Three Guidelines from Three Ministries (Japan)
Medical institutions that outsource medical information, or process it in a cloud service, must review their risk management measures against the requirements of three separate guidelines from three different ministries:
- Guideline for the Security Management of Medical Information Systems - Ministry of Health, Labor & Welfare
- Security Management Guideline for Information Processing Providers Dealing with Medical Information - Ministry of Economy, Trade & Industry
- Security Management Guideline for Cloud Service Providers Handling Medical Information - Ministry of Internal Affairs & Communications
These are referred to collectively as the “Three Guidelines from Three Ministries” (3G3M).
In order to help customers understand how we support compliance with these guidelines, we've created a 3G3M whitepaper. Third-party compliance programs such as ISO/IEC 27001, ISO/IEC 27017, and ISO/IEC 27018 certifications map to many of the guidelines described in the whitepaper.