Information-technology Promotion Agency, Japan
IPA Overview
While there is growing concern over cyber-attacks, Japan’s small and medium-sized enterprises (SMEs) are less prepared for such threats. To help them keep up with evolving cybersecurity needs, IPA developed "Information Security Measures Guidelines for Small and Medium-sized Enterprises" in 2009 and started SECURITY ACTION program in April 2017.
The SECURITY ACTION program encourages SMEs to raise their information security awareness and commit to achieving two-tier goals of their information security readiness by implementing basic security measures. SMEs are required to join this program before applying for the IT introduction subsidy.
To qualify, a company must declare commitment to implement "Information Security 5 To-dos" as defined in the appendix to "Information Security Measures Guidelines for Small and Medium-sized Enterprises".
To qualify, a company must enhance its information security readiness by using "5-Minute Information Security Self-Assessment", which is the appendix to "Information Security Measures Guidelines for Small and Medium-sized Enterprises". The process will complete once the company establishes and publicly discloses its information security policies as key principles.
"Information Security Measures Guidelines for Small and Medium-sized Enterprises" includes "Information Security 5 To-dos" as Appendix 1 and "5-Minute Information Security Self-Assessment" as Appendix 2.
For further information, contact to:
The Information-technology Security Center, Information-technology Promotion Agency, Japan
isec-pr-cssp at ipa.go.jp
(10:00-12:00, 13:30-17:00 JST, Monday-Friday)
Aug 6, 2025
Updated explanation
Jul 31, 2025
Added "Information Security Measures Guidelines for Small and Medium-sized Enterprises"
May 14, 2025
Added "Information Security 5 To-dos" and "5-Minute Information Security Self-Assessment"