Information Security Policy

The following translations are provided for convenience only. When there are discrepancies or inconsistencies between the translated version and the Japanese version (including, but not limited to, delayed provision of the translated version), the Japanese version takes precedence.

Information Security Policy

Established: August 12, 2022
Last revised: September 19, 2024
National Institute of Advanced Industrial Science and Technology (AIST)
Director, Department of Information Technology and Human Factors
also serving as ABCI Administrator
Yoshio Tanaka

AIST Solutions, Co. (AISol)
Producer, also serving as ABCI operations manager
Hirotaka Ogawa

Basic Philosophy

The National Institute of Advanced Industrial Science and Technology (hereinafter, referred to as the “Institute”), one of Japan’s largest public research institutes, aims to generate innovation through science and technology, to become the “core of the national innovation ecosystem,” and to lead society to swift solutions to the piles of social problems. The Institute also aims to contribute to the enhancement of Japan’s industrial competitiveness. The information assets, including the information of the corporate clients and users, handled in the AI Bridging Cloud Infrastructure (hereinafter referred to as “ABCI”) which had been constructed and operated by the Institute since 2018 and now operated and maintained jointely by the Institute and AIST Solutions Co. (hereinafter referred to as “AISol”) since April, 2024 are extremely important to the Institute and AISol. All the employees and officers of the Institute and AISol who handle information assets shall recognize the importance of protecting information assets from risks such as leakage, damage, and loss, and shall comply with this policy and practice activities to maintain information security, including confidentiality, integrity, and availability of information assets.

Basic Policy

  1. To protect information assets, the Institute and AISol shall establish an information security policy and related rules and regulations, conduct its service provision in accordance with this policy, and comply with laws, regulations, and other rules related to information security, as well as the terms of its contracts with its customers.
  2. The Institute and AISol shall clarify the criteria for analyzing and assessing the risk of leakage, damage, loss, etc. of information assets, establish a systematic risk assessment method, and conduct risk assessments on a regular basis. Based on the results, the Institute and AISol shall implement necessary and appropriate security measures.
  3. The Institute and AISol shall establish an information security system led by the ABCI Administrator (a person appointed by the Institute for the operation of ABCI and in charge of ABCI management), and clarify the authority and responsibility for information security. In addition, the Institute and AISol shall regularly educate, train, and raise awareness among all the employees and officers of the Institute and AISol to ensure that they recognize the importance of information security and handle information assets appropriately.
  4. The Institute and AISol shall regularly inspect and audit the status of compliance with the Information Security Policy and the handling of information assets, and promptly take corrective actions for any deficiencies found or items that need to be improved.
  5. The Institute and AISol shall take appropriate measures against the occurrence of information security events and incidents, and in the event of such an occurrence, the Institute and AISol shall establish procedures in advance to minimize damage, and in the event of an emergency, the Institute and AISol shall respond promptly and take appropriate corrective measures. In addition, the Institute and AISol shall ensure the continuity of its service provision by establishing a framework for the management of incidents, especially those that may lead to suspension of service provision, and by conducting periodic reviews of the framework.
  6. The Institute and AISol shall establish and implement an information security management system that sets forth goals to realize the basic principles, and shall continuously review and improve the system.

IS 780252 / ISO(JIS Q)27001

IS 780252 / ISO(JIS Q)27001

ISO (JIS Q) 27001 certification was obtained in January 2023.