Asia Pacific | Healthcare and life sciences

Two Guidelines from Three Ministries (Japan)

Medical institutions in Japan that place medical information in a 3rd party service (eg cloud) must review their risk management measures against the requirements of two guidelines set by three different government ministries. The guidelines are collectively referred to as the “Two Guidelines from Three Ministries” (2G3M).

[1] Guideline for the Security Management of Medical Information Systems version 5.1 (Jan, 2021)

Ministry of Health, Labor & Welfare 

[2] Safety Management Guideline for Information Systems and Service Providers Handling Medical Information (Aug, 2020)

Ministry of Economy, Trade & Industry

The Ministry of Internal Affairs and Communications (MIC)

In order to help customers understand how we support compliance with these guidelines, we've created a 2G3M Whitepaper as well as a Control Mapping for “The Safety Management Guideline for Information Systems and Service Providers Handling Medical Information.” Third-party compliance programs such as ISO/IEC 27001, ISO/IEC 27017, and ISO/IEC 27018 certifications align closely with 2G3M and we have mapped many of the 2G3M requirements with these industry standards in the whitepaper.


ISO/IEC 27001

Learn more

ISO/IEC 27017

Learn more

ISO/IEC 27018

Learn more