Top of Page


Links to move inside this page.

  1. HOME
  2. About IIJ
  3. News / CSR
  4. Press Releases
  5. 2018
  6. IIJ Receives a SOC 2 Type 2 Report that Rates the Design Appropriateness and Operational Availability of its IIJ GIO Infrastructure P2's Internal Controls

IIJ Receives a SOC 2 Type 2 Report that Rates the Design Appropriateness and Operational Availability of its IIJ GIO Infrastructure P2's Internal Controls

IIJ is Also Examining IIJ GIO P2 Compliance with the Requirements for the US Health Insurance Portability and Accountability Act (HIPAA)

May 23, 2018

TOKYO-May 23, 2018-Internet Initiative Japan Inc. (IIJ, NASDAQ: IIJI, TSE1: 3774), one of Japan's leading Internet access and comprehensive network solutions providers, today announced that it recently received a SOC 2 Type 2 report evaluating its cloud service IIJ GIO Infrastructure P2 ("IIJ GIO P2") in terms of the design appropriateness and operational availability of its internal controls. Furthermore, IIJ examined the service's compliance with the US Health Insurance Portability and Accountability Act (HIPAA) of 1996.

Receipt of a SOC2 Type2 Report

The SOC 2 report (*) is certified by an independent auditor that looked at IIJ GIO P2's internal controls for security and availability. Along with demonstrating that IIJ provides a highly transparent cloud service to its users, this report will prove useful to IIJ's clients, as it will give them a clear understanding of the security and availability of the IIJ GIO P2 service when carrying out their internal audits.

As for IIJ GIO's compliance initiatives, in 2017, IIJ received a SOC 2 Type 1 report evaluating the design appropriateness of IIJ GIO P2's internal controls at a specific point in time. This SOC 2 Type 2 report assesses the service's design appropriateness and operational availability over a specific period of time. Additionally, in 2017, IIJ received a SOC 1 Type 2 report on its internal controls related to financial reporting.

  • (*) About SOC 2 reports
    SOC 2 reports include the opinions and evaluations of independent auditors regarding compliance with trust services principles and standards, as defined by the American Institute of Certified Public Accountants (AICPA). These reports are written based on standards of providing reasonable guarantees regarding nonfinancial reporting-related internal controls for subcontracted work. The five trust services principles and standards are security, availability, processing integrity, confidentiality, and privacy. Authors of SOC 2 reports select one or more of these principles and evaluate service compliance with them.

Review of HIPAA compliance

In anticipation of providing support for international projects (including a platform for genome data store and analysis) that meet US standards, IIJ conducted a review of the security regulation requirements for compliance with the US Health Insurance Portability and Accountability Act (HIPAA). This review confirmed that, by using IIJ's IaaS (IIJ GIO P2) and SaaS common platform (provided separately by the IIJ Health Care Business Promotion division), business entities subject to HIPAA regulations and their business partners can process, maintain, and store protected health information.

IIJ will continue to provide safe and stable cloud services that comply with international standards.

About IIJ

Founded in 1992, IIJ is one of Japan's leading Internet-access and comprehensive network solutions providers. IIJ and its group companies provide total network solutions that mainly cater to high-end corporate customers. IIJ's services include high-quality Internet connectivity services, systems integration, cloud computing services, security services and mobile services. Moreover, IIJ has built one of the largest Internet backbone networks in Japan that is connected to the United States, the United Kingdom and Asia. IIJ was listed on the U.S. NASDAQ Stock Market in 1999 and on the First Section of the Tokyo Stock Exchange in 2006.

The statements within this release contain forward-looking statements about our future plans that involve risk and uncertainty. These statements may differ materially from actual future events or results. Readers are referred to the documents furnished by Internet Initiative Japan Inc. with the SEC, specifically the most recent reports on Forms 20-F and 6-K, which identify important risk factors that could cause actual results to differ from those contained in the forward-looking statements.

For inquiries, contact

IIJ Corporate Communications

Get Adobe Acrobat Reader


End of the page.

Top of Page