Standards, regulations, and certifications

To help with compliance and reporting, Google provides easy access to information, best practices, and documentation. Our products regularly undergo independent security, privacy, and compliance audits in order to reassure our customers, and have received a number of international certifications. We're constantly working to increase our coverage.

Three Guidelines from Three Ministries (Japan)

Guidelines for the Security Management of Medical Information Systems (Japan)

The document “Guidelines for the Security Management of Medical Information Systems” from the Ministry of Health, Labour and Welfare (MHLW) sets out the requirements for the secure management of medical information systems and compliance with e-Document Law from both a technical and operations management perspective.

Medical institutions that outsource medical information systems or use a cloud-type service must review their management measures against the requirements of three different documents: the guidelines from the MHLW mentioned above, along with the “Security Management Guidelines for Information Processing Providers Dealing with Medical Information” from the Ministry of Economy, Trade and Industry, and the “Security Management Guidelines for Cloud Service Providers Handling Medical Information” from the Ministry of Internal Affairs and Communications. These three sets of guidelines issued by the three ministries are collectively referred to as the “Three Guidelines from Three Ministries.”

At Google, we've created a handbook to describe how our control environment complies with the Three Guidelines from Three Ministries. Most of the regulations described in the handbook have been certified by third-party compliance programs, such as ISO/IEC 27001, ISO/IEC 27017, and ISO/IEC 27018.