Mitani Sangyo's Data Center Outsourcing Service Receives Top AAAis Security Rating

The Japan Security Rating Organization (JaSRO) has granted the highest information security rating, "AAAis," to the outsourcing services provided by Mitani Sangyo Co., Ltd. (Headquarters: Kanazawa City, Ishikawa Prefecture). Mitani Sangyo was founded in 1928 in Kanazawa and has expanded into multiple industries and regions. Its information systems division offers cloud, hosting, housing, and data storage services. It first obtained an information security rating in April 2010, and this marks the 16th renewal review. In the latest review, the company maintained an extremely high level of management maturity and security control strength, leading to the continued AAAis rating. Additionally, during the Noto Peninsula earthquake on January 1, 2024, the Mitani Sangyo data center experienced strong shaking up to seismic intensity 5+. However, the renewal review confirmed that the rated secure services were unaffected and continued to operate stably. Company Name: Mitani Sangyo Co., Ltd. Rating Type: Information Security Rating Rating ID Code: 10000230115C2617 Rating Scope: Outsourcing Services *1 Rating Target: Safety and Security Promotion Headquarters, Confidential Service Co., Ltd. (subsidiary of Mitani Sangyo) Assumed Risk: Information Leakage Rating Code: AAAis (Triple A) *2 Rating Outlook: Stable Validity Period: June 9, 2026 to June 8, 2027 (one year from issue date) *1: Cloud, housing, hosting, operation support, and data storage services *2: AAAis is the highest rating among 17 levels. The security level required for AAAis is "extremely high risk tolerance with many excellent elements," meeting two requirements: (1) respond quickly to new threats, maintain and develop high-level management at all times; (2) monitor risks constantly and respond flexibly and promptly. Mitani Sangyo actively addresses information security, having obtained the Privacy Mark for the entire company in February 2004, as well as ISMS and ITSMS certifications for its outsourcing operations. The data center complies with FISC's "Security Standards for Computer Systems of Financial Institutions (Computer Center) July 2022" (10th edition). From a management maturity perspective, the Information Security Forum, an ISMS promotion organization for the outsourcing business, functions effectively alongside group-wide controls. Management systems, information security regulations, asset identification, risk assessment, personnel security, physical access management, access control, subcontractor (subsidiary) management, incident response, crisis management, and compliance are all managed at very high levels. On-site data center departments also strengthen information gathering, thorough communication, and video-based training for unclear manual operations to protect customer assets, ensuring reliable physical access management and IT system operations. From a security control strength perspective, within the high-standard data center, security zoning policies, boundaries, and access rights management maintain high strength. Controls for bringing in/out information equipment and confidential information, disposal processing, restrictions on external media, computer virus management, and privileged ID management also maintain high levels, with further strengthening efforts observed at the operational level. Disposal of storage media is performed in-house using dedicated tools and magnetic data erasure machines, reinforcing responses to changing external threats. Overall, management maturity demonstrates a continuous process from risk assessment to improvement, maintaining and developing high-level management. Security control strength is assessed as having measures in place against malicious external and internal parties. Mitani Sangyo has formulated countermeasures assuming natural disasters (earthquakes, typhoons, floods, snow, etc.) and regularly reviews them. It has also developed earthquake response manuals, conducted group-wide disaster drills, and created manuals for new influenza and COVID-19. These efforts align with government guidelines from METI and others to maintain IT service continuity, and facility measures comply with the Japan Data Center Council's Facility Standard. The renewal review confirmed that all rated services remained stable without earthquake impact. Three key factors contributed to this stability: Seismic strength and location: The server building, the heart of the data center, features a seismic isolation structure capable of withstanding maximum intensity 7. It is located in a hilly area of Nomi City, Ishikawa Prefecture, at an altitude of 100 meters, safe from flooding, on solid ground with excellent earthquake resistance. Thorough communication and training: Equipment inspection lists for emergencies are shared in advance, and movements are confirmed through drills. For example, twice a year, a drill is conducted to shut down the data center's power. Both power supply lines are simultaneously cut to verify correct switching to emergency power, going beyond desk exercises to simulate real conditions. Management capability: Large-scale disasters typically cause difficulties beyond normal operations. During last year's earthquake, issues such as arrival delays due to widespread traffic congestion and difficulty securing personnel due to holidays or damage became apparent. In response, management and on-site teams closely cooperated to make quick decisions, reallocate personnel, and utilize resources, maintaining continuous operation. The company continues to strengthen organizational crisis management, including securing human resources and establishing command chains. Additionally, data center users can choose renewable energy power supply to support carbon neutrality. Through previous efforts to master virtual infrastructure technology, user options have expanded, risks of sudden cost increases have been mitigated, and service continuity has improved, as confirmed by results. 〇Rating Results For the outsourcing service rating results, refer to our organization's website: http://jasro.org/client/index.html For the "IT Service Continuity and Facility Standard Third-Party Certificate" of the company, refer to: http://jasro.org/clie