INFORMATION SECURITY POLICY

The following translations are provided for convenience only. When there are discrepancies or inconsistencies between the translated version and the Japanese version (including, but not limited to, delayed provision of the translated version), the Japanese version takes precedence.

Information Security Policy

Basic Philosophy

The National Institute of Advanced Industrial Science and Technology (hereinafter, referred to as the “Institute”), one of Japan’s largest public research institutes, aims to generate innovation through science and technology, to become the “core of the national innovation ecosystem,” and to lead society to swift solutions to the piles of social problems. The Institute also aims to contribute to the enhancement of Japan’s industrial competitiveness.

The information assets, including the information of the corporate clients and users, handled in the AI Bridging Cloud Infrastructure (hereinafter referred to as “ABCI”) provided by the Institute are extremely important to the Institute. All executives and employees who handle information assets shall recognize the importance of protecting information assets from risks such as leakage, damage, and loss, and shall comply with this policy and practice activities to maintain information security, including confidentiality, integrity, and availability of information assets.

Basic Policy

1. To protect information assets, the Institute shall establish an information security policy and related rules and regulations, conduct its service provision in accordance with this policy, and comply with laws, regulations, and other rules related to information security, as well as the terms of its contracts with its customers.
2. The Institute shall clarify the criteria for analyzing and assessing the risk of leakage, damage, loss, etc. of information assets, establish a systematic risk assessment method, and conduct risk assessments on a regular basis. Based on the results, the Institute shall implement necessary and appropriate security measures.
3. The Institute shall establish an information security system led by the ABCI Administrator (a person appointed by the Institute for the operation of ABCI and in charge of ABCI management), and clarify the authority and responsibility for information security. In addition, the Institute shall regularly educate, train, and raise awareness among all executives and employees to ensure that they recognize the importance of information security and handle information assets appropriately.
4. The Institute shall regularly inspect and audit the status of compliance with the Information Security Policy and the handling of information assets, and promptly take corrective actions for any deficiencies found or items that need to be improved.
5. The Institute shall take appropriate measures against the occurrence of information security events and incidents, and in the event of such an occurrence, the Institute shall establish procedures in advance to minimize damage, and in the event of an emergency, the Institute shall respond promptly and take appropriate corrective measures. In addition, the Institute shall ensure the continuity of its service provision by establishing a framework for the management of incidents, especially those that may lead to suspension of service provision, and by conducting periodic reviews of the framework.
6. The Institute shall establish and implement an information security management system that sets forth goals to realize the basic principles, and shall continuously review and improve the system.

IS 780252 / ISO(JIS Q)27001

ISO (JIS Q) 27001 certification was obtained in January 2023.

• Scope: Operation and maintenance of cloud computing systems for artificial intelligence processing
• Location: National Institute of Advanced Industrial Science and Technology; AIST Tsukuba Headquarters, AIST Tokyo Waterfront, AIST Kashiwa