, such as driving a car, visiting a doctor, or making online purchases, multitudes of content-rich data are produced. Being able to refine and use this data holds great promise not only for us as the creators of the data but also for others, by way of monetized anonymous data streams. Yet if there is no mechanism for the correct and responsible use of this data, it will be impossible to establish a safe and secure digital society. It is these requirements that JIPDEC is addressing, with the operation of the PrivacyMark System, Information Security Management System (ISMS) and other projects and research topics, to form the foundation of a safe and secure digital society. 1

3 JIPDEC s work advances the safe use of digital information to build an information-rich digital society. Assessment Strategies see page 3 Operation of the PrivacyMark System ISMS/ITSMS/BCMS/CSMS accreditation activities Officially designated investigative body for electronic signatures and authentication systems S S S S e r v i c e s My Number Support Service Promotion of the JCAN-The Cyber Certificate Operation of the ROBINS-The Cyber Business Registry Registration and management of Standard Company Codes Research and Proposals Research on the development of a platform for the use of digital information Research on IT asset management Facilitating collaboration between the industry, government, and academia Research on the use of digital see page 4 information see page 5 2

4 Assessment Strategies A trusted mark showing your personal information is protected Operation of the PrivacyMark System Since April 2005, the Act on the Protection of Personal Information [Japan Law No.57, 2003] referred to as the Personal Information Protection Law, has been fully enforced in Japan. With the spread of new online services there continues to be an increasing awareness for the protection of personal information. As more personal information is processed electronically and exchanged through the Internet, the implementation of effective measures to safeguard that personal information have been requested. Foreseeing these concerns, JIPDEC established, and has been operating, the PrivacyMark System since April 1, This system evaluates the handling of private information by a business in a fair and neutral manner, from a third-party standpoint. The system follows the Japanese Industry Standard Personal information protection management system Requirements (JIS Q 15001) which establishes a rigorous set of rules and procedures for the securing of personal information. Based on eligibility and qualifications, in addition to the specifications of JIS Q 15001, businesses that meet the requirements of these rules and procedures may use the PrivacyMark logo which is a trusted indicator of protection and conformance. Accreditation of information technology related management systems through international standards ISMS/ITSMS/BCMS/CSMS accreditation activities As a fair and neutral third-party organization, independent from other businesses, JIPDEC operates accreditation activities for four conformity assessment schemes ISMS, ITSMS, BCMS, and CSMS. These activities serve to promote information management systems based on international standards. ISMS accreditation activities JIPDEC accredits certification bodies which audit and certify organizations ISMS (Information Security Management Systems) in compliance with ISO/IEC ITSMS accreditation activities JIPDEC accredits certification bodies which audit and certify organizations ITSMS (IT Service Management Systems) in compliance with ISO/IEC BCMS accreditation activities JIPDEC accredits certification bodies which audit and certify organizations BCMS (Business Continuity Management Systems) in compliance with ISO CSMS accreditation activities JIPDEC accredits certification bodies which audit and certify organizations CSMS (Cyber Security Management Systems) in compliance with IEC * CSMS in the CSMS scheme refers to the security management system for control systems. Promoting trust and awareness related to e-signatures Business certification through the authentication of electronic signatures The enforcement of the Act on Electronic Signatures and Certification Business (e-signature Act) beginning in 2001, SYSTEM created a legal framework that allowed electronic signatures to be used in the same fashion as handwritten signatures and seals. In 2003, JIPDEC was designated the official investigative body by the e-signature Act. JIPDEC investigates whether or not the equipment of specific certification businesses and their implementation methods conform to the standards established by the e-signature Act. JIPDEC actively promotes awareness regarding the handling of users electronic signatures as well as an understanding regarding the use of electronic signatures and related authentication work. 3

5 Services Support services for My Number security and implementation My Number Support Service From January 2016 the government of Japan has begun using unique numbers to identify individuals for administrative, social welfare, and tax-related procedures. This identification scheme is referred to as the My Number System. To ensure the security of the system as well as an individual s number, enacted regulations stipulate that government agencies shall conduct Information Protection Assessments (IPAs). Similar IPAs can be voluntarily implemented by private companies to ensure their procedures meet the required security levels when handling an individual s number. It is expected that many organizations will need to implement support for the handling of My Numbers in their workflows. Based on JIPDEC s implementation skills and operational expertise of the PrivacyMark System and ISMS accreditation activity, JIPDEC is providing support services to help both industry organizations and government agencies assess the results of their IPAs. In addition JIPDEC offers training services to meet the needs of employee education regarding the safe handling of individual My Numbers. Cyber certificates the changing concept of digital certificates JCAN The Cyber Certificate To meet the demands for an easy to use, digital authentication method that is inexpensive and easy to register, JIPDEC developed the JCAN certificate. The JCAN certificate is a public digital certificate created for use in the business sector to identify and authenticate employees. The certificate also provides a secure infrastructure that offers the same level of credibility as the real world, and can easily respond to issues such as falsification, impersonation and information leaks which occur frequently in cyberspace. The JCAN certificate is certified by an international standards body and is mainly used in electronic trading (digital trading documents), client certification (access certification), and preventing falsifications by enabling sender identification and encryption (S/MIME). JIPDEC is also working to promote the use of digital certificates issued by each certification authority, increasing the number of JCAN compatible applications and other consulting services. Streamlining of online business through reliable corporate information ROBINS The Cyber Business Registry JIPDEC also offers ROBINS, which is a registry of official corporate profiles that facilitates the verification of corporate information. The corporate profiles in the ROBINS registry comprise the company's master data, which are particularly important when conducting business. Contents of the registry consist of the registered Japanese and English company names, the registered corporate address, specific URLs, and various business codes assigned by the government and other organizations. Additional distinctive corporate data, acquired qualifications and commendations further enhance the registry entries. ROBINS is used as a form of defence in preventing spoof ( Anshin Mark ), website falsification ( ROBINS Seal ), protecting corporate branding on the Internet ( Brand Seal ). The corporate profiles registered in the ROBINS system are reliable because the entries are managed by accredited corporations and undergo third-party verifications by notaries, licensed social insurance consultants and judicial scriveners. ROBINS is the only corporate registry in Japan recognized by CA/Browser (CAB) Forum as a verified third-party certifying the English representation of company names. Registration and management of corporate identifiers based on international standards Registration and management of Standard Company Codes SERVICE Standard Company Codes are unique corporate identifiers that were designed for the EDI (electronic data interchange and online trading) network, and comply with international standards. JIPDEC is a registered agent for the issuance of company codes complying with ISO/IEC , ISO/IEC 6523, and UN/CEFACT data element

6 Research and Proposals Creation of a new framework for the use of digital information Research on the development of a platform for the use of digital information In 2013 the Japanese Cabinet approved a declaration for Japan to become the world s most advanced IT nation by Towards this end, industries, academia and government agencies across Japan are working to achieve the goal of this IT strategy. Projects promoting open data, the uses of personal information, and the Internet of Things (IoT) have been identifi ed as critical enablers of innovation and sectors showing an increased growth in productivity. The objectives of JIPDEC s research consist of establishing rules to ensure security and transparency in our networked society. Our work focuses on removing the barriers that are preventing international harmonization and are deteriorating the values of a data-driven society. Using IT to promote and reinforce business risk management Research on IT asset management IT asset management (ITAM) has shown to be effective in improving the quality of IT services while reinforcing information security. JIPDEC s research relating to ITAM, when coupled with promotion and educational activities encouraging the introduction of ITAM procedures, provides IT users with a clear understanding of their current needs and helps them adopt better ITAM practices. Realizing society s needs Facilitating collaboration between the industry, government, and academia To better meet the needs of industry while expanding our research on the development of infrastructure using electronic information, JIPDEC supports a group of three consortia, consisting of experts from industry, academia and the government, all focused on disseminating information and formulating recommendations. The g-contents Exchange Promotion Association is an industry consortium focused on the development of a framework to distribute digital content containing geospatial information (g-contents), in addition to facilitating discussions on promoting the use of geospatial information. Next the Consortium for the Promotion of Next-Generation Personal Services considers rules for handling personal information based on domestic and international trends. Finally the ID Federation Trust Framework is a consortium that is researching how best to build trust between industry and consumers. Creation of new business opportunities and values Research on the use of digital information JIPDEC provides a platform, the Forum on Advanced Uses of Digital Information that enables members to discuss and exchange ideas on the use of digital information, In addition, JIPDEC holds several seminars a year, which are widely attended and provide many new topics for future discussion. SUGGESTION 5

7 Executive Perspective Since the establishment of JIPDEC in 1967, we have actively researched and developed information processing technologies and conducted strategic work on the development of related industries. In recent years, following changes in the business environment surrounding IT-related industries, we have been shifting our focus to: Proposing and developing new mechanisms for the use of IT and digital information Developing and operating framework infrastructures to ensure safety and security New businesses and increasingly convenient services have been created by using various types of digital information. In order to move forward with these businesses and services, companies and individuals alike require a safe environment in which they can feel assured that their corporate and personal information, as well as their privacy are being rigorously protected. JIPDEC will continue our endeavors and cooperation with industry, academia, and the government, further strengthening these connections using the knowledge that we have accumulated in our research activities. Organization Outline Name JIPDEC Establishment December 20, 1967 Capital 3,999 million yen Budget 2,516 million yen Number of Employees 108 (as of April 2015) Contacts Administrative Department ESSTEC Promotion Department ESSTEC:Environment of Safety, Security, Trustability, Ease and Convenience Utilization of Digital Information Research Department Public Relations Office PrivacyMark Promotion Center Information Manegement Systems Promotion Center (IMSPC) Electronic Signature and Authentication Promotion Center (ESAC) MyNumber Project Office

8 Roppongi First Building, 9-9 Roppongi 1-chome, Minato-ku Tokyo, Japan Phone: Web: jipdec.or.jp