Medical institutions that outsource medical information, or
process it in a cloud service, must review their risk
management measures against the requirements of three
separate guidelines from three different ministries:
1. Guideline for the Security Management of Medical
Information Systems - Ministry of Health, Labor &
2. Security Management Guideline for Information Processing
Providers Dealing with Medical Information - Ministry of
Economy, Trade & Industry
3. Security Management Guideline for Cloud Service
Providers Handling Medical Information - Ministry of
Internal Affairs & Communications
These are referred to collectively as the “Three Guidelines
from Three Ministries” (3G3M).
In order to help customers understand how we support
compliance with these guidelines, we've created
a 3G3M whitepaper.
Third-party compliance programs such
as ISO/IEC 27001, ISO/IEC 27017,
and ISO/IEC 27018 certifications
map to many of the guidelines described in the whitepaper.