表1

KamiyachoStation

KamiyachoStation

Roppongi1-chomeStation

Roppongi1-chomeStation

Embassy ofSpain

Embassy ofSpain

Hotel OkuraHotel Okura

Embassy ofSweden

Embassy ofSweden

ShiroyamaTrust TowerShiroyama

Trust Tower

SengokuyamaMori Tower

SengokuyamaMori Tower

Hotel OkuraSouth WingHotel OkuraSouth Wing

Izumi GardenTower

Izumi GardenTower

Suntory HallSuntory Hall

Exit 2Exit 2

escalatorescalatorNorth Ticket GateNorth Ticket Gate

central exitcentral exit

RoppongiFirst BuildingRoppongiFirst Building

Namboku

Line

Hib

iya

Lin

e

Roppongi First Building, 9-9 Roppongi 1-chome,Minato-ku Tokyo, 106-0032 JapanPhone: +81-3-5860-7555https://www.jipdec.or.jp

2019.6

Business Prospectus

1

1

We are promoting a new society...

... to create a secure and trustworthy system, and to make that system work effectively in Society, enabling a place where people can discuss issues, share their views, and work together to solve their problems.

In this digital age, our activities and creativity depend on various kinds of data. If there were a system to allow individuals, businesses, and Society to benefit from that data, a virtuous circle of data distribution would be created enabling efficient data use and sharing. Building a safe and secure data Society, we should consider the impact our activities would have on various people.

Since its establishment, JIPDEC has been collaborating with various groups across industries for the creation of a safe, convenient, and prosperous Society through the advancement of computerization. While additional industry and international cross-border collaboration are needed, we will continue to use the knowledge gained from our long history to contribute to future socio-economic activities and thus to the creation of a safer digital Society.

JIPDEC

Promoting Personal Information Protection

Ensuring the trust ofinformation on the

Internet

Research andrecommendations fora data-driven society

Promotion ofinformation security

management

Creating a place for cooperation and information sharing

2

2

Organization Outline

Corporate History

■ Name：JIPDEC

■ Date of establishment：December 20, 1967

■ Capital：3,999 million yen

■ Business budget：2,434,600 thousand yen (FY 2019)

■ Number of employees：93 (as of April 1, 2019)

■ Organization：

December, 1967 Japan Information Processing Development Center (JIPDEC) was established.September, 1968 Japan Computer Usage Development Institute (CUDI) was established.March, 1970 Institute of Information Technology (IIT) was established.April, 1976 CUDI and IIT were incorporated into JIPDEC.April, 1984 Japan Information Technology Engineers Examination Center (JITEC) was established (JITEC

was moved to the IPA in 2004).February, 1985 Center for the Informatization of Industry (CII) was established (CII was abolished in 2000).October, 1992 Japan Electronic Data Interchange Council (JEDIC) was jointly founded by 39 industrial

organizations as a voluntary organization (JEDIC was abolished in 2012).July, 1995 Japan STEP Promotion Center (JSTEP) was established (JSTEP was abolished in 1998).October, 1995 Research Institute for Advanced Information Technology (AITEC) was established (AITEC

was abolished in 2003).January, 1996 Electronic Commerce Promotion Council of Japan (ECOM) was established.April, 1998 JIPDEC established the PrivacyMark System on April 1, 1998July, 1998 JSTEP was reorganized into Japan EC/CALS Organization (JECALS).April, 2000 CII and JECALS were incorporated into the ECOM.April, 2002 JIPDEC officially started the operation of the ISMS (Information Security Management

System) accreditation activities.April, 2003 JIPDEC was designated as the official investigative body for the e-Signature Act.June, 2005 JIPDEC was designated an accredited personal information protection organization under

Japan’s Act on the Protection of Personal Information.April, 2006 Database Promotion Center, Japan was incorporated into JIPDEC.April, 2011 JIPDEC became a general incorporated foundation and revised its Japanese name.December, 2011 The office was relocated to Roppongi 1-chome.April, 2012 JIPDEC launched the JCAN Certificate service.July, 2013 JIPDEC launched ROBINS-The Cyber Business Register.April, 2014 JIPDEC PIA (Privacy Impact Assessment) support service was started.January, 2016 JIPDEC was recognized as Japan’s first Accountability Agent in compliance with APEC

CBPR system.October, 2017 JIPDEC launched the JCAN Trusted Service Registration.December, 2017 JIPDEC marked its 50th Anniversary of establishment.April, 2018 The PrivacyMark System marked its 20th Anniversary.

Board of Councilors

Board of Directors

Administrative Department

Internet Trust Center

Utilization of Digital Information

Research Department

PrivacyMark Promotion Center

Electronic Signature and Authentication

Promotion Center

Accredited Personal Information Protection

Organization Administrative Office

Security Management

Promotion OfficePublic Relations

Office

President

3

3

Promoting Personal Information Protection

There is a growing interest in the processing and use of personal data, such as how one’s data is collected and where and how that data is used. With the growing interest in personal information protection, the development of prescribed procedures and rules for data processing and utilization has become a global trend. When creating rules to protect personal information, it is necessary to not only manage the collected data safely, but to also consider the impact on users at the design and development stage of products and services. Timely and transparent responses to consumer concerns are a key factor affecting corporate trust.

■ Operation of the PrivacyMark® SystemJIPDEC has been operating the "PrivacyMark System"* since April 1st, 1998. We assess an entity's framework and operation for processing of personal information in a secure and appropriate manner, under specific assessment criteria. Entities which meet the standardized requirements for the secure processing of personal information are permitted to use the PrivacyMark registered logo.

Assessment criteria for the PrivacyMark System are based on the Personal information protection management system – Requirements (JIS Q 15001) and comply with Japan’s Act on the Protection of Personal Information and related legal regulations. The PrivacyMark logo is viewed by users as a symbol of trust, signifying that an entity manages their customers’ personal information with a high degree of competency, voluntarily following prescribed standards in compliance with legal regulations.

To protect personal information, unmanaged technical measures not based on management system procedures are insufficient to prevent any risks. The importance of the Personal Information Protection Management System (PMS) is increasing. PMS protects business operators by minimizing the risk of exposure to personal information breaches, undertakes appropriate measures in case of accidents, and helps to prevent their reoccurrence.

JIPDEC encourages businesses to develop PMS, and advises registered PrivacyMark entities on the appropriate measures required to protect personal information. JIPDEC also actively promotes the PrivacyMark System by holding seminars and informing consumers about personal information protection.

*PrivacyMark and PrivacyMark System are registered trademarks.

1999

20,000

15,000

10,000

5,000

0

2001

2003

2005

2007

2009

2011

2013

2015

2017

2018

Increasing number of PrivacyMark entities

PrivacyMark®logo

4

4

With personal data utilization by industries accelerating worldwide, Japan's Act on the Protection of Personal Information (amended in 2017) has introduced the concept of anonymously processed information, which is intended to further promote the use of anonymized data. In line with the development of a global framework for personal data transfer, the number of Asia-Pacific Economic Cooperation (APEC) members complying with the Cross-Border Privacy Rules (CBPR)＊1 are growing. From January 2019, the European Commission and Japan mutually recognized each other’s data protection laws as providing an adequate level of privacy protection. In addition, technologies, systems, and frameworks are being developed to facilitate data linkages among companies and countries while maintaining personal privacy.

■ Activities of an accredited personal information protection organizationSince June 2005, JIPDEC has been an accredited personal information protection organization under Japan’s Act on the Protection of Personal Information. JIPDEC manages complaints about the target entities processing of personal information and personal information incidents. JIPDEC also provides a series of guidelines specifying the handling of anonymously processed information to the target entities in keeping with the newly amended articles (May 2017) of the Act on the Protection of Personal Information enforced.

In January 2016, JIPDEC was accredited as the first Japanese APEC CBPR Accountability Agent.＊2 Since then, JIPDEC has certified that the privacy policies and practices of participating companies are compliant with the CBPR system program requirements.

＊1 The APEC CBPR system was developed by participating APEC economies after seeking the views of industry and civil society in order to build consumer, business and regulator trust in cross border flows of personal information. The APEC CBPR system has been in operation since 2011. Japan has participated in this system since April 2014.

＊2 Accountability Agents perform a key role in the APEC CBPR system by certifying that the privacy policies and practices of participating companies are compliant with the CBPR system program requirements.

Japan

Republic of Korea

Russia

Chinese TaipeiHong Kong, China

Singapore

Malaysia

Canada

The UnitedStates

Mexico

Peru

Chile

as of April 2019

The PhilippinesThailand

Viet Nam

People’s Republic of China

Papua New Guinea

Brunei Darussalam

Australia

New Zealand

Indonesia

APEC CBPR promotes smooth cross-border data transfer

APEC CBPR member economies have expanded to eight

5

5

Ensuring the trust of information on the Internet

With the development of the global digital revolution, the importance of ensuring services to secure authenticity, such as electronic signatures, are increasing. Technologies to prevent the tampering and falsification of electronic documents, and anti-spoofing measures are especially attracting attention.With the rapid spread of electronic contracts using cloud-based platforms, there is a renewed importance of technologies in Japan such as electronic signatures ensuring contract authenticity.JIPDEC is promoting various activities to ensure the reliability of services provided through the Internet.

■ Services focused on ensuring trustJCAN Trusted Service RegistrationSince 2017, JIPDEC has been operating the "JCAN Trusted Service Registration," which examines the reliability of certificate issuing authorities, Local Registration Authorities, and electronic contracts. As many private Certification Authorities have not received external review, this service assesses the credibility from the perspective of a third party and publishes the results in an easy-to-understand format.　Certification Authority：Authority that registers and issues electronic certificates.　Verification of related certificate businesses： Identity verification service of businesses handling the

issuing and administration of electronic certificates.　Electronic contracts： Services for secured electronic contracts, based on cloud technology, to

manage identities, signature keys, and remote electronic signature functions.

The "JCAN Certificate"Since 2012, JIPDEC has actively promoted the use of the "JCAN Certificate" which ensures safer electronic contracts and prevents e-mail spoofing. Currently, the "JCAN Certificate" has been accepted by a wide range of business sectors as an inexpensive and easy-to-use electronic certificate.Advantages of electronic contracts• Procedures can be completed online through the use of electronic signatures• Administration and printing costs can be reduced with a solely digital workflow• The requirement for revenue stamps is eliminated• Businesses can more easily and securely track the history of each contract, leading to a strengthening

of compliancePreventing e-mail spoofing• The JCAN Certificate can help prevent e-mail spoofing by attaching a verified e-Signature

identifying the e-mail sender

Verification of authenticated e-mailsJIPDEC also promotes the "Spam-Free Mark" which acts as a measure to prevent cyberattacks. The "Spam-Free Mark" framework indicates that the sender of an e-mail is authenticated by Domainkeys Identified Mail (DKIM) and ROBINS – The Cyber Business Register.

6

6

■ Promoting awareness and reliability of information on the InternetJIPDEC conducts surveys and research on web and email related technologies and helps support businesses to reinforce the reliability of their information.Selected Surveys• Survey on the adoption of Always-on SSL with SSL/TLS certificates• Survey on the percentage of companies undertaking measures against e-mail spoofing

■ Useful information services to enhance business activitiesROBINS – The Cyber Business RegisterROBINS – Reference of Business Identity for Networked Society, is a database registry that provides reliable and verified corporate information such as the office address, and telephone number, and also includes the official website and e-mail domains. The ROBINS registry contains various corporate information such as, "The Corporate Number" assigned by the National Tax Agency of Japan, and "Labor Management Assessment information" promoted by the Japan Federation of Labor and Social Security Attorney’s Associations all of which are verified by reliable third parties. The ROBINS registry also includes business activities such as public procurements, awards, and various corporate permits as stipulated under the law, and are sourced from the government’s central database covering corporate information held by Japanese government ministries.

Registration and management of the Standard Company CodeThe Standard Company Code is a unique corporate identifier, compliant with international standards, and widely used in Electronic Data Interchange (EDI). JIPDEC is a registered agent for the issuance of the Standard Company Code.

■ Implementation of the Designated Investigative Organization services for the Act on Electronic Signatures and Certification Business

The enforcement of the Act on Electronic Signatures and Certification Business (e-Signature Act) in April 2001, created a legal framework that allowed electronic signatures to be used in the same context as handwritten signatures and seals. The Japanese government has introduced a system to accredit the Specified Certification Businesses conforming to certain criteria.In 2003, JIPDEC became a Designated Investigative Organization for the e-Signature Act. JIPDEC investigates whether the equipment of the Specified Certification Business and their implementation methods conform to the standards provided in the e-Signature Act. JIPDEC provides information provision, advice, and other support services in response to inquiries and consultation from entities conducting the Specified Certification Business, and the users of those services.

JCAN ,JCAN TRUSTED SERVICES(logo) and The Cyber Business Register are registered trademarks.

7

7

Research and recommendations for a data-driven Society

The spread and popularity of technologies such as Artificial Intelligence (AI), Big Data, and Internet of Things (IoT) in our l ives, along with advancements in digital technology is revolutionizing various aspects of Society. In the business sector, a limited number of top-tier companies are able to provide innovative products and services and are developing new markets through the collecting and use of vast amounts of data.

In the fifth "Science and Technology Strategic Plan" the Government of Japan advocated the creation of "Society 5.0". In this concept, the innovation of new technologies such as IoT, robotics, AI, and Big Data and the infusion of those technologies into key industries such as infrastructure, financial technology, healthcare, transport, and logistics, are all joined together by the sharing of digital data. These advances are designed to assist and meet the needs of individuals and will lead to the resolution of social problems.In order to realize the goals of Society 5.0, various types of data, such as personal, locational and public data should be shared and used throughout Society, stimulating businesses to work together to solve social problems.

JIPDEC contributes to the building of Society 5.0 by conducting research on the effective use of data and promotes solutions to social issues such as population aging, natural resource depletion, and climate change issues.

■ Research on advanced uses of dataThe human-centered Society 5.0 is focused on resolving various social issues while expanding the economy through a high-level integration of cyber and physical space. To achieve this goal, many stakeholders from industries, academia, and government are considering legal and administrative frameworks. The "Digital First" bill, in principal, restricts the use of paper and constrains administrative procedures to electronic applications. In addition, a new platform called the "Information Bank" enables individuals to receive various credits as compensation for allowing their personal data, including behavioral and purchasing history, to be stored "in the bank" and analyzed by participating companies.

JIPDEC collects and analyzes information on national and international polices and technologies in order to create the foundations of a data-driven Society. JIPDEC is also teaming up with key players in industry, academia, and the government to build a consensus on social infrastructure for advanced uses of information with safe measures and proposes recommendations on political policies.

■ Enhancing collaboration between industry, government, and academiaTo better understand the needs of industry, in solving problems, and creating new business opportunities, JIPDEC has assumed the role of secretariat for three consortia. We encourage the government to enact policies respecting the opinions of the consortia, and we support the government to implement policies and promote frameworks for the secure use of information.

▲

The "g-Contents Exchange Promotion Association" is working on the development of a distribution framework for digital content containing geospatial information, referred to as "g-contents."▲

The "Consortium for the Promotion of Next-Generation Personal Services" is focused on formulating rules for processing personal information based on domestic and international standards.▲

The "Consortium for the ID Federation Trust Framework" is conducting research for how best to build trust between industry and consumers.

8

8

Promotion of information security management

With an increase in the frequency and sophistication of information security incidents such as recent cyber-attacks and information leaks, it is becoming more crucial that organizations adopt comprehensive security measures in order to protect their critical information from various aspects that cover both technical and organizational perspectives. In these situations, businesses today face an urgent need to establish management systems for information security.

■ Promoting the development of information management systemsWith the aim of securing the trust and reliability of information management systems in various industries, JIPDEC provides information to help organizations develop these systems based on International Standards such as ISO/IEC 27001 for Information Security Management Systems (ISMS) and ISO/IEC 20000 for IT Service Management Systems (ITSMS). Additionally, JIPDEC supports the promotion of those schemes relevant to respective industries, including both the ISMS conformity assessment scheme and the ITSMS conformity assessment scheme. JIPDEC also works on promoting ISMS that additionally encompasses cloud-specific information security measures by applying criteria consistent with ISO/IEC 27017 that is targeted for cloud service providers and customers in order to ensure the reliability of those services.

With the recent proliferation of general-purpose technologies and networks, it is becoming imperative to protect industrial automation and control systems that support social and industrial infrastructures from cyber-attacks. JIPDEC is also engaged in the dissemination of Control systems Security Management Systems (CSMS) including ISMS with the purpose of preventing cyber-attacks to the control systems.

■ Participation in international standardization activitiesJIPDEC participates in international standardization activities for ISMS, actively cooperating in the development and revision of the entire family of ISMS International Standards. Through these activities, JIPDEC also provides updates on international standardization trends.

Introduction of ISMS heightenedemployee awareness of information security

Percentage of respondents who answered "Yes" or "Applicable"

ISMS-AC "Survey results on the ISMS conformity sheme" (Jan 2018)

98.2％

9

9

Hosting Forums and Outreach

■ Forum on Advanced Uses of Digital InformationJIPDEC organizes the "Forum on Advanced Uses of Digital Information" where consortium members receive information on topics closely related to our business activities, international legal systems, and technology trends in the information and communication technology (ICT) field. JIPDEC also holds workshops and discussion seminars to share members’ views on timely themes like challenges and drivers for the realization of a safer digital Society.

■ Seminars and symposiums highlighting our business activitiesJIPDEC organizes seminars and symposiums presenting the themes of our business activities, and to discuss the issues and opportunities encountered by industry, academia, and government.

■An example of recent seminar themes (FY 2018)• Quality Assurance of Artificial Intelligence

• The legal systems regulating cryptocurrency

• Profiling and Privacy issues for online advertising mechanisms

• Status and prospects of research on neural-control interfaces (NCIs)

• Security measures for businesses

• Risk management for corporate governance based on ISO 31000:2018

• Business compliance with the EU GDPR

• Next Fiscal Year’s IT Related Policies of the Ministry of Economy, Trade and Industry (METI) – Government of Japan

• The age of Digital Business from the standpoint of IT Service Management Systems (ISO/IEC 20000)

• Survey results on Corporate IT Utilization Trends

■ Monthly E-mail newsletter "JIPDEC Information"JIPDEC delivers a monthly e-mail newsletter, "JIPDEC Information," which highlights our latest activities and main topics on ICT policies, industry trends, and international news.

10

10

■ The "JIPDEC IT-Report"The Japanese language "JIPDEC IT-Report" is published twice a year, in the spring and autumn. The spring issue presents the survey results of annual corporate IT utilization trends, while the autumn issue covers important themes in the field of ICT, such as international personal information protection laws.

■Details of the survey on "Corporate IT utilization trends"Profile of the respondents

□ Individual workers at companies with at least 50 employees.

□ Respondents belong to one of the following departments: information systems, corporate planning and reform, general affairs, or human resources.

□ Respondents are responsible for in-house IT strategy and/or information security.

Main contents of the questionare□ Types of security incidents experienced□ Types of security measures introduced□ Attitude towards accreditation/certification

systems□ Approach to work style reform; Questions relating

to the use of cloud technology□ Status of compliance with legal systems including

the EU GDPR

JIPDEC IT-Report　2019 Spring2019年5月31日発行（通巻第12号）発行所　一般財団法人日本情報経済社会推進協会　　　　〒106-0032 東京都港区六本木1-9-9 六本木ファーストビル12階　　　　TEL：03-5860-7555　　FAX：03-5573-0561制　作　株式会社ウィザップ禁・無断転載

一般財団法人日本情報経済社会推進協会

IT-RE

PO

RT

IT-RE

PO

RT

Contents特集「企業IT利活用動向調査2019」にみるIT化の現状 01

　１．調査概要 01

　２．経営における情報セキュリティの位置づけ 02

　３．情報セキュリティに関する認定／認証制度に対する意識 10

　４．グローバルセキュリティガバナンス 13

　５．セキュリティ製品／技術の利用動向 16

　６．働き方改革とクラウドの動向 24

　７．電子署名／電子証明書の利用状況 29

　８．総評 32

　回答者プロフィール 32

〈資料〉情報化動向（2018年10月～2019年３月） 34

2019 Spring

IT-Report2019 Spring

0％

To gain the trust ofyour business partners

Effectiveness of acquiring third-party accreditation/certification

To gain the trust of consumers

Required by your business partners(including bid requirements)

Advancing corporatesecurity measures

Compliance with laws and policies(like Japan’s Act on the Protection of Personal Information)

We do not consider their effectivenessbut only using them for reference

We do not consider theireffectiveness in any form

（N=686）

20％ 40％ 60％ 80％

59.3％

39.4％

23.2％

44.0％

38.2％

7.1％

7.0％

Corporate IT utilization trend survey 2019 (source: JIPDEC)

表4

KamiyachoStation

KamiyachoStation

Roppongi1-chomeStation

Roppongi1-chomeStation

Embassy ofSpain

Embassy ofSpain

Hotel OkuraHotel Okura

Embassy ofSweden

Embassy ofSweden

ShiroyamaTrust TowerShiroyama

Trust Tower

SengokuyamaMori Tower

SengokuyamaMori Tower

Hotel OkuraSouth WingHotel OkuraSouth Wing

Izumi GardenTower

Izumi GardenTower

Suntory HallSuntory Hall

Exit 2Exit 2

escalatorescalatorNorth Ticket GateNorth Ticket Gate

central exitcentral exit

RoppongiFirst BuildingRoppongiFirst Building

Namboku

Line

Hib

iya

Lin

e

Roppongi First Building, 9-9 Roppongi 1-chome,Minato-ku Tokyo, 106-0032 JapanPhone: +81-3-5860-7555https://www.jipdec.or.jp

2019.6

Business Prospectus