What is the security measures evaluation system for strengthening supply chains? We explain when it will start and what measures should be prepared.
What is a security measures evaluation system for strengthening supply chains?
overview and purpose of the system
The "Security Measures Evaluation System for Strengthening Supply Chains (SCS Evaluation System)" is a system being developed under the leadership of the Ministry of Economy, Trade and Industry(METI) that aims to improve the overall security of supply chains by evaluating companies' security measures in stages. By evaluating and visualizing each company's security measures on a scale from "★3" to "★5," ordering companies can more easily specify the level of security measures they require from their suppliers, and receiving companies can objectively demonstrate the status of their own security measures.
Why is strengthening supply chain security necessary now?
In recent years, there has been a surge in "supply chain attacks," which don't directly target large corporations with robust security measures, but instead use smaller companies or affiliated Company with relatively weaker security measures as stepping stones to gain access. If even one company in the supply chain has insufficient security measures, there is a risk of serious damage such as data breaches and system failures spreading in a chain reaction. Therefore, it is urgent that security awareness and security measures be raised across the entire supply chain by using common standards, not just relying on the efforts of individual companies.
When will the security measures evaluation system begin? Future schedule
Trends toward "Establishing a Security Measures Evaluation System for Strengthening Supply Chains"
To establish this system, the Ministry of Economy, Industry and Industry and other organizations published an " Interim Report *1" in April 2025, and in December of the same year, they published the " Draft Policy for the Establishment of a Security Measures Evaluation System for Strengthening Supply Chains *2". As a result, the full details, such as the specific requirements for each evaluation category and the external audit mechanism, are gradually becoming clear.
Roadmap to full-scale operation at the end of fiscal year 2026
According to the published schedule, this system aims to be fully implemented around the end of fiscal year 2026. It is planned to start with the implementation of ★3 and ★4. It is important for companies to prepare early so as not to be caught off guard when the system starts.
Three evaluation levels (★3, ★4, ★5) and evaluation scheme
This system evaluates companies' countermeasures on a three-point scale: ★3, ★4, and ★5. ★1 and ★2 correspond to the self-declaration (one star and two stars) in the existing "SECURITY ACTION" program operated by IPA.
★3 (Basic): Measures that all companies should implement as a minimum.
This refers to the basic system defense measures and organizational structures that all supply chain companies should implement at a minimum level to address common cyber threats. The evaluation scheme employs a "self-assessment with expert verification" that combines self-assessment by the organization seeking certification with verification and advice from security experts.
★4 (Standard): Standard security measures to aim for
These are standard measures that companies playing a critical role in the supply chain should aim for. They require more comprehensive measures, including not only defense against initial intrusions, but also strengthened organizational governance, supplier management, and incident response. In addition to self-assessment, a "third-party assessment" by an accredited evaluation body is necessary.
★5: Advanced measures that should be aimed for as the ultimate goal.
This level assumes a response to sophisticated cyberattacks, including unknown attacks, and implements measures based on current Best Practice. Similar to ★4, a third-party evaluation is planned, but the details of the countermeasures criteria and evaluation scheme will be finalized in fiscal year 2026 or later.
What companies should prepare now in preparation for the start of the new system
Understanding the current state of the company and Settings target levels.
First, it's important to understand the publicly available draft guidelines for establishing the system and clearly define whether your company should aim for a ★3 or ★4 rating. Once the goal is set, conduct an inventory of the security measures and assets currently implemented within the company, compare the evaluation criteria of the system with your current situation, and perform a gap analysis to identify any shortcomings.
Understanding the security measures of business partners and subcontractors.
★Requirement 4 adds "supplier management" as a key focus. It strongly emphasizes strengthening the management system for suppliers and subcontractors that make up the supply chain, including understanding the security measures taken by important suppliers and identifying who shares confidential information. For the ordering party, accurately understanding and managing the status of their suppliers is essential.
To streamline complex supplier management
Issue in conducting security investigations on business partners
In order for ordering companies to understand the security measures of their business partners, they need to conduct surveys using security checklists and the like. However, in practice, surveys are often conducted using different formats for each business partner, and the receiving company (supplier) often finds it burdensome to deal with multiple questionnaires.
Furthermore, ordering companies (buyers) face Issue such as the difficulty of cross-sectionally comparing and evaluating the collected Contents , and the significant effort required for managing and compiling the collection status.
Dataseed SAQ: A platform for streamlining survey distribution and response.
The Dataseed SAQ platform, which streamlines the sending and receiving of questionnaires, can significantly reduce the burden of survey work with business partners. This platform reduces the workload for both buyers (sending, collecting, and evaluating) and suppliers (responding) when it comes to self-assessment questionnaires (SAQs) sent to business partners, enabling a highly effective SAQ process.
" Dataseed SAQ " now supports the addition of cybersecurity survey items, allowing for a unified understanding of security alongside ESG and human rights areas.
Based on the " Cybersecurity Management Guidelines Ver 3.0 " (*4) published by the Ministry of Economy, Trade and Industry, the questions can be customized according to the customer's requirements, making it possible to start security surveys of suppliers immediately after implementation, even without specialized knowledge.
In anticipation of the launch of a security measures evaluation system aimed at strengthening supply chains, companies looking to streamline their supplier management should definitely consider implementing " Dataseed SAQ ".
To suppliers
Streamlined SAQ collection and management
Dataseed SAQ
For detailed information about the entire Service or to Contact us,
Please check here .
reference
*1) Ministry of Economy, Trade and Industry, "Interim Report on the Establishment of a Security Measures Evaluation System for Strengthening Supply Chains"
https://www.meti.go.jp/press/2025/04/20250414002/20250414002.html*2) Ministry of Economy, Trade and Industry, "Draft Policy for the Establishment of a System for Evaluating Security Measures to Strengthen Supply Chains"
https://www.meti.go.jp/press/2025/12/20251226001/20251226001.html*3) Ministry of Economy, Trade and Industry, "Security Measures Evaluation System for Strengthening Supply Chains" https://www.meti.go.jp/press/2025/12/20251226001/20251226001-b.pdf
*4) Ministry of Industry, Trade and Industry, "Cybersecurity Management Guidelines Ver 3.0"
https://www.meti.go.jp/policy/netsecurity/downloadfiles/guide_v3.0.pdf
Related articles
-
What is RBA? A thorough explanation of RBA, a responsible business alliance that protects global supply chains.
-
Corruption, collusion, and lobbying—experts discuss how Japanese companies are addressing these sensitive Issue.
-
What is the security measures evaluation system for strengthening supply chains? We explain when it will start and what measures should be prepared.
-
What is "Supplier Engagement" for Responsible Procurement? Practical Issue and Approaches to SAQ Implementation
Ongoing Webinars
-
[GRI] Responding to Air and Soil Pollution and Serious Incidents – How Will Environmental Impact Disclosure Change? – Analyzing the Draft Revision of the GRI Pollution Standards with Experts –
Location: Online (Zoom) -
SAQ: Are you confident in the recipients, questions, and rationale behind your questions? – Rethinking the design and operation of supplier questionnaires.
Location: Online (Zoom)Participation fee: Free -
How to Start a Supplier Questionnaire: From the Necessity of SAQ to the Operation Cycle, a Thorough Explanation from the Basics!
Location: Online (Zoom)Participation fee: Free -
Catch up quickly during Golden Week | SSBJ Compatible Complete Catch-up (3 parts total)
Location: Online (Zoom)
-
Corruption, collusion, and lobbying—experts discuss how Japanese companies are addressing these sensitive Issue.
-
What is "Supplier Engagement" for Responsible Procurement? Practical Issue and Approaches to SAQ Implementation
-
ESG: From Ambition to Behavioral and Systemic Transformation – Insights from the New Five-Year Plan of the UN Global Compact
-
What is economic security? Strategies and practical responses that companies should take in the age of geopolitical risk
-
Practical Issues for Regional Financial Institution Considering TNFD Disclosure: Implications Gained from the Initiatives of the Bank of the Ryukyus
