What is the SCS Evaluation System?

It is a system scheduled to be introduced by METI in 2026 to evaluate corporate security measures on a 3 to 5-star scale to strengthen supply chains.

Is there a difference in how companies respond based on their size?

Yes. Large companies aim for 4 stars, while SMEs tend to target the minimum 3 stars, reflecting differences in operational structures.

What kind of support does VLC Security provide?

They provide one-stop support to achieve the requirements for acquiring stars, centered on their assessment service 'V-Sec GC SCS Evaluation System'.

[Cybersecurity Report] Approximately 60% of Companies Consider Acquiring Stars Under the 'Security Measures Evaluation System for Strengthening Supply Chains'

Published Apr 3, 2026 6:00 PM ・ Updated Jun 2, 2026 1:01 PM ・ 17 min read ・ Source: PR TIMES

VLC Security has released a report based on a seminar survey regarding the upcoming SCS Evaluation System by METI. The survey reveals that about 60% of companies are considering acquiring stars, highlighting differences in target levels and challenges based on company size.

VLC Security Co., Ltd. (Minato-ku, Tokyo; Norihiko Ishihara, President & CEO; hereinafter referred to as 'the Company') has issued a report summarizing the current status, challenges, and consideration status from the perspectives of both orderers and contractors in the supply chain, ahead of the enforcement of the 'Security Measures Evaluation System for Strengthening Supply Chains (SCS Evaluation System)'.

### [Report Download] https://vlcsecurity.com/download/18755/

### [Background of This Report] To support the improvement of supply chain security, the Company held seminars in January and February 2026 related to the 'Security Measures Evaluation System for Strengthening Supply Chains' planned to be introduced by the Ministry of Economy, Trade and Industry (METI).

With over 700 applications across the first and second sessions, the high level of corporate interest in this system was demonstrated. Furthermore, the seminar survey revealed the current status, challenges, and consideration status from various positions in the supply chain.

The results also indicated that these trends differ depending on the size of the company. This report summarizes the contents of this seminar survey and is expected to serve as a useful reference for those considering the SCS Evaluation System to understand what companies of similar size are thinking.

*The seminars held in January and February 2026 are available for on-demand viewing. For details, please see the [Background and Overview of Seminars Held in January and February].

### [Report Excerpt: Status of Consideration for Acquiring ★ In-House] (Number of responses by number of employees: 1,000 or more / 121, 500-999 / 44, 100-499 / 99, 1-99 / 108)

● Large Enterprises (1,000 or more employees) - Consciousness of in-house acquisition is relatively high (53.8% considering it), with ★4 set as a benchmark. - On the other hand, the percentage of 'I don't know' is the highest compared to companies of other sizes.

● Mid-sized Enterprises (100-999 employees) - Over 60% (61.8% considering it) are considering acquiring ★. - While both the 500-999 and 100-499 employee tiers show high motivation to utilize the system, there are significant differences in the target ★ level. In the 500-999 employee tier, the largest percentage (18.2%) is considering acquiring ★4, while only 2.3% are considering ★3. In contrast, in the 100-499 employee tier, ★3 is the most common at 14.1%, and ★4 is at 11.1%. These results suggest a certain disparity in the practical frameworks and on-site conditions as contractors between these enterprise scales. - On the other hand, the 100-499 employee scale has the highest percentage (4.0%) considering acquiring ★5, showing a tendency that a certain number of ambitious companies actively utilize the system to differentiate themselves from competitors.

● Small and Medium-sized Enterprises (1-99 employees) - A tendency is observed to acquire ★3 to meet the minimum standards. - While awareness for acquisition is strong (56.4% considering it), the percentage of 'Will not acquire' is also the highest compared to companies of other sizes.

### [Agenda of the Report's Contents] - Status of consideration for acquiring ★ in-house - Status of consideration for requesting business partners to acquire ★ - Supply chain cybersecurity challenges faced by the company - Necessary support for cybersecurity measures - Summary

The VLC Security Group will continue to provide support and disseminate information aimed at improving the security level of the entire supply chain from the perspective of turning system compliance into a strengthening of corporate competitiveness.

In addition, we are accepting media coverage inquiries on various cybersecurity topics, including the content of this seminar, at any time, so please feel free to contact us.

### [Background and Overview of Seminars Held in January and February] The 'Security Measures Evaluation System for Strengthening Supply Chains,' scheduled for introduction in 2026, is a new system aimed at raising the baseline of security across the entire supply chain by classifying corporate measure levels into ★3, ★4, and ★5. This may also affect transaction conditions, requiring companies to implement more effective measures than ever before.

Meanwhile, the reality is becoming evident that 'certification equals safety' cannot be claimed, as ransomware damage occurs even after acquiring ISMS (ISO27001). Challenges such as the system becoming a mere formality after acquisition and an overemphasis on proactive defense extend beyond individual companies to become risks for the entire supply chain.

This seminar series presents a perspective of utilizing the new evaluation system not as a 'forced standard' but as a 'strategic tool to strengthen the organization.' The first session clarified the company's position and issues to be reviewed by organizing the differences between the system structure and ISMS. The second session systematically organized the 157 requirements, dropping them into practical measures to prevent business interruption based on the premise of unauthorized intrusion from the perspectives of 'knowing the attacker,' 'knowing your own company,' and 'reviewing risks.'

We plan to continue this as a practical seminar series to transform system compliance into strengthened competitiveness and implement 'security that does not stop business.'

In future sessions, waiting for the system details to be finalized, we will implement content that shows the direction to resolve the current status and issues seen so far based on the system details. We will notify you of the next session as soon as it is decided.

<< Archive videos of each session are now available >> Session 1: Properly understanding the new evaluation system and knowing your company's position (Centered on ★3 content) https://vlcsecurity.com/download/18022/?k3ad=pr

Session 2: Knowing but unable to protect — Security considered on the premise of unauthorized intrusion (Centered on ★4 content) https://vlcsecurity.com/download/18026/?k3ad=pr

### [Services Compliant with the Security Measures Evaluation System for Strengthening Supply Chains] Centered around the assessment service 'V-Sec GC SCS Evaluation System,' we provide one-stop support for achieving the requirements necessary to acquire ★ under the 'Security Measures Evaluation System for Strengthening Supply Chain Security.'

Reference: Press release for the Security Assessment V-Sec GC SCS Evaluation System https://vlcsecurity.com/wp-content/uploads/2026/03/2026-0325_V-Sec_GC_SCS_r13.pdf Product page for the Security Assessment V-Sec GC SCS Evaluation System https://vlcsecurity.com/service/v-sec-gc-scs

◾️ About the VLC Security Group The VLC Security Group made a fresh start on October 6, 2025, by renewing the trade names and brands of each company from the Bulk Group, further solidifying its commitment to security.

VLC Security Co., Ltd. (Formerly: Bulk Holdings Co., Ltd.) Comprehensive support for cybersecurity and information security of companies and organizations according to all kinds of issues. Management, operation, and sales support for each group company, marketing and branding for the entire group.

VLC Security Consulting Co., Ltd. (Formerly: Bulk Co., Ltd.) Consulting that leads to the visualization and resolution of cybersecurity measure issues according to industry standards such as the NIST Cybersecurity Framework (CSF) and Cybersecurity Management Guidelines, supporting the strengthening of the organization's security posture through support for new acquisition, operation, and renewal of certifications such as ISO27001, ISO27017, and PrivacyMark.

VLC Security Arena Co., Ltd. (Formerly: CyberGym Japan Co., Ltd.) Provides practical and cutting-edge cybersecurity training reflecting the latest attack methods in real-time at a dedicated facility, supporting the development of human resources capable of responding immediately on-site to sophisticated and diversifying cyber threats. * As of October 6, 2025, the head office was relocated to the following address: Edomizaka Mori Building, 4-1-40 Toranomon, Minato-ku, Tokyo

FACT BOX

Source: PR TIMES
Category: News

[Cybersecurity Report] Approximately 60% of Companies Consider Acquiring Stars Under the 'Security Measures Evaluation System for Strengthening Supply Chains'

⚡ Key Points

◾️ About the VLC Security Group The VLC Security Group made a fresh start on October 6, 2025, by renewing the trade names and brands of each company from the Bulk Group, further solidifying its commitment to security.

FACT BOX

Editorial & Verification Standards

FAQ

Cite this article — HOW TO CITE

AI CRAWLER ACTIVITY