Japanese firms to begin IT security rating

Published 10 April 2008

Eighteen Japanese firms announced they were creating the world’s first ratings agency looking at data security, which they said was a rising concern for companies

The new Japanese firm, called IS Rating, will be launched on 1 May
and start issuing ratings in July, both to Japanese and foreign companies and
organizations. It will give out ratings based on how they manage data,
including files containing personal information, which circulates within the
firm or is shared with third parties. IS Rating will also offer training and
edit documents to encourage security. “For businesses, it’s extremely
complicated to measure whether the internal handling of their masses of data is
appropriate,” the firms creating the new agency said in a joint statement.
Major international firms generally adhere to an international code of
technical safety standards known as ISO 27001. The statement noted, however,
that “In addition to existing norms on the security of information management
such as ISO 27001, a new scale provides a complementary tool that has been
asked for.”

Companies which are shareholders in the
new agency include electronics giant Matsushita Electric Industrial, known for
the Panasonic brand, along with computer maker Fujitsu and photocopier producer
Fuji Xerox. Other firms in the initiative include a subsidiary of electronics
maker Canon, the Nikkei business media group, the Mitsubishi Corp. trading
house, and banks Mizuho Corporate Bank and Sumitomo Mitsui Banking Corp.