ISMAP is a Japanese government program to assess the security of public cloud service providers (CSPs). The purpose of ISMAP is to provide a common set of security standards for CSPs to comply with as a baseline requirement for government procurement. Based on JIS Q(ISO/IEC) 27001 and 27002 on information security and JIS Q(ISO/IEC) 27017 on information security for cloud service, ISMAP introduces security requirements for the cloud domains, practices and procedures that CSPs must implement.
The Independent Administrative Agency Information-Technology Promotion Agency (IPA) provides guidance related to the implementation of controls and approves independent third-party auditors who evaluate and register CSPs and their services to ensure they meet the security requirements set by the Japanese government.
By engaging with an ISMAP-certified cloud service provider, government agencies can be assured that the CSP has implemented a robust information security program that is periodically audited.
Government departments and agencies can now accelerate their cloud transformation journey by partnering with IBM Cloud without the added burden and cost of agency-led assessments for a common set of security standards.
On March 16, 2023, IBM Cloud IaaS and PaaS registration was listed on the ISMAP website (link resides outside ibm.com) (listing is in Japanese)