Information System Security Management and Assessment Program (ISMAP)

ISMAP overview

The Information System Security Management and Assessment Program (ISMAP) is a cloud services assessment program administered by the Japanese government. The program was officially announced on 26 May 2020, and it was designed to ensure appropriate security in government cloud services procurement by evaluating and registering cloud services that meet the Japanese government security requirements. Cloud service providers who intend to participate in public sector procurement programs can apply for ISMAP certification that is administered by an independent third-party auditing firm approved by ISMAP. Japanese government agencies can then procure cloud services from cloud service providers registered with ISMAP instead of conducting their own individual assessments.

For more information about ISMAP, see the official ISMAP web site.

Microsoft and ISMAP

Microsoft cloud services have been assessed and certified under ISMAP as shown on the official ISMAP cloud services list. The assessment was conducted by an independent third-party auditing firm approved by ISMAP. Microsoft products and services provide comprehensive compliance assurances to help your organization comply with national, regional, and industry-specific requirements.

Applicability

The following Azure regions are in scope for ISMAP certification as shown on the official ISMAP cloud services list:

  • Japan East
  • Japan West
  • 40 more regions worldwide that are available to Japanese customers under contract, excluding Azure Government and Azure China regions.

Services in scope

The following Microsoft cloud services are in scope for ISMAP certification as shown on the official ISMAP cloud services list:

  • Azure, Azure DevOps, Dynamics 365, and other Microsoft online services
  • Office 365 services

Audit reports and certificates

Evidence of Microsoft ISMAP certification is available from the official ISMAP cloud services list.

Frequently asked questions

To whom does ISMAP certification apply?

ISMAP certification applies to cloud services that are available to Japanese government agencies through public sector procurement programs. ISMAP ensures appropriate security in government cloud services procurement by evaluating and registering cloud services that meet the Japanese government security requirements.

Where can I get more information on ISMAP requirements?

For more information about ISMAP, see the official ISMAP web site.

Where can I get more information about Microsoft approach to ISMAP?

For more information about Microsoft approach to ISMAP, see Microsoft approach to compliance: ISMAP (Japanese).

Resources