Heat Utilization Sheet

System Infrastructure Non-Functional Requirements
Related Utilization Sheet
April 2013
Information-Technology Promotion Agency, Japan

Software Engineering Center
Copyright © 2010 IPA

[Usage conditions]
1. The copyright to this document is held by the Information-Technology Promotion Agency, Japan.
2. The Information-Technology Promotion Agency, Japan grants users of this document to perform copy, modification, public transmission,
translation (excluding translation into Japanese) and adaption of this document, in whole or in part, and to distribute it again to the third
party with or without charge. When the users copy and/or distribute it, they should attach "Usage conditions", this document, to it and let
recipients of copies observe the conditions described in this document. It should be stressed repeatedly that the translation into Japanese
is prohibited.
3. The Information-Technology Promotion Agency, Japan makes no guarantees of this document containing no infringements of the
copyrights, patent rights, or other intellectual property rights, such as utility model rights, of third parties, nor does it assume any
responsibility for possible errors contained herein. The Information-Technology Promotion Agency, Japan does makes no guarantees that
the content of this document conform to the regal requirements for export, technology transfer, and other national laws and regulations of
any country or region.
4. Other than the exceptions specified on this page, the Information-Technology Promotion Agency, Japan does not grant any rights nor any
license relating to copyrights, patent rights, or other intellectual property rights, such as utility model rights, of the Information-Technology
Promotion Agency, Japan or of third parties.
5. The Information-Technology Promotion Agency, Japan shall, in any case, not be held liable for damages which may result from, but not
limited to, using this document in system development, the use of the developed systems, or the inability to use said systems.
6. Please contact the Information-Technology Promotion Agency, Japan's Software Engineering Center with inquiries regarding this document.
Copyright © 2010 IPA

System Infrastructure Non-Functional Requirements Related Utilization Sheet Utilization Sheet
Important item
Level System with almost no social impact System with limited social impact System with very significant social impact
Overlapping
Impact on
operation
costs
Major Middle Minor Metric
item
No. Minor category description Notes
category category category
0 1 2 3 4 5 Selected level Selection conditions Selected level Selection conditions Selected level Selection conditions
A.1.1.1 Availability Continuity Operation Information regarding system operating hours Operating hours Not specified During business Outage only at Possible outage Possible outage Uninterrupted [Overlapping Item] 2 Outage only No businesses are done during 4 Possible Uninterrupted 24 hour operation is 5 Uninterrupted There are no time periods during
schedule and operation outage. (normal) hours night for for a brief 24 hours C.1.1.1. "Operating hours" indicates the possible level of system availability, and is an item which must be at night nighttime and thus system shutdown outage for a not necessary, but continual 24 hours which the system can be shut down.
(9:00 to 17:00) (9:00 to 21:00) approximately 1 period considered when deliberating about operability and maintainability related development costs and operation (9:00 to is possible. brief period operation to the extent as possible is
hour (9:00 to 8:55 costs. As such, it is included in both "availability" and "operability and maintainability". 21:00) (9:00 to 8:55 desired. [-] There is a regular period during
(9:00 to 8:00 the next day) [-] Business is performed during a the next day) each day when operation can be
the next day) [Metric] more limited amount of operating [-] Long periods of operation outage, shut down.
"Operating hours" refers to the time periods when the system is operational, including online and batch hours. such as not permitting access at
processing. [+] When considering uninterrupted night
24 hour operation or only short [+] Uninterrupted 24 hour operation
[Level] interruptions for reboot processing,
The times in parentheses "()" are examples for each level. They are not to be used as level selection conditions. etc.
X X "Not specified" refers to a system not having specified service hours, and is envisioned essentially for cases
where the system is shut down and started up as necessary by users (Ex: Backup systems prepared for failure
recovery, development and validation systems, etc.) "During business hours" and "Outage only at night" are
envisioned for general business usage, and the times provided as examples should be read as examples only,
and modified as appropriate for systems with different operating hours. "Possible outage" refers to time periods
where the system may possibly be shut down, not where it must be shut down. "Uninterrupted 24 hours" also
includes cases where batch processes must be executed when the system is not involved in online business,
and which therefore require that the system not be shut down.
A.1.1.2 Operating hours Not specified During business Outage only at Possible outage Possible outage Uninterrupted [Overlapping Item] 0 Not specified There are no specific days with 2 During During weekends, only backup 5 Uninterrupted There are no time periods during
(specific days) hours night for for a brief 24 hours C.1.1.2. "Operating hours" indicates the possible level of system availability, and is an item which must be operating hours that differ from business operations are performed, so the 24 hours which the system can be shut down.
(9:00 to 17:00) (9:00 to 21:00) approximately 1 period considered when deliberating about operability and maintainability related development costs and operation normal days. hours system is shut down at night.
hour (9:00 to 8:55 costs. As such, it is included in both "availability" and "operability and maintainability". (9:00 to [-] There are regularly scheduled
(9:00 to 8:00 the next day) [+] There are specific days with 17:00) [-] There are no weekend backups or days when operation is stopped.
the next day) [Metric] operating hours that differ from batch processing, etc, and operation
"Specific days" refer to weekends, holidays, the end/start of months, and other days whose schedule is defined normal days, such as backup is stopped on weekends/holidays.
X X as differing from the normal operation schedule. If there are multiple specific days, their level values must be operations performed on [+] The system is used for business
made consistent (Ex: "Monday to Friday is level 2, but Saturday and Sunday are level 0," "Normally, the level is weekends/holidays. by employees who come in on
5, but the system is rebooted on the first of each month, so on that day, the level is 3"). weekends/holidays, so the system
In addition to user holidays, vendor holidays must also be recognized as specific days, and an operation and operates on weekends/holidays as
maintenance structure, etc. must be established accordingly. well.
A.1.1.3 Existence of Possible planned Possible planned No planned [Overlapping Item] 0 Possible System shutdown is possible if 1 Possible Uninterrupted 24 hour operation is 2 No planned There are no time periods during
planned system system shutdown system system C.2.1.1. "Existence of planned system shutdown" indicates the possible level of system availability, and is an planned consensus is gained in advance. planned not necessary. There are hours system which the system can be shut down.
shutdown (operation shutdown shutdown item which must be considered when deliberating about operability and maintainability related development costs system system during which outage is possible, and shutdown
schedule can be (operation and operation costs. As such, it is included in both "availability" and "operability and maintainability". shutdown [+] When it is sufficient with only shutdown planned outages are possible. [-] There are times within the
changed) schedule cannot (operation outages during non-operating hours (operation operation schedule during which
be changed) [Impact on Operation Costs] schedule can schedule [-] There are no times within the outages are possible, and there is a
X X X When there are planned system shutdown, operational costs may increase due to pre-shutdown backups and be changed) cannot be operation schedule during which need for planned system shutdowns.
the preparation of procedures in accordance with the system configuration. changed) outages are possible, but outages
possible if coordinated in advance.
[+] When uninterrupted 24 hour
operation is required
A.1.2.1 Business Business scope and conditions required to Affected business Internal batch Internal online All internal External batch External online All businesses [Metric] 2 All internal The primary businesses handled by 3 External batch The primary businesses handled by 4 External The primary businesses handled by
continuity ensure availability scope related businesses businesses related businesses The "affected business scope" here refers to the scope which is used for uptime ratio calculation. businesses the system are internal businesses, related the system are external batch online the system are real-time processing
businesses businesses and one of the system operation businesses processing businesses, and one of businesses with external entities, and one of the
[Level] conditions is that all internal the system operation conditions is conditions of system operation is that
"Internal" refers to closed (business) processing within the system. "External" refers to (business) processing businesses are operational. that all internal businesses and external online businesses are
which requires coordination with other systems. external batch processing operational.
[+] There are also externally provided businesses are operational.
X businesses, which are considered [-] Real-time processing with external
essential. [-] There are no externally provided entities is not required for business
businesses. continuity.
[+] Real-time processing with
external entities is required for
business continuity.
A.1.2.2 Service 24 hours or Less than 24 Less than 2 Less than 60 Less than 10 Less than 60 [Metric] 1 Less than 24 There is no business provided to 3 Less than 60 There are online businesses with 5 Less than 60 The system must provide real-time
switchover time longer hours hours minutes minutes seconds "Service switchover time" refers to the amount of time necessary for a system which has suffered a possible hours external entities, and a down time of minutes external entities, but interruptions of seconds response, so instant recovery from
failure (such as temporary business interruption due to hardware failures, etc.) to resume business by taking approximately 1 day is acceptable. several dozen minutes are system outages is required.
response measures (for example, performing server switchover in a clustered system). acceptable.
[-] Failure countermeasures are not [-] Business interruption of up to 1
[Impact on Operation Costs] necessary. [+] Service switchover has an impact hour is acceptable.
X X The longer the permitted interruption time, the ratio of manual response as recovery measures will be greater [+] Service switchover has an impact. on the online businesses. (Consider
than automatic system response measure implementation, impacting operation costs. (Consider the amount of time that the amount of time that interruption is
interruption is acceptable based on acceptable based on the impact.)
the impact.)
A.1.2.3 Required level of Business Business Business is [Metric] 1 Business Matched to the acceptable business 2 Business is Matched to the acceptable business 2 Business is Continuation of business is
business interruption is interruption is not continued within The "required level of business continuity" is the criteria indicating the extent to which business must be interruption is interruption time when a system continued interruption time when a system continued presumed even in the event of a
continuity accepted when a accepted when a service continued in the event of a failure. not accepted failure occurs. within service failure occurs. within service double failure.
system failure single failure switchover time The equipment and components that make up systems have many single points of failure (SPOF), resulting in when a single switchover switchover
occurs occurs; restrictions even many risks of system outage. This requirement based on whether these SPOF are tolerated, or the extent to failure occurs; [-] With the risks in mind, business time [-] With the risks in mind, business time
processing is in the event of which continuity is ensured through redundancy measures, etc. processing is outage due to failure occurrence is restrictions outage due to double failure is restrictions
X continued double failures continued acceptable. even in the acceptable. even in the
[+] Business outages due to double event of event of
failures must be prevented, even if double double
resulting in increased cost. failures failures
A.1.3.1 Recovery Objectives for what should be recovered, to Recovery point Recovery not Up until 5 Up until 1 Up until the [Metric] 1 Up until 5 Some degree of data loss is 3 Up until the Since data loss is not acceptable, the 3 Up until the Since data loss is not acceptable, the
objective which point, within how much time when a objective (RPO) necessary business days business day point at which When an RLO specifies business recovery, applicable business data recovery is included in the scope, and business acceptable, and restoration shall be point at which system, in principle, must be point at which system, in principle, must be
(When business failure results in business outage. prior to outage prior to outage failure occurred business resumption consistency confirmation will be required separately. days prior to performed from weekly backups. failure recovered to the point at which the failure recovered to the point at which the
outage occurs) (Recovery from (Recovery from (Recovery from outage occurred failure occurred. occurred failure occurred.
weekly backup) daily backup) daily backup + [Level 3] (Recovery [-] Data is not retained, and recovery (Recovery (Recovery
archive) The "point at which failure occurred" refers to the point immediately after the last transaction which was from weekly is not necessary. from daily [-] Some degree of data loss is from daily
X processed just before the failure. Recovery to the point at which the failure occurred assumes that the backup) [+] The effect of data loss is backup + acceptable. (Level shall be selected backup +
transaction journal up to the point of failure is guaranteed. It also assumes that journals are archived, making it excessive unless restoration from archive) based on data (daily, weekly) to be archive)
possible to restore the system to any desired point up to the point at which the failure occurred. daily backups is performed. recovered.)
A.1.3.2 Recovery time 1 business day or Within 1 Within 12 hours Within 6 hours Within 2 hours [Metric] 1 Within 1 Determine based on system scale, 2 Within 12 Determine based on system scale, 4 Within 2 hours Recover as soon as possible.
objective (RTO) more business day The RTO recovery time differs from the recovery time of the service switchover time (A.1.2.2), indicating the business day taking the recovery point objective hours taking the recovery point objective
duration time to recover when business continuity measures are not implemented (resulting in a business into consideration. into consideration.
outage).
X When an RLO specifies business recovery, applicable business data recovery is included in the scope, and [-] The impact of business outage is [-] The impact of business outage is
business resumption consistency confirmation will be required separately. small. small.
[+] The impact of business outage is [+] The impact of business outage is
large. large.
A.1.3.3 Recovery level System recovery Specific All businesses [Metric] 1 Specific Only primary businesses require 2 All businesses There will be an impact unless all 2 All businesses There will be an impact unless all
objective (RLO) businesses only This level indicates what should be recovered when a failure results in business outage. businesses recovery. businesses are functional. businesses are functional.
only
[Level 0] [+] When impact cannot be [-] Impact can be separated from [-] Impact can be separated from
System recovery includes not only hardware recovery, but data restoration as well. separated from individual businesses some businesses. some businesses.
X
[Level 1]
"Specific businesses" refers to, for example, business whose continuity is required as specified in A.1.2.1
"Affected business scope."
1 /22 Copyright © 2010 IPA

Important item
Overlapping
Impact on
operation
costs
item
A.1.4.1 Recovery This metric is the target recovery time in the System Resumption not Resumption Resumption Resumption Resumption Resumption [Metric] 1 Resumption Some degree of data loss is 3 Resumption In the event of large-scale disasters, 4 Resumption Taking restoration of lifelines into
objective event of a large-scale disaster. resumption necessary within several within 1 month within 1 week within 3 days within 1 day For large-scale disasters, specific requirements such as RPO, RTO, and RLO are not defined; instead, a general within several acceptable, and restoration shall be within 1 week resume business by recovery from within 3 days consideration, make efforts of system
(In event of large- Large-scale disasters refer to damage objective months resumption time is set as a system resumption objective. Regarding the recovery level objective (RLO), refer to months performed from weekly backups. retained data. recovery to the maximum extent
scale disaster) caused by fires and natural hazards such as "Recovery objective (When business outage occurs)". possible.
earthquakes, as well as man-made damage [-] Data is not retained, and recovery [-] Procurement of replacement
that are accidental or intentional, which is not necessary. equipment and preparation of [+] There are safety requirements,
X
cause extensive damage to the system, or [+] The impact of business outage is recovery organization takes time. such as possible loss of life or
make it difficult to recover the system large. [+] Impact of business outage is extreme financial losses.
because lifelines such as power are large, and prompt recovery using DR
interrupted. sites is necessary.
A.1.5.1 Uptime ratio Percentage of time that the system can Uptime ratio Less than 95% 95% 99% 99.9% 99.99% 99.999% [Level] 2 99% Downtime of several hours per year 4 99.99% Downtime of approximately 1 hour 5 99.999% Downtime of only several minutes
provide the requested service under specified For 24/365 operation, annual business outage totals are shown below for each level. is acceptable. per year is acceptable. per year is acceptable.
usage conditions. 95% ..... 18.3 days
"Specified usage conditions" refers to the 99% ..... 87.6 hours Use the operating hours for the
system's operation schedule and conditions 99.9% ..... 8.76 hours uptime ratio examples in the Notes
under which business defined by the 99.99% ..... 52.6 minutes column as a reference when
recovery objective are carried out. The 99.999% ..... 5.26 minutes determining the uptime ratio.
uptime ratio is determined from the amount of X
time service is interrupted during the For a system which operates 8 hours a day, 5 days a week, the relationship between service switchover time and
operating hours. uptime ratio is as shown below.
1 hour per week ..... 97.5%
1 hour per month ..... 99.4%
1 hour per year ..... 99.95%
A.2.1.1 Fault tolerance Server Requirements to maintain the requested Redundancy Non-redundant Redundant Redundant [Metric]
service when a failure occurs on a server. (equipment) design design for design for all Equipment and components in "Redundancy" indicate the units of redundancy. Equipment redundancy refers to
specific servers servers providing multiple units of equipment; component redundancy refers to providing multiple components which
make up a unit (disks, power supplies, fans, network cards, etc.).
By applying virtualization technologies, multiple server functions can be aggregated in a single piece of
hardware, resulting in a decreased amount of hardware necessary for redundancy. Either way, equipment
redundancy must be considered in order to fulfill hardware business continuity requirements.
[Level 1]
"Redundant design for specific servers" refers to using different redundancy approaches for different types of
servers which are used in a system (DB servers, AP servers, monitoring servers, etc.).
When requirements are not for individual servers, but redundancy for business or functions, set levels based on
the servers which is assumed will handle these business or functions.
A.2.1.2 Redundancy Non-redundant Redundant Redundant [Level 1]

(components) design design for design for all This assumes redundancy for the components which make up a server (internal disks, power supplies, fans, etc.)
specific components as needed (for example, mirroring of internal disks, dual network interface cards, etc.).
components only
A.2.2.1 Terminal Requirements to maintain the requested Redundancy Non-redundant Installation of Installation of
service when a failure occurs on a terminal. (equipment) design shared backup backup terminals
terminals for individual
business and
purposes

(components) design design for design for all This assumes redundancy for the components which make up a terminal (internal disks, power supplies, fans,
specific components etc.) as needed (for example, RAID configuration of internal disks, etc.).
components only
A.2.3.1 Networking Requirements to maintain the requested Redundancy Non-redundant Redundant Redundant [Level 1]
equipment service when a failure occurs on equipment, (equipment) design design for design for all "Specific equipment only" assumes switches, routers, and other network equipment which accommodate servers
such as routers or switches, which make up a specific equipment with redundancy provided.
network. equipment only

(components) design design for design for all This assumes redundancy for components which make up networking equipment, such as power supplies,
specific components CPUs, fans, etc., as needed.
components only
A.2.4.1 Network Requirements for improving network Line redundancy No redundancy Partial Full redundancy [Metric]
reliability. redundancy "Line redundancy" refers to providing multiple physical transmission routes (LAN cables, etc.) which make up a
network, such that if a failure occurs on one transmission route, transmission is possible through an alternate
transmission route.
[Level 1]
"Partial redundancy" assumes situations such as redundant design for backbone networks only, or segments
which carry business data, etc.
A.2.4.2 Route No redundancy Partial Full redundancy [Metric]

redundancy redundancy "Route redundancy" is the setting of multiple data flow sequences (sequences of routers being traversed) among
segments which transmit or receive data within the network, such that if a segment experiences a failure, data
can be rerouted to an alternate path, and transmission maintained.
[Level 1]
"Partial redundancy" assumes situations such as redundant design for backbone networks only, or segments
which carry business data, etc.
A.2.4.3 Network No segmentation Segmentation for Segmentation by [Level 2]

segmentation individual sub- purpose "Purpose" refers to administrative purposes such as monitoring and backups, as well as individual business
systems purposes, such as online or batch processing.
It assumes that segmentation is performed for individual sub-systems, and then further by individual purposes.
A.2.5.1 Storage Requirements to maintain the requested Redundancy Non-redundant Redundant Redundant [Metric]
service when a failure occurs on an external (equipment) design design for design for all Includes NAS and iSCSI devices.
storage device, such as a disk array. specific equipment However, as NAS and iSCSI are connected via LAN or other networks, NAS, iSCSI, and other similar connection
equipment only environment fault tolerance measures are included in minor category A.2.4 "Network."
[Level 1]
"Specific equipment only" assumes that fault tolerance requirements will vary from device to device based on the
importance of the data stored on the storage device.

(components) design design for design for all Assumes redundant design for storage device components other than disks (CPUs, power supplies, fans,
specific components interfaces, etc.) as needed.
components only
A.2.5.3 Redundancy Non-redundant Redundancy with Redundancy with [Level 2]

(disks) design RAID5 RAID1 Consider combining with RAID0 in order to satisfy performance requirements.
A.2.6.1 Data Approach to data protection. Backup method No backups Offline backups Online backups Offline backups [Overlapping Item]
+ online C.1.2.7. Backup methods must be taken into consideration during backup operation design, and are an
backups overlapping item shared with "Operability and maintainability."
X [Level]
Offline backups refer to backups performed after shutting down systems (in whole or in part), while online
backups refer to backups performed without shutting down systems.

Data Approach to data protection. System Infrastructure Non-Functional Requirements Related Utilization Sheet Utilization Sheet
Important item
Overlapping
Impact on
operation
costs
item
A.2.6.2 Data recovery Recovery not Recover Recover all [Overlapping Item]
scope necessary necessary data system data C.1.2.1. This is an overlapping item, as it is necessary for availability from the perspective of to what degree to
only maintain data, and for operation from the perspective of up to what point data must be recovered.
X
[Level 1]
"Necessary data" refers to the data necessary to satisfy business continuity requirements.
A.2.6.3 Data integrity No error Error detection Error detection & Data integrity [Metric]
detection only retry guaranteed Physical level guarantee that operations can be correctly carried out on data, that resulting quality levels are
(Error detection sufficient, and that changes to data can be detected, etc.
& correction)
[Level]
Implementation includes detection by products and business applications.
A.3.1.1 Disaster System Requirements necessary to maintain Recovery policy No recovery System System System with System with [Metric]
countermeasure business continuity in the event of a large- rebuilding with rebuilding with limited same This item specifies what and where replacement equipment is necessary in the event of a large-scale disaster.
s scale disaster such as an earthquake, flood, limited same configuration configuration
terrorist attack, fire, etc. configuration configuration built at DR built at DR [Level]
(Disaster (Disaster The "limited configuration" in levels 1 and 3 refer to system configurations necessary depending on recovery
Recovery) site Recovery) site objectives (for example, omitting redundant configuration, etc.).
The "same configuration" in levels 2 and 4 refer to the necessity for system configurations identical with the
production environment in order to maintain the same service levels after recovery as were offered before.
When the "system rebuilding" mentioned in levels 1 and 2 is selected, rebuilding after a disaster should not be
thought of as the contract scope, but this item should be considered as a requirement regarding the system
rebuilding policy, including using the facilities of the site affected by the disaster, as well as shared centers.
On the other hand, the "built at DR site" of levels 3 and 4 includes the construction of recovery systems in
specified DR sites.
A.3.2.1 Externally Requirements concerning archival of data Level of storage No external 1 location 1 location 2 locations
archived data and programs in sites separate from decentralization archival (Remote (Remote
operation sites in preparation for the location) locations)
eventuality of damage due to a large-scale
disaster such as an earthquake, flood,
A.3.2.2 Archival method Archival on media Backup on Remote backup
terrorist attack, fire, etc.
separate storage to DR site
within same site
A.3.3.1 Ancillary facilities Requirements for system ancillary facilities in Disaster Countermeasure Specific All conceivable [Metric]
response to disasters. countermeasure s not countermeasure countermeasure Some disaster countermeasure requirements are specified for ancillary facilities in "System environment and
scope implemented s implemented s implemented ecology" F.4.1.1 "Earthquake resistance intensity" and F.4.4.4 "Power loss countermeasures."
[Level]
The following are examples of envisioned disaster countermeasures.
• Aseismic measures
• Power loss countermeasures
• Fire prevention measures
• Electric leak countermeasures
• Lightning countermeasures
• Flooding countermeasures
• Electric and magnetic field countermeasures
A.4.1.1 Recoverability Recovery This level covers work needed for recovery Recovery Recovery not Manual recovery Recovery using Recovery using [Overlapping Item]
operations operations in the event of a failure resulting in operations necessary without using recovery recovery C.3.1.1. Recovery operations are included in "Availability" and "Operability and maintainability" as well. In
a business outage. recovery products products + "Operability and maintainability," this is discussed from the perspective of effect on recovery objective operations,
products business while "Availability" looks at the methods used to implement it.
applications
[Level]
The use of in-house created tools is included in manual recovery.
X "Recovery products" refer to products for performing backups / recovery. When performing recovery using a
recovery product, in some cases, the extent to which recovery is automated (automatic recovery function
sufficiency rate, etc.) may be defined, but as the choice to use or not use recovery products results in significant
differences, "Availability" level consideration is based on whether or not recovery products are used.
A.4.1.2 Alternative None Alternative Alternative [Overlapping Item]

business business business C.3.1.2. Recovery operations are included in "Availability" and "Operability and maintainability" as well. In
operation scope operation operation "Operability and maintainability," this is discussed from the perspective of effect on recovery objective operations,
required for required for all while "Availability" looks at the methods used to implement it.
some businesses
X
businesses [Metric]
"Alternative business operation" refers to methods of alternative business (operation by alternate equipment or
manual operation) which can be used when a system failure makes recovery impossible.
A.4.2.1 Availability Scope of confirmation of availability Confirmation Not performed, or Failures which Some failures All failures [Level] 1 Failures Even when failures which cause 2 Some failures Countermeasures for failures which 3 All failures The impact of business outage is
confirmation requirements. scope up to simple permit business which result in which result in Level 2 and 3 confirmation scopes include contents defined in level 1. which permit business outage occur, recovery which result in cause business outage must be which result in extremely large, and confirmation is
failures to be continued business business business to methods are clear, and there is no business confirmed, but it is possible to limit business required in advance for all possible
interruption interruption be continued need for confirmation. interruption confirmation for high risk failures and interruption failures.
specific types of failures.
[-] Failure countermeasures are not [-] The impact to the system can be
considered. [-] It can be judged that the impact of limited based on failure types and
[+] When failures which cause failures which cause business risks.
X business outage occur, restoration outages is extremely small.
methods must be confirmed in [+] Confirmation is needed to the
advance maximum extent possible, without
consideration to failure types or risks.
B.1.1.1 Performance Business Business volume Volume of business which have an effect on Number of users Specific users Upper limit is Used by [Overlapping Item] 0 Specific users This assumes cases where users 1 Upper limit is This assumes cases where an upper 2 Used by This assumes cases where the
and scalability processing during normal performance and scalability. only fixed unspecified F.2.1.1. The "number of users" is essential for deciding performance and scalability, as well as an item for only can be identified since the use is fixed limit is specified. unspecified general public will access the
volume operation Consensus is to be based on envisioned number of users specifying the system environment, so this item is included in both "Performance and scalability" and "System within a department or an number of system.
system operation. environment and ecology". organization. [-] Consensus has been reached that users
Instead of selecting a single value for each X X only specific users will use the [-] It is possible to specify an upper
metric, intended system operation hours, [Level] [+] When users cannot be identified system. limit.
seasonal factors, and the like must also be Even if the numerical value for this prerequisite cannot be precisely determined, it is important that at least a
considered. tentative value, based on similar systems, etc., should be decided on.
B.1.1.2 Number of Access limited to Limited number Access by [Metric] 0 Access Assume based on registered users. 1 Limited Confirm what kind of peak model is 2 Access by Confirm what kind of peak model is
simultaneous specified users of simultaneous unspecified The "number of simultaneous users" refers to the number of users who access the system at any given point. limited to number of envisioned for the system. unspecified envisioned for the system.
X users only users number of users specified simultaneous number of
users only users users
B.1.1.3 Data volume Total data volume Only primary [Level 1] 0 Total data Must be clarified when establishing 0 Total data Must be clarified when establishing 0 Total data Must be clarified when establishing
is clear data volume is "Primary data volume" refers to the data that makes up the majority of the data stored by the system. volume is requirements definitions. volume is requirements definitions. volume is requirements definitions.
clear For example, master tables and temporary storage of main transaction data. clear clear clear
X When only the volume of primary data has been determined, there is a risk of a need to add disks to handle data [+] The total data volume has not [+] The total data volume has not [+] The total data volume has not
which has not been considered. been assessed. been assessed. been assessed.

seasonal factors, and the like must also be
considered.
Important item
Overlapping
Impact on
operation
costs
item
B.1.1.4 Number of online Number of Number of [Metric] 0 Number of Must be clarified when establishing 0 Number of Must be clarified when establishing 0 Number of Must be clarified when establishing
requests requests is clear requests is clear The number of online requests is confirmed, clearly specifying the unit time involved. requests is requirements definitions. requests is requirements definitions. requests is requirements definitions.
for each process for primary clear for each clear for each clear for each
processes only [Level 1] process [+] The total number of online process [+] The total number of online process [+] The total number of online
"Primary processes" refer to the online requests received by the system that make up the majority of received requests has not been assessed. requests has not been assessed. requests has not been assessed.
X requests.
For example, resident information system move-in / move-out processing, Internet shopping system transaction
processing, etc.
When only the number of requests for primary processes has been determined, there is a risk of insufficient
server capabilities due to processes which have not been considered.
B.1.1.5 Number of batch Number of Number of [Metric] 0 Number of Must be clarified when establishing 0 Number of Must be clarified when establishing 0 Number of Must be clarified when establishing
processes processes is processes is The number of batch processes shall be confirmed, clearly specifying the unit time involved. When defining processes is requirements definitions. processes is requirements definitions. processes is requirements definitions.
defined for defined for requirements, an estimated number of primary processes (especially processes critical for the server) should defined for defined for defined for
individual primary have been decided on, and performance and scalability shall be considered based on this estimate. If this individual [+] The total number of batch individual [+] The total number of batch individual [+] The total number of batch
processing units processes number has not been clearly specified when defining requirements, assumed values, including the degree to processing processes has not been assessed. processing processes has not been assessed. processing processes has not been assessed.
which they are decided, should be used. units units units
X [Level 1]
"Primary processes" refer to the batch processes which take up the majority of the system's processing time.
For example, monthly aggregation processing of a personnel payroll processing system or billing system.
When only the number of primary batch processes has been determined, there is a risk of insufficient server
capabilities due to processes which have not been considered.
B.1.1.6 Number of Business A list of There is a list of [Metric]

business functions are confirmed business When defining requirements, even if there are differences in levels, a business function list should have be
functions organized business functions, but decided on, and performance and scalability shall be considered based on this. If this number has not been
functions has have yet to be clearly specified when defining requirements, assumed values, including the degree to which they are decided,
been created confirmed should be used.
B.1.2.1 Business volume Ratio, over the course of the system's Expansion rate of 1-fold 1.2-fold 1.5-fold 2-fold 3-fold 10-fold or [Level] 0 1-fold Confirm the user registration / 1 1.2-fold Confirm the user registration / 1 1.2-fold Confirm the user registration /
expansion lifecycle, from system operation inception to number of users greater The multiplication factor shown for each level is a rough estimate; consensus regarding specific figures is deletion cycles, etc. Also, confirm deletion cycles, etc. Also, confirm deletion cycles, etc. Also, confirm
retirement, between the volume of business necessary. future outlook. future outlook. future outlook.
at the system's launch and its peak.
Comparisons between start date average X [+] The number of users is expected [-] The number of users is fixed. [-] The number of users is fixed.
values and later steady state figures can also to increase. [+] The number of users is expected [+] The number of users is expected
be used as needed. to increase. to increase.
B.1.2.2 Expansion rate of 1-fold 1.2-fold 1.5-fold 2-fold 3-fold 10-fold or [Level] 0 1-fold Confirm how it is believed the system 1 1.2-fold Confirm how it is believed the system 1 1.2-fold Confirm how it is believed the system
number of greater The multiplication factor shown for each level is a rough estimate; consensus regarding specific figures is peak model will change due to an peak model will change due to an peak model will change due to an
simultaneous necessary. increase in the number of users. increase in the number of users. increase in the number of users.
users
[+] The number of users is expected [-] The number of users is fixed, or an [-] The number of users is fixed, or an
X to increase. increase in the number of users is increase in the number of users is
not linked with an increase in the not linked with an increase in the
number of accessing users. number of accessing users.
[+] The number of users is expected [+] The number of users is expected
to increase. to increase.
B.1.2.3 Expansion rate of 1-fold 1.2-fold 1.5-fold 2-fold 3-fold 10-fold or [Level] 0 1-fold Confirm how much the volume of 1 1.2-fold Confirm how much the volume of 1 1.2-fold Confirm how much the volume of
data volume greater The multiplication factor shown for each level is a rough estimate; consensus regarding specific figures is data handled by the system will data handled by the system will data handled by the system will
necessary. increase in accordance with increase in accordance with business increase in accordance with business
business trends. trends. trends.
X [+] Phased operation and master [-] Gateway systems which do not [-] Gateway systems which do not
data storage systems store data store data
[+] Phased operation and master [+] Phased operation and master
data storage systems data storage systems
B.1.2.4 Expansion rate of 1-fold 1.2-fold 1.5-fold 2-fold 3-fold 10-fold or [Metric] 0 1-fold Confirm the estimated number of 1 1.2-fold Confirm the estimated number of 1 1.2-fold Confirm the estimated number of
number of online greater The number of online requests shall be confirmed, clearly specifying the unit time involved. requests that will be the system limit. requests that will be the system limit. requests that will be the system limit.
requests
X [Level]
The multiplication factor shown for each level is a rough estimate; consensus regarding specific figures is
necessary.
B.1.2.5 Expansion rate of 1-fold 1.2-fold 1.5-fold 2-fold 3-fold 10-fold or [Metric] 0 1-fold Confirm the number of processes 1 1.2-fold Confirm the number of processes 1 1.2-fold Confirm the number of processes
number of batch greater The number of batch processes shall be confirmed, clearly specifying the unit time involved. that will be the system limit. that will be the system limit. that will be the system limit.
processes
X [Level]
The multiplication factor shown for each level is a rough estimate; consensus regarding specific figures is
necessary.
B.1.2.6 Expansion rate of 1-fold 1.2-fold 1.5-fold 2-fold 3-fold 10-fold or [Level]
number of greater When evaluating the expansion rate of the number of business functions, it is advisable to indicate function
business granularity (estimated scale and service range of each function, etc.) with concrete numbers.
functions The multiplication factor shown for each level is a rough estimate; consensus regarding specific figures is
necessary.
B.1.3.1 Retention period Period for which data used by the system Retention period 6 months 1 year 3 years 5 years 10 years or Permanent [Level] 1 1 year Assumes yearly update of data. 3 5 years Assumes a retention period defined 4 10 years or Assumes a retention period defined
infrastructure, such as OS or middleware longer retention When there is multiple data that must be retained, and the retention periods vary, decision must be made for by taxation systems, etc. longer by external requirements etc.
logs, must be retained. each type of data involved. [-] There is almost no archived data. guaranteed to end users.
Can be specified, as needed, for individual [+] There is sufficient disk capacity. [-] The period required for lookups is
data types. X [Level 0] limited, and data can be transferred [-] The period required for lookups is
When selecting data to be retained, the Use 6 months when data retention period restrictions are short. to backup media. limited, and data can be transferred
scope of the target data must also be [+] There is sufficient disk capacity. to backup media.
defined. [+] There is sufficient disk capacity.
B.1.3.2 Scope Online viewable Includes archives [Metric]

scope Decide on a location to store the data to be retained. Data lookup may be difficult depending on where the data
is stored. Consideration must also be paid to backup methods.
B.2.1.1 Performance Online response Response required during online system Adherence rate No defined 60% 80% 90% 95% 99% or greater [Level] 0 No defined The transaction volume is low. 3 90% Within the managed processes, it is 5 99% or Within the managed processes, it is
objective utilization. of response adherence rate When there are specific targets and promised values, specify adherence rates for each process. adherence Alternatively, if it is high, it is possible acceptable if 90% of transactions greater acceptable if 99% of transactions
Confirm what level of response is necessary during normal The adherence rate shown for each level is a rough estimate; consensus must be reached regarding concrete rate to apply usage restrictions on users. during normal operation achieve the during normal operation achieve the
based on the business to be handled by the operation response and adherence rate figures. established target. established target.
system. Take into account of peak [+] Performance drops result in
characteristics and operation during failure, system evaluation degradation. [-] As long as processing is [-] As long as processing is
and establish adherence rates for normal completed, it is acceptable even if is completed, it is acceptable even if is
operation, peak times, and degraded X slow. Or there are alternative slow. Or there are alternative
operation. It is advisable to decide on specific methods. methods.
numbers for specific functions and systems. [+] Performance drops result in
(Ex: Web system search/update/viewing system evaluation degradation.
related, etc.)
B.2.1.2 Adherence rate No defined 60% 80% 90% 95% 99% or greater [Level] 0 No defined The transaction volume is low. 2 80% Within the managed processes, it is 4 95% Within the managed processes, it is
of response adherence rate When there are specific targets and promised values, specify adherence rates for each process. adherence Alternatively, if it is high, it is possible acceptable if 80% of transactions acceptable if 95% of transactions
during peak times The adherence rate shown for each level is a rough estimate; consensus must be reached regarding concrete rate to apply usage restrictions on users. during peak operation achieve the during peak operation achieve the
response and adherence rate figures. established target. established target.
[+] Performance drops result in
system evaluation degradation. [-] As long as processing is [-] As long as processing is
completed, it is acceptable even if is completed, it is acceptable even if is
X slow. Or there are alternative slow. Or there are alternative
methods. methods.
[+] Performance drops result in [+] Performance drops result in
system evaluation degradation. system evaluation degradation.

Important item
Overlapping
Impact on
operation
costs
item
B.2.1.3 Adherence rate No degraded 60% 80% 90% 95% 99% or greater [Level]
of response operation When there are specific targets and promised values, specify adherence rates for each process.
during degraded The adherence rate shown for each level is a rough estimate; consensus must be reached regarding concrete
operation response and adherence rate figures.
B.2.2.1 Batch response Response required during batch system Degree of No defined Within specified Sufficient [Level 1] 0 No defined There is a comparatively small 2 Sufficient Within the managed processes, it is 2 Sufficient Within the managed processes, it is
(turnaround time) utilization. response degree of time capacity is The "specified time" does not include re-execution. degree of amount of data, so there are no rules capacity is acceptable if batch processes during capacity is acceptable if batch processes during
Confirm what level of response (turnaround adherence during adherence reserved to adherence related to batch response order. reserved to normal operation are executed, and, reserved to normal operation are executed, and,
time) is necessary based on the business to normal operation perform re- perform re- if invalid results are produced, there perform re- if invalid results are produced, there
be handled by the system. It is advisable to execution execution is sufficient capacity for re-execution. execution is sufficient capacity for re-execution.
take into account peak characteristics and
operation during failure, decide on adherence X [-] Re-execution is not performed, or [-] Re-execution is not performed, or
rates for normal operation, peak times, and there are alternative methods. there are alternative methods.
degraded operation, and establish specific
figures for individual functions and systems.
(Ex: Daily processes / monthly processes /
yearly processes, etc.)
B.2.2.2 Degree of No defined Within specified Sufficient [Level 1] 0 No defined There is a comparatively small 2 Sufficient Within the managed processes, it is 2 Sufficient Within the managed processes, it is
response degree of time capacity is The "specified time" does not include re-execution. degree of amount of data, so there are no rules capacity is acceptable if batch processes during capacity is acceptable if batch processes during
adherence during adherence reserved to adherence related to batch response order. reserved to peak operation are executed, and, if reserved to peak operation are executed, and, if
peak times perform re- perform re- invalid results are produced, there is perform re- invalid results are produced, there is
execution execution sufficient capacity for re-execution. execution sufficient capacity for re-execution.
If there is no sufficient capacity at If there is no sufficient capacity at
peak times, deployment of additional peak times, deployment of additional
servers, or division of processing servers, or division of processing
must be considered. must be considered.
X
[-] Re-execution is not performed, or [-] Re-execution is not performed, or
there are alternative methods. there are alternative methods.
B.2.2.3 Degree of No degraded Within specified Sufficient [Level 1]

response operation time capacity is The "specified time" does not include re-execution.
adherence during reserved to
degraded perform re-
operation execution
B.2.3.1 Online throughput Throughput required during online system Process margin 1-fold 1.2-fold 1.5-fold 2-fold 3-fold 10-fold or [Level]
utilization. rate during (No margin) greater "Margin rate" refers to the transaction volume the system as a whole can process. For example, for level 3 ( 2-
Confirm what level of throughput is necessary normal operation fold), the system is capable of processing twice the number of transactions.
based on the business to be handled by the The multiplication factor shown for each level is a rough estimate; consensus regarding specific figures is
system. It is advisable to take into account necessary.
peak characteristics and operation during
failure, decide on process margin rates for
B.2.3.2 Process margin 1-fold 1.2-fold 1.5-fold 2-fold 3-fold 10-fold or [Level]
normal operation, peak times, and degraded
operation, and establish specific figures for
rate during peak (No margin) greater "Margin rate" refers to the transaction volume the system as a whole can process. For example, for level 3 ( 2-
times fold), the system is capable of processing twice the number of transactions.
individual functions and systems.
(Ex: Number of data entries / hour, number of The multiplication factor shown for each level is a rough estimate; consensus regarding specific figures is
Web pages accessed / min, TPS, etc.) necessary.
B.2.3.3 Process margin No degraded Half the The processing

rate during operation processing of capability of the
degraded normal operation system is the
operation is possible same as for
normal operation
B.2.4.1 Batch throughput Throughput required during batch system Process margin 1-fold 1.2-fold 1.5-fold 2-fold 3-fold 10-fold or [Level]
utilization. rate during (No margin) greater The multiplication factor shown for each level is a rough estimate; consensus regarding specific figures is
Confirm what level of throughput is necessary normal operation necessary.
based on the business to be handled by the
system. Take into account peak
B.2.4.2 characteristics and operation during failure, Process margin 1-fold 1.2-fold 1.5-fold 2-fold 3-fold 10-fold or [Level]
and establish process margin rates for rate during peak (No margin) greater The multiplication factor shown for each level is a rough estimate; consensus regarding specific figures is
normal operation, peak times, and degraded times necessary.
operation. It is advisable to decide on specific
B.2.4.3 numbers for specific functions and systems. Process margin No degraded Half the The processing
(Ex: Personnel transfer information batch rate during operation processing of capability of the
update processing, batch e-mail transmission degraded normal operation system is the
processing, etc.) operation is possible same as for
normal operation
B.2.5.1 Form printing Throughput required for form printing. Printing margin 1-fold 1.2-fold 1.5-fold 2-fold 3-fold 10-fold or [Level]
capacity Confirm what degree of form printing rate during (No margin) greater The multiplication factor shown for each level is a rough estimate; consensus regarding specific figures is
throughput is needed, considering when the normal operation necessary.
printing is performed and the number of
B.2.5.2 forms printed. Printing margin 1-fold 1.2-fold 1.5-fold 2-fold 3-fold 10-fold or [Level]
Take into account peak characteristics and rate during peak (No margin) greater The multiplication factor shown for each level is a rough estimate; consensus regarding specific figures is
operation during failure, and establish margin times necessary.
rates for normal operation, peak times, and
degraded operation. It is advisable to decide
B.2.5.3 on specific numbers for specific functions and Printing margin No degraded Half the printing The printing
forms. rate during operation of standard capability of the
degraded operation is system is the
operation possible same as for
normal operation
B.3.1.1 Resource CPU scalability This item is used to confirm CPU scalability. CPU utilization 80% or greater Between 50% Between 20% Less than 20% [Metric] 0 80% or This assumes that the system does 1 Between 50% This assumes that additional 1 Between 50% This assumes that additional
scalability It is based on CPU utilization and the number and 80% and 50% The "CPU utilization" indicates the ratio of CPU usage by running programs per unit time. Figures may vary greater not involve excessive facility and 80% capacity has been prepared in order and 80% capacity has been prepared in order
of open CPU slots when system operation greatly depending on what unit time is used, and the characteristics of the operating programs. deployment. to accommodate increase in to accommodate increase in
starts. business volume. business volume.
The lower the CPU utilization, the greater its [Level] [+] There are plans for an increase in
scalability, but also the greater the CPU cost, The utilization ratio shown for each level is a rough estimate; consensus regarding specific figures is necessary. the number of users in the near [-] Low cost has a higher priority over [-] Low cost has a higher priority over
and resulting waste. X X future. performance and scalability. performance and scalability.
CPU addition capacity indicates scalability [Impact on Operation Costs] [+] There are plans for an increase in [+] There are plans for an increase in
capacity by checking the presence and If the CPU utilization is high, measures such as deployment of additional equipment will be necessary for even the number of users in the near the number of users in the near
quantity of open slots. minor increases of business volume. future. future.
B.3.1.2 CPU addition No addition 1 open slot 2 open slots 3 open slots 4 or more open [Level] 0 No addition Usage is limited to within a 1 1 open slot This assumes that the system is 1 1 open slot This assumes that the system is
capacity capacity slots Equipment with CPU addition capacity costs more than equipment with none. capacity department, and CPU scalability is capable of accommodating additional capable of accommodating additional
not required. CPU installation for system CPU installation for system
X X [Impact on Operation Costs] expansion in the next 2 to 3 years. expansion in the next 2 to 3 years.
For equipment with no CPU addition capacity, additional equipment installation may become necessary.

Important item
Overlapping
Impact on
operation
costs
item
B.3.2.1 Memory scalability This item is used to confirm memory Memory 80% or greater Between 50% Between 20% Less than 20% [Metric] 0 80% or This assumes that the system does 1 Between 50% This assumes that additional 1 Between 50% This assumes that additional
scalability. utilization and 80% and 50% "Memory utilization" indicates the ratio of memory usage by running programs per unit time. Figures may vary greater not involve excessive facility and 80% capacity has been prepared in order and 80% capacity has been prepared in order
It is based on memory utilization and the greatly depending on what unit time is used, and the characteristics of the operating programs. deployment. to accommodate increase in to accommodate increase in
number of open memory slots when system business volume. business volume.
operation starts. [Level] [+] There are plans for an increase in
The lower the memory utilization, the greater The utilization ratio shown for each level is a rough estimate; consensus regarding specific figures is necessary. the number of users in the near [-] Low cost has a higher priority over [-] Low cost has a higher priority over
its scalability, but also the greater the X X future. performance and scalability. performance and scalability.
memory cost, and resulting waste. [Impact on Operation Costs] [+] There are plans for an increase in [+] There are plans for an increase in
Memory addition capacity indicates scalability If the memory utilization is high, measures such as deployment of additional equipment will be necessary for the number of users in the near the number of users in the near
capacity by checking the presence and even minor increases in business volume. future. future.
quantity of open slots.
B.3.2.2 Memory addition No addition 1 open slot 2 open slots 3 open slots 4 or more open [Level] 0 No addition Usage is limited to within a 1 1 open slot This assumes that the system is 1 1 open slot This assumes that the system is
capacity capacity slots Equipment with memory addition capacity costs more than equipment with none. capacity department, and memory scalability capable of accommodating additional capable of accommodating additional
is not required. memory installation for system memory installation for system
X X [Impact on Operation Costs] expansion in the next 2 to 3 years. expansion in the next 2 to 3 years.
For equipment with no memory addition capacity, additional equipment installation may become necessary.
B.3.3.1 Disk scalability This item is used to confirm disk scalability. Disk utilization 80% or greater Between 50% Between 20% Less than 20% [Level]
It is based on disk utilization and the number and 80% and 50% The utilization ratio shown for each level is a rough estimate; consensus regarding specific figures is necessary.
of disk expansion slots when system
operation starts. X [Impact on Operation Costs]
The lower the disk utilization, the greater its When systems run out of disk space, simple addition file monitoring, etc., becomes necessary.
scalability, but also the greater the disk cost,
and resulting waste.
B.3.3.2 Disk addition capacity indicates scalability Disk addition No addition 1 open slot 2 open slots 3 open slots 4 or more open [Level]
capacity by checking the presence and capacity capacity slots Equipment with disk addition capacity costs more than equipment with none.
quantity of open slots. Disks are more
scalable than CPUs and memory, as external [Impact on Operation Costs]
disks can be added when internal disk space X For equipment with no disk addition capacity, the addition of external disks may become necessary.
becomes insufficient.
B.3.4.1 Network This item relates to the scalability of the Networking None Single floor LAN Single site Connections Connections
network environment used by the system. equipment (building) LAN among multiple with external
When using existing networking equipment, it installation scope sites within the sites
is used to confirm existing network same company
requirements. (LAN, WAN)
Please check "B.4.1 Existence of bandwidth
guarantee functionality" regarding network
bandwidth.
B.3.5.1 Server processing This item relates to server processing Scale up No scaling up Some servers Multiple servers [Level 1]
capability capability enhancement methods. only Scaling up is envisioned for application servers in systems with a high ratio of update related processing, such as
enhancement Methods (scale up/scale out) for handling online transaction processing.
future business volume increases must be
considered in advance. Methods must be [Level 2]
selected in accordance with system This assumes, in addition to level 1, additional DB server scale up.
characteristics.
Scaling up is the increasing of processing
B.3.5.2 capabilities by replacing servers with new Scale out No scaling out Some servers Multiple servers [Level 1]
servers with greater processing capabilities. only This is envisioned for systems with multiple front end units, such as Web servers and load balancers.
Scaling out is the increasing of processing
capabilities by adding more servers with [Level 2]
equivalent processing capabilities.
This assumes, in addition to level 1, additional back end server scale out.
B.4.1.1 Performance Existence of Whether or not to deploy functions for Bandwidth None Set for individual Set for individual Validation and
quality bandwidth assuring network service quality, and, if so, to guarantee protocols servers guarantee
assurance guarantee what degree. establishment provided for
functionality Indicates whether a schema is decided applications,
regarding transmission delay, packet loss, end to end
and bandwidth. Failure to guarantee
bandwidths often results in poorer
performance.
B.4.2.1 Performance Frequency and scope of measurements to Measurement No measurement Measurement Measurement Measurement is
testing test whether performance of the built system frequency performed performed when can be performed
is provided and maintained throughout its system is built performed as throughout
lifecycle. needed while operation
system is
operating
B.4.2.2 Confirmation No confirmation Confirmation that Confirmation that

scope performed target values are target values are
satisfied for satisfied for all
some functions functions
B.4.3.1 Load spike This refers to loads appearing within a short Transaction Transaction Function limiting Function limiting Installation of
handling period of time that are far higher than loads protection protection is not number of number of separate sorry
experienced during normal operation. These necessary simultaneous simultaneous action server
are periods that exceed assumed business transactions transactions,
volume peaks. plus sorry action
These are particularly prevalent on systems
such as B2C systems in which the number of
clients cannot be limited. As these often
exceed system processing capabilities, sorry
actions are often configured and used to
handle load spikes.
C.1.1.1 Operability Normal operation Operating hours Hours during which system operates. This Operating hours Not specified During business Outage only at Possible outage Possible outage Uninterrupted [Overlapping Item] 2 Outage only No businesses are done during 4 Possible Uninterrupted 24 hour operation is 5 Uninterrupted There are no time periods during
and refers to the hours during which the system is (normal) hours night for for a brief 24 hours A.1.1.1. "Operating hours (normal)" are an overlapping item, as they also indicate the system's availability at night nighttime and thus system shutdown outage for a not necessary, but continual 24 hours which the system can be shut down.
maintainability operated, performing online processing, (9:00 to 17:00) (9:00 to 21:00) approximately 1 period implementation level. (9:00 to is possible. brief period operation to the extent as possible is
batch processing, and the like, in order to hour (9:00 to 8:55 21:00) (9:00 to 8:55 desired. [-] There is a regular period during
provide services to users and system (9:00 to 8:00 the next day) [Metric] [-] Business is performed during a the next day) each day when operation can be
administrators. the next day) "Operating hours" refers to the time periods when the system is operational, including online and batch more limited amount of operating [-] Long periods of operation outage, shut down.
processing. hours. such as not permitting access at
[+] When considering uninterrupted night
[Level] 24 hour operation or only short [+] Uninterrupted 24 hour operation
The times in parentheses are examples for each level. They are not to be used as level selection conditions. "Not interruptions for reboot processing,
specified" refers to a system not having specified service hours, and is envisioned essentially for cases where etc.
X X the system is shut down and started up as necessary by users (Ex: Backup systems prepared for failure
recovery, development and validation systems, etc.) "During business hours" and "Outage only at night" are
envisioned for general business usage, and the times provided as examples should be read as examples only,
and modified as appropriate for systems with different operating hours. "Possible outage" refers to time periods
where the system may possibly be shut down, not where it must be shut down. "Uninterrupted 24 hours" also
includes cases where batch processes must be executed when the system is not involved in online business,
and which therefore require that the system not be shut down.

Important item
Overlapping
Impact on
operation
costs
item
C.1.1.2 Operating hours Not specified During business Outage only at Possible outage Possible outage Uninterrupted [Overlapping Item] 0 Not specified There are no specific days with 2 Outage only During weekends, only backup 5 Uninterrupted There are no time periods during
(specific days) hours night for for a brief 24 hours A.1.1.2. "Operating hours (specific days)" are an overlapping item, as they also indicate the system's availability operating hours that differ from at night operations are performed, so the 24 hours which the system can be shut down.
(9:00 to 17:00) (9:00 to 21:00) approximately 1 period implementation level. normal days. (9:00 to system is shut down at night.
hour (9:00 to 8:55 21:00) [-] There are regularly scheduled
(9:00 to 8:00 the next day) [Metric] [+] There are specific days with [-] There are no weekend backups or days when operation is stopped.
the next day) "Specific days" refer to weekends, holidays, the end/start of months, and other days whose schedule is defined operating hours that differ from batch processing, etc, and operation
as differing from the normal operation schedule. If there are multiple specific days, their level values must be normal days, such as backup is stopped on weekends/holidays.
X X made consistent (Ex: "Monday to Friday is level 2, but Saturday and Sunday are level 0," "Normally, the level is operations performed on [+] The system is used for business
5, but the system is rebooted on the first of each month, so on that day, the level is 3"). weekends/holidays. by employees who come in on
In addition to user holidays, vendor holidays must also be recognized as specific days, and an operation and weekends, so the system operates
maintenance structure, etc. must be established accordingly. on weekends/holidays as well.
C.1.2.1 Backups Item regarding backups of data used by the Data recovery Recovery not Recover Recover all [Overlapping Item]
system. scope necessary necessary data system data A.2.6.2. This is an overlapping item, as it is necessary for availability from the perspective of to what degree to
only maintain data, and for operation from the perspective of up to what point data must be recovered.
[Metric]
In order to recover a system after a failure, in addition to data backups, system backups of OS and application
setting files, etc., may also be necessary. System backup methods and archival methods should be considered
X
at the same time.
[Level 1]
"Necessary data" refers to the data necessary to satisfy business continuity requirements.
C.1.2.2 Possibility of Possible to use Possible to use Not possible to [Metric] 1 Possible to Necessary data can be recovered 2 Not possible This assumes that backup methods 2 Not possible This assumes that backup methods
using external for recovery of all for recovery of use external data "External data" refers to data stored on systems outside the scope of the relevant system (existing systems use for from other systems, so it is not to use for recovering all data must be to use for recovering all data must be
data data some data linked with the system being developed, etc.). Since the importance of system backup design decreases when recovery of necessary to recover all system data external data considered. external data considered.
system data can be recovered from external data, consideration priority and levels can be lowered. some data from backups.
[-] There are external systems which [-] There are external systems which
[-] There are external systems which have the same data, so in the event have the same data, so in the event
X have the same data, so all data for of a failure on this system, data from of a failure on this system, data from
this system can be recovered without the external system can be used for the external system can be used for
using backups. system recovery. system recovery.
C.1.2.3 Backup usage No backups Data loss Recovery from Long term data [Level 2] 1 Data loss It is acceptable if restoration of data 2 Recovery Capability of ensuring restoration of 3 Long term Data history must be stored in
scope prevention when user errors storage For recovery from user errors, systems have to be able to return processes which, from the system's perspective, prevention to the specified recovery point from user data loss including those due to a data storage accordance with internal control
failures occur (archival) have been performed correctly, to their previous state. As such, multiple generations of backups must be when failures objective (RPO) in the event of a errors system administrator's operational (archival) support requirements.
managed, and functions such as "Point in Time Recovery" may be necessary. occur system failure. error is desirable.
[-] Backups are used for data loss
[-] There is no need to recover the [-] Recovery from a system recovery purposes only.
data lost when a failure occurs. administrator's operational error is
[+] The recovery point objective ensured by the administrator
X (RPO) is not fixed; recovery must be individually preserving data before
performed within the specified time carrying out the work, and as such,
depending on the specific failure. restoration from backups is not
necessary.
[+] Use for recovery from data loss
as well as for storing past data
C.1.2.4 Backup All steps Some steps One step All steps [Metric] 1 Some steps Backup related operations, including 2 One step Backup related operations are 3 All steps This assumes backup related
automation scope performed performed performed performed Backup operation includes the following steps: performed schedule management, are basically performed performed automatically using performed operations (schedule management,
manually manually (tape manually (tape automatically • Scheduled job startup manually performed manually, but batch manually installed backup management automatically media management, job execution,
replacement and replacement • Selection of backup target (tape scripts are created to reduce the (tape software, but since media etc.) will be handled automatically by
backup initiation only) • Selection of backup media (tape replacement) replacement number of executed commands to replacement management (tape replacement) is installed management software.
command entry) • File transfer and backup some extent. only) not supported by hardware, that must
When decentralized storage is performed by transporting media, tape replacement is not included here. initiation be performed manually. [-] Backups will be performed
command [-] Scripts are not created, and manually by administrators.
X X [Impact on Operation Costs] entry) administrators perform all steps [-] Although work will increase,
Automation of backup operation requires hardware and software investments, resulting in increased deployment manually. operations are divided into multiple
costs. However, as backup work does not need to be performed by users during operation, operation costs can [+] When further reducing backup work units and scripted, in order to
be expected to decrease. related administrator operations is reduce the impact of failures.
desirable [+] If automated media management
is desirable
C.1.2.5 Backup interval No backups Random Monthly backups Weekly Daily backups Synchronous 1 Random Master data, etc., which must be 4 Daily backups System-wide backups are acquired 5 Synchronous In order to satisfy RTO requirements,
backups backups backups backups restored from backups does not on a weekly basis. However, in order backups updated contents are transferred to a
performed in performed in change infrequently during operation, to satisfy the RPO requirement of backup site in order to configure a
situation such as situation such so instead of regular backups, restoring the system to the state it DR site that can immediately be put
system as system backups are performed when master was in the previous day, differential into operation in the event of a
configuration configuration data is updated. backups must be taken daily. failure.
changes, etc. changes, etc.
X [+] Data which must be restored from [-] RPO requirement is [-]. [-] It is acceptable to shut down
backups include transaction data [+] RPO requirement is [+], or when operation for backup recovery work
which are constantly updated during backup availability is increased by in the event of a system failure.
system operation. obtaining multiple generations of
backups.
C.1.2.6 Backup retention No backups Less than 1 year 3 years 5 years Fixed period of Permanently [Metric] 0 No backups Backup data is only used for 2 3 years Company policies stipulate that data 4 Fixed period In accordance with the law, data
period retention 10 years or retained Unlike backup generation management, which is primarily performed from the viewpoint of availability, this item retention recovery after a system failure, and update histories must be retained for of 10 years or must, be retained for 10 years.
longer concerns backup data storage periods from the viewpoint of maintaining data integrity. is not used for data archival 3 years. longer
purposes. [-] Due to storage capacity
[-] Due to archival capacity limitations, it is not possible to
[+] Backups are also used for data limitations, it is not possible to maintain 10 years worth of data on
archival purposes. maintain 3 years worth of data on the the system.
X system. [+] There are no restrictions on
[+] Company or external regulations storage capacity, and data must be
may change, lengthening the archived permanently.
required retention period.
C.1.2.7 Backup method No backups Offline backups Online backups Offline backups [Overlapping Item]
+ online A.2.6.1. Backup method includes consideration regarding whether or not system outage is necessary, and as
backups such must take availability into consideration, making it an overlapping item.
[Level]
X
"Offline backups" refer to backups performed after shutting down systems (in whole or in part), while "online
backups" refer to backups performed without system outages.

Important item
Overlapping
Impact on
operation
costs
item
C.1.3.1 Operation This item concerns monitoring of entire Monitored No monitoring Alive monitoring Error monitoring Error monitoring Resource Performance [Metric] 2 Error Administrators can immediately 3 Error Detailed error information must also 4 Resource This assumes that there are
monitoring systems, as well as the hardware and information performed performed performed (including trace monitoring monitoring "Monitoring" refers to collecting information and, in accordance with the results, notifying appropriate parties. The monitoring access the system and investigate monitoring be monitored in order that monitoring thresholds set for CPU utilization
software that make them up (including information) performed performed objective of this item is the determination of what information should be issued as monitored information. Confirm performed the status of failures, so only (including administrators can be notified of the performed ratios, swap occurrences, etc., to
business applications). performed where monitored information is sent to under "C.4.5.2 Existence of monitoring system." notifications of error occurrences are trace status of failures at night as well, and monitor signs of service level drops
necessary. information) determine whether immediate and consider system expansion
Security monitoring is not included within this [Level] performed response is necessary. plans and operation schedules.
item. It is considered separately in "E.7.1 "Alive monitoring" refers to monitoring of whether the monitored object's status is online or offline. [-] All that is necessary is hardware
Fraud monitoring." and process alive status monitoring. [-] Administrators can immediately [-] It is only necessary to detect
"Error monitoring" refers to monitoring of logs, etc. output by monitored objects to confirm whether errors have [+] In order to reduce failure access the system when failures failures and prompt for action by
occurred. When "trace information" is included, the monitoring function also determines details such as in which response time, administrators must occur, so there is no need for administrators.
module the error occurred. be able to judge, to some extent, detailed error information monitoring. [+] A more strict evaluation of system
where a failure has occurred without [+] Monitoring of resource utilization service levels, such as business
"Resource monitoring" refers to monitoring of logs output by monitored objects, and separately acquired accessing the system. in addition to error information is application response time and
performance information, and the usage of them to determine resource utilization conditions, such as CPU, desirable in order to prevent failures throughput is desirable
X X memory, disk, and network bandwidth utilization. from occurring.
"Performance monitoring" refers to monitoring of logs output by monitored objects, and separately acquired
performance information, and the usage of them to determine business application and disk I/O, network transfer
and similar response times, and throughput.
[Impact on Operation Costs]

Error monitoring, resource monitoring, and performance monitoring make identification of fault points easier, and
can assist in preventing faults from occurring, leading to lower operation costs involved in maintaining system
quality.
C.1.3.2 Monitoring No monitoring Non-regular Regular Regular Real-time Real-time 1 Non-regular This assumes that diagnostic 4 Real-time It may take some time to detect 5 Real-time This assumes that monitoring will be
interval performed monitoring monitoring (daily monitoring monitoring (one monitoring (one monitoring intervals will be irregular because monitoring failures, but the priority is to reduce monitoring performed in intervals of seconds in
(manual intervals) (intervals of minute second (manual administrators will confirm manually (one minute system monitoring information (one second order to immediately detect failures
monitoring) several hours) intervals) intervals) monitoring) as necessary. intervals) acquisition costs, so monitoring will intervals) and take action.
be performed in intervals of minutes.
[+] Confirmation will not be [-] In order to avoid the risk of
performed manually. Instead, the [-] Failure detection is performed by monitoring information acquisition
system will perform monitoring and application functions, so system impacting application performance,
X notify administrators as necessary. infrastructure monitoring requires monitoring will be performed at wider
only regular operation status intervals.
reporting.
[+] Reducing the amount of time
needed for failure detection is
desirable.
C.1.3.3 System level No monitoring Partial Full monitoring [Metric]

monitoring performed monitoring performed "System level monitoring" refers to determining if a system is functioning as a system based on the results of
performed confirming the states of individual servers, etc., which make up the system, including business applications. This
includes backup monitoring and job monitoring, etc.
[Level]
When monitoring is performed, system level related monitoring information and monitoring intervals must be
individually confirmed. It is assumed that monitoring will be performed of especially critical functions out of all the
functions offered by the system.
C.1.3.4 Process level No monitoring Partial Full monitoring [Metric]

monitoring performed monitoring performed "Process level monitoring" refers to determining if processes such as applications and middleware are
performed functioning correctly. It assumes process information (alive state, CPU utilization, memory utilization, etc.)
monitoring primarily via OS commands.
[Level]
When monitoring is performed, process level related monitoring information and monitoring intervals must be
individually confirmed. The "partial monitoring" mentioned in level 1 assumes that monitoring will be performed of
especially critical processes out of all the processes (applications and middleware) operating on the system.
C.1.3.5 Database level No monitoring Partial Full monitoring [Metric]

monitoring performed monitoring performed "Database level monitoring" refers to confirming information provided by DBMS functions, and determining if they
performed are functioning normally. It assumes monitoring of log output contents, parameter values, status information, disk
usage ratios, etc.
[Level]
When monitoring is performed, database level related monitoring information and monitoring intervals must be
individually confirmed. The "partial monitoring" mentioned in level 1 assumes that monitoring will be performed of
especially critical databases out of all the databases operating on the system.
C.1.3.6 Storage level No monitoring Partial Full monitoring [Metric]

monitoring performed monitoring performed "Storage level monitoring" refers to confirming the state of disk arrays and other external storage devices, and
performed determining if they are functioning normally. It assumes monitoring of disk utilization ratios, etc., confirmed via OS
commands, and log information, etc., output by firmware.
[Level]
When monitoring is performed, storage level related monitoring information and monitoring intervals must be
individually confirmed.
The "partial monitoring" mentioned in level 1 assumes that monitoring will be performed of especially critical
storage devices out of all the storage devices connected to the system.
C.1.3.7 Server (node) No monitoring Partial Full monitoring [Metric]

level monitoring performed monitoring performed "Server (node) level monitoring" refers to determining if the monitored server is functioning correctly at the OS
performed level. This includes heartbeat monitoring, etc.
[Level]
When monitoring is performed, server (node) level related monitoring information and monitoring intervals must
be individually confirmed. The "partial monitoring" mentioned in level 1 assumes that monitoring will be
performed of especially critical servers out of all the servers (nodes) which make up the system.
C.1.3.8 Terminal/networki No monitoring Partial Full monitoring [Metric]

ng equipment performed monitoring performed "Terminal/networking equipment level monitoring" refers to confirming the state of client terminals, routers, and
level monitoring performed other networking equipment, and determining if they are functioning normally. It assumes both heartbeat
monitoring and monitoring based on the information output by individual firmware, etc.
[Level]
When monitoring is performed, terminal/networking equipment level related monitoring information and
monitoring intervals must be individually confirmed. The "partial monitoring" mentioned in level 1 assumes that
monitoring will be performed of especially critical terminals/networking equipment out of all the
terminals/networking equipment which make up the system.

Important item
Overlapping
Impact on
operation
costs
item
C.1.3.9 Network/packet No monitoring Partial Full monitoring [Metric]

level monitoring performed monitoring performed "Network/packet level monitoring" refers to confirming information contained in packets passing through the
performed network, and determining if the network is functioning normally. It assumes monitoring of packet loss, network
bandwidth utilization, and the like.
[Level]
When monitoring is performed, terminal/packet level related monitoring information and monitoring intervals must
be individually confirmed. The "partial monitoring" mentioned in level 1 assumes that monitoring will be
performed of especially critical network paths out of all the network paths which make up the system.
C.1.4.1 Time This item concerns time synchronization for Time Time Time Time Time The entire [Level 4]
synchronization the equipment that makes up the system. synchronization synchronization synchronization synchronization synchronization system's time is When the entire system is synchronized with external standard time, system design must include what to do
scope is not performed is performed for is performed for is performed synchronized about internal system time synchronization when a failure occurs which affects the system's external connection.
servers only both servers and throughout the with external
client equipment system, standard time [Impact on Operation Costs]
including X Because time synchronization ensures that the order of logs output by multiple server devices can be accurately
networking determined, it can reduce the operation costs of fault investigation, auditing, etc.
equipment
C.2.1.1 Maintenance Planned system This item concerns planned service outages Existence of Possible planned Possible planned No planned [Overlapping Item] 0 Possible System shutdown is possible if 1 Possible Uninterrupted 24 hour operation is 2 No planned There are no time periods during
operation shutdown performed in order to carry out system planned system system shutdown system system A.1.1.3. "Existence of planned system shutdown" is an overlapping item, as it also indicates the system's planned consensus is gained in advance. planned not necessary. There are hours system which the system can be shut down.
maintenance operations, such as shutdown (operation shutdown shutdown availability implementation level. system system during which outage is possible, and shutdown
inspections, region expansion, schedule can be (operation shutdown [+] When it is sufficient with only shutdown planned outages are possible. [-] There are times within the
defragmentation, master data maintenance, changed) schedule cannot [Impact on Operation Costs] (operation outages during non-operating hours (operation operation schedule during which
and the like. be changed) When there are planned system shutdown, operational costs may increase due to pre-shutdown backups and schedule can schedule [-] There are no times within the outages are possible, and there is a
X X X the preparation of procedures in accordance with the system configuration. be changed) cannot be operation schedule during which need for planned system shutdowns.
changed) outages are possible, but outages
possible if coordinated in advance.
[+] When uninterrupted 24 hour
operation is required
C.2.1.2 Advance No planned planned system Notification 1 Notification 1 Notification 1 [Impact on Operation Costs]
announcement of system shutdown shutdown are month in week in day in advance When there are planned system shutdown, irregular handling, such as announcement to users and operation
planned system performed determined by advance advance schedule changes, etc, may occur. The less time there is to carry these out, the more critical the need to carefully
shutdown annual plans X design system exception processing, resulting in higher deployment costs. However, due to this design work,
exception processing operation itself will be simplified, resulting in expected lower operation costs.
C.2.2.1 Operation load This item relates to maintenance operation Maintenance All maintenance Some All maintenance [Metric] 0 All All maintenance work will be 1 Some Regularly performed processes such 2 All Business function startup and
reduction related work load reduction design. work automation work is maintenance work is "Maintenance work" refers to the work performed in order to maintain and manage the system infrastructure maintenance performed manually by maintenance as business function startup and maintenance shutdown, scheduled maintenance
scope performed work is automated together with maintenance operation, and is assumed to incorporate update work such as inspection work and work is administrators. work is shutdown will be automated, but work is operations, etc., will all be performed
manually automated patch application work, etc., region expansion, defragmentation, log rotation, and the like. It does not include performed automated irregularly performed processes, automated automatically.
fault handling or recovery operations. manually [+] Some maintenance work will be such as log deletion, will be
automated. performed manually by [-] Some functions will be performed
X X [Impact on Operation Costs] administrators. manually by administrators.
Automating system infrastructure maintenance operation work requires the installation of special operation
management tools and a great deal of front end work. This will result in greater deployment costs, but, thanks to [-] All maintenance work will be
maintenance operation work performed by users becoming simpler, or even unnecessary, operation costs will performed manually.
fall. [+] All maintenance work will be
automated.
C.2.2.2 Server software Server software Server software Server software Server software [Metric]
update work update file update file update file update file Server software refers to server equipment OS and storage firmware, as well as middleware and applications
automation distribution distribution distribution distribution which run on server equipment.
functionality will functionality will functionality will functionality will
not be provided be provided, with be provided, with be provided, [Impact on Operation Costs]
distribution and distribution with distribution Automating the distribution of update files to servers, and installation of those updates, requires the installation of
updating performed and updating X special tools and a great deal of front end work. However, if server software update work is automated, this will
performed automatically performed decrease the amount of work which must be performed by users during system operation, resulting in reduced
manually and updating automatically operating costs.
performed
manually
C.2.2.3 Terminal software Terminal software Terminal Terminal Terminal [Metric]

update work update file software update software update software update Terminal software refers to client terminal OS and networking equipment firmware, as well as applications which
automation distribution file distribution file distribution file distribution run on client terminals.
functionality will functionality will functionality will functionality will
not be provided be provided, with be provided, with be provided, [Impact on Operation Costs]
distribution and distribution with distribution Automating the distribution of update files to terminals, and installation of those updates, requires the installation
updating performed and updating of special tools and a great deal of front end work. However, if terminal software update work is automated, this
performed automatically performed X will decrease the amount of work which must be performed by users during system operation, resulting in
manually and updating automatically reduced operating costs.
performed
manually
C.2.3.1 Patch application This item relates to patch information Patch release Patch release Patch release Patch release
policy deployment and patch application policies. information information is information is information is
provision provided by regularly provided in real-
vendor when provided by time (when patch
requested by vendor to users is released) by
users vendor to users
C.2.3.2 Patch application Patches are not Only All patches are [Metric]
policy applied recommended applied When the selected level varies depending on whether patches are individual patches or cumulative patches,
patches are consensus must be reached for each.
applied Security patches are also considered in the "Security" item (E.4.3.2 ).
C.2.3.3 Patch application Patches are not Patches are Patches are Patches are [Metric]
timing applied applied when applied during applied when When the selected level varies depending on whether patches are individual patches or cumulative patches,
faults occur scheduled new patches consensus must be reached for each.
maintenance are released Security patches are also considered in the "Security" item (E.4.3.3).
C.2.3.4 Performance of Patch validation Patch validation Patch validation

patch validation is not is only performed is performed for
implemented for recovery both recovery
patches patches and
security patches
C.2.4.1 Maintenance Scope of components for which maintenance Scope of No maintenance Maintenance Maintenance [Metric]
during operation during operation can be performed without hardware during operation during operation during operation "Hardware maintenance during operation" refers to maintenance work which is performed without stopping the
stopping the system. maintenance for some for all hardware system, such as hardware replacement or firmware updating.
during operation hardware
[Level 1]
"Some hardware" refers to cases where maintenance during operation is only possible for specific servers or
storage devices.

Maintenance Scope of components for which maintenance
during operation during operation can be performed without System Infrastructure Non-Functional Requirements Related Utilization Sheet Utilization Sheet
stopping the system.
Important item
Overlapping
Impact on
operation
costs
item
C.2.4.2 Scope of No maintenance Maintenance Maintenance [Metric]

software during operation during operation during operation "Software maintenance during operation" refers to OS, middleware, and application patch application which is
maintenance for some for all software performed without stopping the system (ex: multiserver environment rolling upgrades, etc.).
during operation software
[Level 1]
"Some software" refers to cases where maintenance during operation is only possible for specific software.
C.2.5.1 Scheduled Frequency of scheduled maintenance work Scheduled Scheduled Once / year Once / 6 months Once / month Once / week Daily
maintenance on hardware or software as necessary for maintenance maintenance not
frequency system maintenance. frequency implemented
C.2.6.1 Preventive Detection of potential system component and Preventive No preventative Handling of Detection of Real-time
maintenance material faults, and taking of corrective maintenance maintenance potential potential detection and
action, such as replacement. problems problems, and correction of
detected during handling of said potential
scheduled problems, at problems
maintenance regular intervals
(separate from
scheduled
maintenance)
C.3.1.1 Operation to Recovery This level covers work needed for recovery Recovery Recovery not Manual recovery Recovery using Recovery using [Overlapping Item]
ensure business operations operations in the event of a failure resulting in operations necessary without using recovery recovery A.4.1.1. "Recovery operations" is essential for considering "Availability" recovery objectives (RTO/RPO), and as
continuity a business outage. recovery products products + such is included in "Availability" and "Operability and maintainability."
products business
applications [Metric]
User and vendor side organizational structure and authorities must be organized and prepared in accordance
with selected levels.
[Level]
X
The use of in-house created tools is included in manual recovery.
"Recovery products" refer to products for performing backups / recovery. When performing recovery using a
recovery product, in some cases, the extent to which recovery is automated (automatic recovery function
sufficiency rate, etc.) may be defined, but as the choice to use or not use recovery products results in significant
differences, "Availability" level consideration is based on whether or not recovery products are used.
C.3.1.2 Alternative None Alternative Alternative [Overlapping Item]

operation scope operation operation A.4.1.2. "Alternative operation scope" is essential for considering "Availability" recovery objectives (RTO/RPO),
required for required for all and as such is included in "Availability" and "Operability and maintainability."
some businesses
X businesses [Metric]
"Alternative operation" refers to methods of alternative business (operation by alternate equipment or manual
operation) which can be used when a system failure makes recovery impossible.
C.3.2.1 Fault recovery This item relates to the scope of automation Fault recovery All fault recovery Fault recovery Fault recovery [Level 1]
automation scope of fault recovery related operations. automation scope work is work partly work fully "Fault recovery work partly automated" refers to cases where specific patterns (or positions) of fault recovery are
performed automated automated automated.
manually
Automating fault recovery operations requires the creation of scripts for performing complex decisions based on
X
individual fault patterns, making development costs correspondingly more expensive. On the other hand,
recovery operations in the event of a fault are speeded, and the accompanying reduction in mistakes results in
reduced operation costs.
C.3.3.1 System fault This item concerns vendor support when a Support hours Support offered Support offered 24 hour support [Metric]
detection handling system fault is detected. during vendor during hours Time period when maintenance staff provide support when system faults are detected.
business hours specified by user
(ex: 09:00 to (ex: 18:00 to
17:00) 24:00)
C.3.3.2 On-site arrival No on-site Maintenance Maintenance Maintenance Maintenance Maintenance [Metric]
time dispatch staff arrive within staff arrive user staff arrive staff arrive staff stationed Time between when fault is detected and notification is provided to specified contact point, and when
days of fault business day before start of within hours of on-site maintenance staff receive fault notification and arrive on-site.
detection after fault is next user fault detection
detected business day
after fault is
detected
C.3.3.3 Average SE on- No SE on-site SE arrives within SE arrives user SE arrives SE arrives SE stationed [Metric]
site arrival time dispatch days of fault business day before start of within hours of on-site Average time between system fault detection and SE on-site arrival.
detection after fault is next user fault detection
detected business day
after fault is
detected
C.3.4.1 Securing of Method of securing replacement materials for Maintenance part Not secured Based on Based on [Metric]
replacement failed components. securement level maintenance maintenance Maintenance part securement level for the system.
materials contract, parts contract,
procurement maintenance
vendor maintains vendor maintains
maintenance maintenance
parts for a parts for a
specified number specified number
of years of years
expressly for the
system
C.3.4.2 Availability of No backup Backups for Backups for all

backup equipment some equipment equipment
equipment
C.4.1.1 Operating Establishment of This item relates to the environment that is Presence of No system Establish Establish [Metric] 0 No system Development is performed on the 1 Establish A non-cluster development 2 Establish A development environment
environment development deployed for the purposes of system development development development development "Development environment" refers to a system of devices, separate from the production environment, that is development production environment, and the development environment is prepared. development equivalent to the production
environment development work by the user. environment environment environment environment expressly for development use. Development phase environments which will be used as production environment environment is then put directly into environment environment environment is established.
established limited to part of identical to environments after the system is launched are not included in this item. established production. limited to part [-] No system development identical to
operating operating of operating environment is provided. operating [-] A development environment with
environment environment [Level] [+] In order to perform development environment [+] A development environment environment only 1 application server is prepared
X Select level 0, "No system development environment established" for situations where a development while the system is in operation, a equivalent to the production instead of the multiple application
environment is used during the development phase, but upon system launch, the environment is becomes the development environment is environment is provided. servers that exist in the production
production environment. prepared. environment.

Operating
environment
Important item
Overlapping
Impact on
operation
costs
item
C.4.2.1 Establishment of This item relates to the environment that is Presence of test No system test Establish Establish [Metric] 0 No system No testing environment is prepared. 1 Establish Testing is performed as well on the 2 Establish A testing environment separate from
test environment deployed for the purposes of system testing environment environment together with dedicated test "Test environment" refers to a system of devices, separate from the production environment, that is expressly for test together with development environment. dedicated test the development environment is
by the user. established system environment testing. Test phase environments which will be used as production environments after the system is launched are environment [+] A testing environment is prepared. system environment prepared.
development not included in this item. established development [-] No development environment for
environment environment testing is prepared. [-] A joint development/testing
X [Level] [+] A testing environment separate environment is prepared.
Select level 0, "No system test environment established" for situations where a test environment is used during from the development environment is
the test phase, but upon system launch, the environment is becomes the production environment. prepared.
C.4.3.1 Manual Level of operation manual preparation Manual Standard A normal A normal A manual [Level] 0 Standard Administrators will refer to product 2 A normal Assuming that users will perform 3 A manual The creation of a manual which
preparation level preparation level manuals of each operation system operation system customized in The normal operation manual contains explanations of standard system infrastructure operation (startup, manuals of manuals for information regarding operation maintenance operations during customized in follows user operation center rules is
product are used manual is manual and accordance shutdown, etc.) and functions. The maintenance operation manual contains explanations of system infrastructure each product how to operate the system. Users system emergency situations, maintenance accordance desired.
provided maintenance with user maintenance work operations (part replacement, data recovery procedures, etc.) and functions. are used will create operation manuals as manual and manual containing recovery with user
operation system system First-line support related contents (system switchover work, log acquisition procedure, etc.) related to failures are needed. maintenance procedures, etc., will be created. system [-] General operation manuals
manual are operation rules included in the normal operation manual. Information about recovering from backups is contained in the operation operation prepared by vendors are sufficient.
provided is provided maintenance manual. [+] Manuals must be obtained from system [-] All maintenance work is requested rules is
the vendors. manual are to the vendor, so an operation provided
X X [Impact on Operation Costs] provided manual with explanations of
The creation of manuals customized in accordance with user operation increases deployment costs, but speed operations for normal operation will
up user reference during operation, resulting in reduced operation costs. be created.
[+] A special operating manual
containing user-specific operation
rules will be created.
C.4.4.1 Remote operation This item defines whether or not it is possible Remote No remote Remote Remote [Level] 0 No remote The number of devices is low, so 1 Remote Remote monitoring will be performed 2 Remote Centralized remote monitoring of all
to perform monitoring and operation via the monitoring site monitoring monitoring monitoring Monitored contents must be confirmed in the corresponding C.1.3.1 "Operation monitoring." monitoring remote centralized monitoring will not monitoring only for servers located in the center, monitoring equipment which constitute the
network from an environment separated from performed performed via performed from performed be performed. performed via and monitoring of client terminals performed system will be performed from a
the system installation environment. campus LAN remote location [Impact on Operation Costs] campus LAN located in branches will not be from remote monitoring center.
Implementing remote monitoring requires special hardware and software deployment, resulting in higher [+] Even if the number of devices is performed. location
deployment costs. However, with remote monitoring, there is no need for system administrators to physically go low, a separate monitoring server will [-] Only server equipment in the
to where the servers are installed to check operations, resulting in lowered operation costs. be prepared for remote monitoring. [-] Direct monitoring via console will center will be remotely monitored,
be performed for server equipment and client terminals in branches will
X X as well. be directly monitored via connected
[+] Centralized remote monitoring will consoles.
be performed for client terminal
equipment located in branches as
well.
C.4.4.2 Remote No remote Only routine Unspecified [Metric] 0 No remote All maintenance operations will be 1 Only routine Maintenance operations on 2 Unspecified The operation department and
operation scope operation processes are processes are Consider the scope of operations which can be carried out from a remote monitoring site. operation performed locally on the machines. processes are equipment will be performed from processes are system installation locations are
performed performed from performed from performed performed remote monitoring terminals used to performed separate, and all operations on the
remote remote [Level] [+] Remote management terminals from remote perform centralized monitoring. For from remote equipment will basically be
Software to perform remote routine processes is inexpensive, while allowing unspecified remote operation results will be prepared to perform security purposes, restrictions on performed remotely.
in the need to consider security and other additional aspects, so the level is higher for unspecified remote maintenance operations remotely. operations that can be executed will
operation than routine processes. be defined in advance. [-] It is acceptable if only a certain set
X X of remote operations can be
[Impact on Operation Costs] [-] Remote operations will not be performed.
Implementing remote operation requires special hardware and software deployment, resulting in higher performed.
deployment costs. However, with remote operation, there is no need for system administrators to physically go to [+] Remote operations can be
where the servers are installed to perform maintenance operations, resulting in lowered operation costs. performed without restrictions.
C.4.5.1 External system This item relates to whether or not the system Existence of No connections Connected to Connected to [Metric] 0 No The system is an intradepartmental 1 Connected to The system is a company's mission- 2 Connected to The system is a social infrastructure
connection is connected to an external system which external system with external external systems external systems If connecting to external connections, check their interfaces. connections system, and is not linked with any external critical system linking to other external system that links with many other
affects system operation. connections systems inside the outside the with external other systems. systems systems within the company for order systems corporate systems to perform
company company systems inside the placement/reception, inventory outside the processing.
[+] There are other systems to which company management, etc. company
the system in question connects, [-] The are no linked external
such as when transmitting data to [-] There are no other systems with systems.
X systems which store or analyze which the system in question
history data, etc. exchanges data.
[+] The system connects to and
exchanges data with systems outside
the company.
C.4.5.2 Existence of No monitoring Connected to Connected to [Level 2]

monitoring system existing new monitoring "Connected to new monitoring system" refers to situations where construction of a new monitoring functionality
system monitoring system for the system is included in the requirements definition scope.
system
C.4.5.3 Existence of job No job Connected to Connected to [Level 2]

management management existing job new job "Connected to new job management system" refers to situations where construction of a new job management
system system management management functionality for the system is included in the requirement definition scope.
system system
C.5.1.1 Support Maintenance Scope of hardware requiring maintenance. Maintenance No maintenance Maintenance Multivendor Multivendor [Level] 1 Maintenance Individual hardware products which 2 Multivendor The system will be designed using 3 Multivendor A single inquiry desk for system
structure contract contract contract contract with support contract support contract "Maintenance contract with each vendor for its own products (hardware) only" refers to the establishment of contract with constitute the system will be support existing equipment. Support for support related inquiries will be established,
(hardware) (hardware) scope each vendor for (some (extending to all support contracts with individual vendors who supply the products that make up the system, to provide support each vendor procured, and the system integration contract existing equipment is provided by contract reducing the burden placed on
its own products exceptions products which service for only said products. for its own will be performed by the user. (some separate vendors. (extending to administrators.
(hardware) only allowed) make up products exceptions all products
system) "Multivendor support contract" refers to the establishment of a support contract with a vendor who supplies (hardware) [+] A systems integrator will perform allowed) [-] A one-stop support desk for which make [-] Central inquiry desk functions are
support service for the entire system, and serves as a one-stop support contact for any issues affecting the only overall system procurement. handling multiple products is not up system) not necessary for some products,
X X system, which is made up of products produced by multiple vendors. necessary. such as when special products or
[+] A one-stop support desk must existing equipment are used in
[Impact on Operation Costs] provide support for all products which system establishment.
Support contracts may appear to cause operating costs to rise, but as the costs involved in handling problems constitute the system, with no
when they arise can be significant, support contracts may actually result in lower operating expenses. exceptions.
C.5.2.1 Maintenance Scope of software requiring maintenance. Maintenance No maintenance Maintenance Multivendor Multivendor [Level] 1 Maintenance Individual software products which 2 Multivendor The system will be built using 2 Multivendor A single inquiry desk for system
contract (software) contract contract contract with support contract support contract "Maintenance contract with each vendor for its own products (software) only" refers to the establishment of contract with constitute the system will be support existing software licenses. Support support related inquiries will be established,
(software) scope each vendor for (some (extending to all support contracts with individual vendors who supply the products that make up the system, to provide support each vendor procured, and the system integration contract for existing software is provided by contract reducing the burden placed on
its own products exceptions products which service for only said products. for its own will be performed by the user. (some separate vendors. (some administrators.
(software) only allowed) make up products exceptions exceptions
system) "Multivendor support contract" refers to the establishment of a support contract with a vendor who supplies (software) [+] A systems integrator will perform allowed) [-] A one-stop support desk for allowed) [-] Central inquiry desk functions are
support service for the entire system, and serves as a one-stop support contact for any issues affecting the only overall system procurement. handling multiple products is not not necessary for some products,
X X system, which is made up of products produced by multiple vendors. necessary. such as when special products or
[+] A one-stop support desk must existing equipment are used in
[Impact on Operation Costs] provide support for all products which system establishment.
Support contracts may appear to cause operating costs to rise, but as the costs involved in handling problems constitute the system, with no
when they arise can be significant, support contracts may actually result in lower operating expenses. exceptions.
C.5.3.1 Lifecycle period The operation maintenance support period, Lifecycle period 3 years 5 years 7 years 10 years or [Metric] 0 3 years A reorganization will take place 2 7 years The system's lifecycle is determined 3 10 years or Businesses performed on the system
and the actual system operation lifecycle longer "Lifecycle period" here refers to the defined period until the next system renewal. When the lifecycle is longer within 3 years, and a system renewal as 7 years, in accordance with the longer will continue for at least 10 years, so
period. than the available maintenance periods of the individual products, maintenance extension, upgrades to will be necessary. support period of the software the system's lifecycle has been
maintainable versions, etc., are required. introduced. adjusted accordingly.
[+] The system's lifecycle is specified
for about 7 years according to [-] The support period of the software [-] The support period(s) of the
company policies, etc. or hardware introduced is shorter. introduced software and/or hardware
X [+] Due to internal control, etc. is shorter, so the system's lifecycle
factors, the business performed on has been adjusted accordingly.
the system must be continued for 10
years or longer, so the lifecycle has
been adjusted accordingly.

Important item
Overlapping
Impact on
operation
costs
item
C.5.4.1 Division of This item relates to the division of vendor / Division of Performed Performed Performed
maintenance work user roles regarding maintenance operations, maintenance entirely by users partially by users entirely by
roles and the number of assigned personnel. work roles vendor
C.5.5.1 Division of first-line This item relates to the division of vendor / Division of first- Performed Performed Performed
support roles user roles regarding first-line support, first- line support roles entirely by users partially by users entirely by
line support time, and the number of vendor
assigned personnel.
C.5.6.1 Support personnel This item relates to the number of personnel Number of None stationed 1 person Multiple people
that make up the support structure, support vendor side
time, and skill levels. stationed
assigned
personnel
C.5.6.2 Vendor side No support During vendor Support Support not 24 hour support
support time slots business hours available except offered for
(09:00 to 17:00) at night (09:00 - approximately 1
21:00) hour per day
due to
handover
(09:00 - 08:00
the next day)
C.5.6.3 Vendor side Not specified Able to operate Able to Well-versed in Involved in
support equipment under understand the system system
personnel direction of an system operation and development
required skill expert configuration, maintenance and/or
level and acquire and procedures, construction,
check logs and capable of and is well-
performing versed in
hardware and business
software requirements
maintenance and user
situation
C.5.6.4 Escalation Not specified On-call standby Hub standby On-site standby [Metric]
handling Confirm the expert personnel standby system at escalation point for ISV / IHV products which require escalation
in the event of a failure.
C.5.7.1 Deployment Whether or not there is special support for Deployment None Same day only 1 week or less 1 month or less 1 month or
support system deployment, and, if so, for how long. support period for more
system test
operation
C.5.7.2 Deployment None Same day only 1 week or less 1 month or less 1 month or
support period for more
system entering
production
operation
C.5.8.1 Operation training This item relates to the implementation of Division of roles Not performed Performed Performed Performed
operation training. for operation entirely by users partially by users entirely by
training vendor
implementation
C.5.8.2 Operation Not performed Normal operation Normal operation Normal [Level]
training scope training training and operation, "Normal operation" refers to normal system infrastructure operation (startup, shutdown, etc.). "Maintenance
performed maintenance maintenance operation" refers to system infrastructure maintenance work operations (part replacement, data recovery
operation operation, and procedures, etc.).
training failure recovery
performed operation
training
performed
C.5.8.3 Implementation Not performed Only at system Held regularly

frequency of launch period
operation training
C.5.9.1 Regular reporting Whether or not regular reporting meetings Implementation None Once / year Once / 6 months Once / 3 Once / month Once / week or [Metric]
meetings are held to report on maintenance. frequency of months more Non-regular reporting meetings that are held when failures occur are not included in this metric.
regular reporting
meetings
C.5.9.2 Report content None Failure reporting Failure reporting Failure

level only and operation reporting,
condition operation
reporting condition
reporting, and
improvement
proposals
C.6.1.1 Other operation Internal control This item relates to whether or not to perform Existence of Internal control Internal control New regulations [Metric] 0 Internal The system is not subject to internal 1 Internal In accordance with company 1 Internal Internal control support will be
management support internal control support for IT operation Internal control support is not support is are established, This item confirms whether internal control support will be performed. After confirming whether or not internal control control, so support will not be control regulations, internal control support control performed in accordance with legal
policies process. support specified performed in and internal control support will be performed, clarify specific support methods (whether control would be carried out during support is not offered. support is will be performed. support is requirements.
implementation accordance with control support is operation, or by implementing functions in the system, etc.). specified performed in performed in
existing performed in [+] The system is not subject to accordance [-] The system is not subject to accordance [-] There are no laws or company
company accordance with internal control, but the department with existing internal control, so support will not be with existing internal control rules, etc., which
X regulations. them. has decided that internal control company provided. company must be conformed with.
support will be provided. regulations. [+] There are no existing rules, but regulations. [+] There are no existing rules, but
new rules will be established when new rules will be established when
the system is constructed. the system is constructed.
C.6.2.1 Service desk This item relates to whether or not there will Presence of Service desk Existing service New service [Metric] 0 Service desk No service desk functions will be 1 Existing There is an existing service desk for 2 New service The vendor will establish a dedicated
be a service desk function which serves as a service desk establishment not desk will be used desk will be This item confirms whether or not a service desk will be established for communications between users and the establishment provided for interfacing between the service desk interfacing with a vendor with whom desk will be service desk function for the system.
single point for user contact. specified established vendor. After confirming whether or not a service desk function will be provided, clarify specific implementation not specified user and vendor; instead, they will be will be used there is a multivendor support established
methods. handled individually. contract. [-] An existing service desk function
will be used.
[+] A service desk will be established. [-] No service desk will be
X established.
[+] For vendors dealing for the first
time, there is no existing service
desk.
C.6.3.1 Incident This item relates to whether or not rapid Incident Incident Incident New incident [Metric]
management recovery processes are implemented for management management not management will management This item confirms whether or not incidents which occur within the system are managed. After confirming whether
incidents which result in business outages. implementation specified be performed in process will be or not incident management will be performed, clarify specific implementation methods.
accordance with established
existing incident
management
process

Important item
Overlapping
Impact on
operation
costs
item
C.6.4.1 Problem This item relates to whether or not incident Problem Problem Problem New problem [Metric]
management root cause will be tracked down, and, when management management not management will management This item confirms whether or not problem management will be carried out to identify the root causes of
possible, processes will be carried out to implementation specified be performed in process will be incidents. After confirming whether or not problem management will be performed, clarify specific implementation
eliminate said root causes. accordance with established methods.
existing problem
management
process
C.6.5.1 Configuration This item relates to whether processes will be Configuration Configuration Configuration New [Metric]
management carried out to appropriately manage IT management management not management will configuration This item confirms whether or not configuration management will be performed to manage to make sure released
environment configuration, such as hardware implementation specified be performed in management hardware and software is configured appropriately within the user environment. After confirming whether or not
and software. accordance with process will be configuration management will be performed, clarify specific implementation methods.
existing established
configuration
management
process
C.6.6.1 Change This item relates to whether processes will be Change Change Change New change [Metric]
management carried out to efficiently manage IT management management not management will management This item confirms whether or not change management will be performed to manage system environment
environment changes. implementation specified be performed in process will be changes such as hardware replacement, software patch application, version upgrades, and parameter changes.
accordance with established After confirming whether or not change management will be performed, clarify specific implementation methods.
existing change
management
process
C.6.7.1 Release This item relates to whether or not release Release Release Release New release [Metric]
management management will be performed for software, management management not management will management This item confirms whether or not release management will be implemented to manage whether authorized
hardware, and IT service deployment. implementation specified be performed in process will be changes are correctly made to the system environment. After confirming whether or not release management will
accordance with established be performed, clarify specific implementation methods.
existing release
management
process
D.1.1.1 Migratability Migration period Migration schedule The system migration period from migration System migration No system Less than 3 Less than 6 Less than 1 Less than 2 2 years or 1 Less than 3 The system must be constructed 4 Less than 2 System migration must span a fiscal 5 2 years or The migration process, from planning
work planning to the start of operation, period migration months months year years longer months within a short amount of time. years year. longer to operation, must place safety as its
dates/times for system outages, whether or highest priority.
not parallel operation will be performed. X [+] System construction is performed [-] Shorter period of time
(Including rollback time for exceptional within a medium to long term span. [+] A longer period of time is required. [-] Shorter period of time
circumstance, pre-migration backup work,
etc.)
D.1.1.2 Days/times when No limitations 5 days or more Less than 5 days 1 day During low System outage [Metric] 1 5 days or The impact on business is minimal, 4 During low System outage is possible during 5 System System down time must be
system outages (System can be (Using usage times for system For some systems, it may not be possible to secure continuous days or time slots for system outage. (For more and system outage of several days usage times time periods when there is relatively outage for minimized.
are possible shut down for as scheduled (night, etc.) migration is not example, 1 full day, followed by a day where the system can only be shut down at night, followed by a scheduled or longer is acceptable. (night, etc.) little business. system
long as needed) system outage allowed system outage day, when the system can be shut down for a full day.) migration is [-] A downtime period will be secured
day) When this is the case, confirm both days and time slots available for system outage. [-] Outages will be longer. [-]Outages will be longer. not allowed
[+] Outages will be shorter.
[Level]
X Level 0 indicates that the system can be shut down for as long as needed for migration, regardless of system
limitations. Levels 1 and over indicate the days/times when system outages are possible, given system outage
(business, etc.) related limitations. The higher the level, the greater the effect of system limitations on migration
plans, such as days/times when the system can be shut down for migration.
D.1.1.3 Existence of None Yes [Level 1] 0 None A sufficient amount of system 1 Yes There is little available system 1 Yes System outage is not possible for
parallel operation When parallel operation is used, specify the period, location, etc. F.4.2.3 and F.4.4.3 are related items. downtime can be secured for downtime for migration, so, migration, so migration risk reduction
migration, so the need for parallel considering the risks involved in is the highest priority, and parallel
operation is low. migration, parallel operation is operation is essential.
necessary.
[+] System downtime for migration [-] System downtime for migration
X cannot be secured, so parallel [-] System downtime for migration can be secured, so parallel operation
operation will be performed. can be secured, so parallel operation will not be performed.
will not be performed.
D.2.1.1 Migration System To what degree multi-step deployment Number of steps No regulations, Simultaneous Less than 5 Less than 10 Less than 20 20 steps or [Level] 0 No No rules on deployment are 1 Simultaneous Switchover performed concurrently in 2 Less than 5 Phased deployment is necessary.
scheme deployment schemes are used in system migration and for site as there is only 1 deployment steps steps steps more Depending on site deployment risks, the difficulty may be reversed, with simultaneous deployment being the regulations, necessary, as the system is deployment order to maximize efficiency. There is steps
scheme new deployments. deployment site most difficult. Consider deployment risks of the system for each site and determine the number of steps for site as there is monolithic. little need for phased migration [-] Concurrent deployment is
migration. only 1 site performed.
X [+] System deployment must be [+] Phased deployment is necessary. [+] The number of phases must be
considered. increased.
D.2.1.2 Number of steps No regulations, Simultaneous Less than 4 Less than 6 Less than 10 10 steps or [Level] 0 No No rules on deployment are 1 Simultaneous Switchover performed concurrently in 2 Less than 4 Phased deployment is necessary.
for business as there is only 1 deployment for steps steps steps more Depending on business deployment risks, the difficulty may be reversed, with simultaneous deployment being regulations, necessary, as the system is deployment order to maximize efficiency. There is steps
deployment business all businesses the most difficult. Consider deployment risks of the system for each business and determine the number of steps as there is monolithic. for all little need for phased migration [-] Concurrent deployment is
for business deployment. only 1 businesses performed.
X business [+] System deployment must be [+] Phased deployment is necessary. [+] The number of phases must be
considered. increased.
D.3.1.1 Migration scope Equipment to be Which equipment used in the system before Equipment / Nothing in Hardware Hardware, OS, Total system Total system [Level] 0 Nothing in Facility equipment must be newly 3 Total system Migration includes business 2 Hardware, Renewal of business applications will
(equipment) replaced migration will be replaced with new device migration migration scope replacement of and middleware replacement of replacement Reach consensus for each piece of equipment when there are multiple pieces of equipment within the migration migration installed. replacement applications. OS, and not be performed, but measures
equipment in the new system. contents equipment / replacement of equipment / and integration scope, and migration contents vary for each. scope of equipment / middleware such as preventing to become
devices in equipment / devices in of equipment / [+] There is existing facility devices in [-] There is no renewal of business replacement obsolete and improving performance
migration scope devices in migration scope devices in equipment. migration applications. of equipment / are necessary.
X migration scope migration scope scope [+] The extent of renewal for the devices in
business applications is large. migration [-] Hardware replacement only
scope [+] Business application renewal will
be performed.
D.4.1.1 Migration scope Migration data The amount of business data which must be Migration data Nothing in Less than 1TB Less than 1PB 1PB or more 1 Less than Less than 1TB (terabyte) of data 2 Less than Less than 1PB (petabyte) of data 3 1PB or more 1PB (petabyte) or more of data must
(data) volume migrated (including programs) from the old volume migration scope 1TB (master data, etc.) must be migrated. 1PB must be migrated. be migrated.
system.
X [+] Over 1TB [-] Less than 1TB [-] Less than 1PB
[+] 1PB or over
D.4.1.2 Migration data Nothing in Same format as Different format [Metric] 1 Same format The current data format will be used 2 Different Data format changes is necessary 1 Same format In order to secure data continuity and
format migration scope migration than migration "Data format" refers to data format patterns which must be considered during new system migration, such as as migration without change. format than due to business efficiency as migration compatibility with other systems, the
destination destination application dependant formats, table formats, and character codes. destination migration improvement and integration, etc. destination current data formats will be used
[+] Data format changes are destination without change.
X [Level] necessary. [-] Migration data format will not be
When there are multiple migration data format patterns, perform data format confirmation for each. changed. [+] Data format changes are
necessary.
D.4.2.1 Migration media The volume of media to be migrated, and the Volume of Nothing in Less than 10 Less than 1000 1000 or more
number of media types needed for migration. migration media migration scope (Less than 1TB) (Less than 1PB) (1PB or more)
D.4.2.2 Number of Nothing in 1 type 2 types 3 types 4 types 5 types or more [Metric]
migration data migration scope The total number of types of media which must be used during migration (ex: tapes, disks, paper forms, etc.).
media types Data transfer via network connection shall also be included as a media type.
D.4.3.1 Converted objects Volume of data to undergo conversion, and Volume of data to No data to be Less than 1TB Less than 1PB 1PB or more
(DB, etc.) difficulty of data conversion tool(s) (number of be converted converted
conversion rules).

Important item
Overlapping
Impact on
operation
costs
item
No. Converted objects Volume Minor category
of data to undergodescription
conversion, and Notes
(DB, etc.) difficulty of data conversion tool(s) (number of 0 1 2 3 4 5 Selected level Selection conditions Selected level Selection conditions Selected level Selection conditions
conversion rules).
D.4.3.2 Difficulty of Migration tool(s) Migration tool(s) Migration tool(s) Migration tool(s) Migration tool(s)
migration tool(s) unnecessary with less than 10 with less than 50 with less than with 100 or
(number of or conversion rules conversion rules 100 conversion more
conversion rules) Support offered rules conversion
by existing rules
migration tool(s)
D.5.1.1 Migration plans Migration work Division of migration work. Division of Performed Performed by Performed [Metric]
division migration work entirely by user user and vendor entirely by Final migration result should be confirmed by the user, regardless of the selected level. It is advisable to
between user together vendor conclude security arrangements between the user and vendor regarding the handling of user data. Please check
and vendor "F.1.1.1 System construction restrictions" for specific contents.
[Level 1]
When performing migration work together, the division of operations by the user and vendor must be specified.
This is especially true for data to be migrated, as specifications must be established regarding the division of
duties involved in old system migration scope data investigation, selection and conversion of migration data,
entry of data into the production system, data confirmation, and the like.
D.5.2.1 Rehearsal Migration rehearsal (including rehearsal of Rehearsal scope No rehearsal Main problem- All problem-free Problem-free Problem-free
handling failures during migration). free migration migration cases migration cases migration cases
cases only + abnormal + abnormal
cases requiring cases requiring
rollback to pre- recovery from
migration state system failure
D.5.2.2 Rehearsal No rehearsal Production data Production data [Level]

environment is usable is not usable Security risks, etc. such as information leakage due to using production data shall be determined in "F.1.1.1
System construction restrictions." This item is limited to the rehearsal environment.
D.5.2.3 Number of No rehearsal 1 time 2 times 3 times 4 times 5 times or more

rehearsals
D.5.2.4 Joint rehearsal None Yes Yes [Metric]

with external (No external (With external When connection specifications for external systems are changed, support may be offered in the new system for
entities connection connection both old and new connection specifications in order to reduce system migration risks. When this is the case, a
specification specification joint rehearsal with external entities must be scheduled to confirm both connection specifications.
changes) changes)
[Level]
When joint rehearsals with external entities are performed, the external system with which the rehearsal are
performed as well as the scope of the rehearsals, environment, and number of rehearsals must be specified.
D.5.3.1 Problem handling Contents of support structure, support plans, Existence of Not specified Only support Support structure [Level]
etc., for problems occur during migration. problem handling structure and support plan When problem handling specifications are in place, confirm the specification contents of the support structure
specifications specified specified and support plan.
E.1.1.1 Security Prerequisites / Information This item is for confirming whether or not there Existence of None Yes [Metric] 0 None Levels must be determined in 0 None Levels must be determined in 0 None Levels must be determined in
restrictions security related are information security related organizational applicable Regulations, laws, guidelines, etc., must be confirmed, and decide security related non-functional requirement accordance with user requirements. accordance with user requirements. accordance with user requirements.
compliance policies, rules, laws, guidelines, etc., which company item levels in accordance with them.
must be observed by users. regulations, rules,
In the event that there are rules, etc to be laws, guidelines, [+] There are rules, laws, guidelines, [+] There are rules, laws, guidelines, [+] There are rules, laws, guidelines,
observed, measures must be considered to etc. etc., which must be conformed with. etc., which must be conformed with. etc., which must be conformed with.
ensure that there are no conflicts with said
regulations, etc.
Ex)
• Information security policy
• Act Concerning the Prohibition of
Unauthorized Computer Access
• Personal Information Protection Law
• Electronic Signature Law
• Provider Responsibility Law
• Act on Regulation of Transmission of Specified
Electronic Mail
• Sarbanes-Oxley Act
• Basic Law for Building an Advanced Info-
Communications Network X
• ISO/IEC27000 series
• Standards for Information Security Measures
for the Central Government Computer Systems
• FISMA
• FISC
• PCI DSS
• PrivacyMark System
• TRUSTe
Etc.
(* The above examples are mainly Japanese

laws, systems, etc.)
E.2.1.1 Security risk Security risk This item confirms the policy regarding the Risk analysis No analysis Scope which Development [Level 1] 0 No analysis Detailed risk analysis will not be 1 Scope which Since important data will be handled, 2 Development There is a threat of attacks via
analysis analysis scope of system threat identification and scope includes highly scope "External connection related areas" refer to external connections to the Internet, connections to media, etc., used performed, but basic measures will includes the risk of threats becoming a reality scope network by an unspecified number of
impact analysis for the developed system. important assets, for carrying information and data outside the system, and areas which handle data transactions with external be enacted. highly is high. As such, risk analysis is attackers. Also, since important data
In order to establish an appropriate scope, it and external systems. important necessary for areas where highly will be handled, the risk of threats
is necessary to identify assets, confirm data connection The same meaning is used for all levels. assets, and important assets will be handled. becoming a reality is high. As such,
lifecycles, etc. related areas external risk analysis is necessary for the
The scope of countermeasures for identified connection [-] There is no threat, such as entire system.
threats must also be considered. related areas leakage, of important information (or
the risks are accepted). [-] Data transfer and modifications,
X
[+] There will be a great deal of etc., will not occur, so there are no
information transfer or status threats due to changes in access
changes. rights to related information, etc. (or
the threat is accepted).
E.3.1.1 Security Security This item is used to confirm whether or not Existence of None Yes [Metric] 1 Yes There is a threat of attacks via 1 Yes Important data will be handled, so 1 Yes There is a threat of attacks via
diagnostics diagnostics specialized security testing and inspection network "Network diagnostics" refer to diagnosis, in a broad sense, of the system. Network diagnostics include visual network by an unspecified number of analysis of vulnerabilities to internal network by an unspecified number of
will be performed for the system and diagnostics confirmation of settings, as well as diagnoses of vulnerabilities by performing simulated attacks (penetration attackers. As such, analysis of network based attacks must be external attackers. Also, since
individual documents (design documentation, implementation testing). vulnerabilities to network based performed. important data will be handled, the
environment definition documents, attacks must be performed. risk of threats becoming a reality is
implemented software source code, etc.) [-] Personnel with expert level high. As such, analysis of
[-] Personnel with expert level security knowledge will give sufficient vulnerabilities to network based
security knowledge will give sufficient consideration to internal network attacks must be performed.
consideration to network based based attack countermeasures, and
X attack countermeasures, and create create relevant documentation. [-] Personnel with expert level
relevant documentation. security knowledge will give sufficient
consideration to network based
attack countermeasures, and create
relevant documentation.

individual documents (design documentation,
environment definition documents,
implemented software source code, etc.)
Important item
Overlapping
Impact on
operation
costs
item
E.3.1.2 Existence of Web None Yes [Metric] 1 Yes There is a threat of attacks via 1 Yes Threat of internal network based 1 Yes There is a threat of attacks via
site diagnostics "Web site diagnostics" refers to security diagnostics of Web servers and Web applications performed on Web network from a great number of attacks could occur, so network from a great number of
implementation sites. attackers. As such, analysis of Web countermeasures must be attackers. As such, analysis of Web
application related vulnerabilities implemented. application related vulnerabilities
must be performed. must be performed.
X [-] There is no need to assume
[-] Web applications will not be used. internal attacks. Web applications will [-] Web applications will not be used.
not be used.
E.3.1.3 Existence of None Yes [Metric]

database "Database diagnostics" refers to security diagnostics performed on database systems.
diagnostics
implementation
E.4.1.1 Security risk Security risk This item is for confirming the scope of Security risk None Performed when Performed when [Level]
management review identifying newly discovered threats affecting review frequency security related security related "Performed when security related events occur" refers to when information security related incidents, such as
the system after starting the operation, as events occur (as events occur (as virus infection, unauthorized access, DoS attacks, information leaks, and the like occur.
well as analysis of their impact. needed) needed)
This includes investigation etc. of security +
holes, vulnerabilities, and new threats. Performed
regularly
E.4.1.2 Security risk No analysis Scope which Entire system

review scope includes highly
important assets,
and external
connection
related areas
E.4.2.1 Security risk This item is for confirming the policy Risk support No support Support for Support for all
countermeasure regarding countermeasures against threats scope after highly important identified threats
review discovered after starting the operation. starting the assets, and
When considering this item, clarify the operation external
support scope for identified threats. connection
related areas
E.4.2.2 Risk None Yes [Level 1]

countermeasure If there is a risk countermeasure policy, the type of measures which will be implemented must be confirmed.
policy
E.4.3.1 Security patch This item is for confirming the scope, policies, Security patch Security patches Scope which Entire system
application and timing for applying security patches to application scope are not applied includes highly
counter system vulnerabilities, etc. important assets,
These security patches include antivirus and external
pattern files, etc. connection
The scope of security patch application must related areas
be confirmed for each OS, middleware
products, etc., and when considering security
E.4.3.2 patch application, the effect on the entire Security patch Security patches Only highly All security
system must be verified, and whether or not application policy are not applied critical security patches are
to apply the patch must be determined. patches are applied
It is advisable to clearly define effect applied
verification, etc., in the maintenance contract.
E.4.3.3 Security patch Security patches Applied together Applied during Applied when
application timing are not applied with recovery scheduled patches are
patches maintenance issued
E.5.1.1 Access / usage Authentication This item confirms whether or not agent (user Authentication of Not performed 1 time Authentication Authentication [Metric] 1 1 time In order to prevent attackers from 2 Authentication In order to prevent attackers from 2 Authentication In order to prevent attackers from
restrictions function and equipment, etc.) authentication is agents with performed performed "Agents with administrative rights" refers to system administrators and business and operation administrators. obtaining and abusing administrative performed obtaining administrative privileges performed obtaining administrative privileges
performed in order to use assets, and, if so, administrative multiple times multiple times privileges, authentication must be multiple times and leaking information, etc., multiple times and leaking information, etc.,
to what degree. rights using different performed. authentication must be performed authentication must be performed
The effectiveness of deterrence can be authentication multiple times. multiple times.
raised by performing authentication multiple methods [+] Some of the processes which can
times. X be executed by those with [-] Entities with administrative
Authentication methods include ID/password administrative privileges are critical privileges cannot access the system
authentication and IC card authentication, for business. via external networks.
etc.
E.5.1.2 Authentication of Not performed 1 time Authentication Authentication

agents without performed performed
administrative multiple times multiple times
rights using different
authentication
methods
E.5.2.1 Usage restrictions This item is for confirming whether or not Operation None Only minimum [Metric] 1 Only The installation of unauthorized 1 Only minimum The installation of unauthorized 1 Only minimum The installation of unauthorized
software or hardware access controls are restrictions necessary Refers to software measures such as software installation restrictions, usage restrictions, etc. minimum software or the opening of unneeded necessary software or the opening of unneeded necessary software or the opening of unneeded
placed on the usage, etc. of assets by placed by system amount of necessary access paths (ports, etc.) may result amount of access paths (ports, etc.) may result amount of access paths (ports, etc.) may result
authenticated agents (users and equipment). measures program amount of in the threat of information leakage program in the threat of information leakage program in the threat of information leakage
Ex) Door and storage cabinet locks, USB, execution, program becoming a reality. As such, execution, becoming a reality. As such, execution, becoming a reality. As such,
CD-RW, keyboard, and other input/output command execution, unnecessary methods for accessing command unnecessary methods for accessing command unnecessary methods for accessing
device restrictions, command execution operation, and command this information, etc., must be limited. operation, and this information, etc., must be limited. operation, and this information, etc., must be limited.
restrictions, etc. file access is operation, (There is a possibility that limiting file access is (There is a possibility that limiting file access is (There is a possibility that limiting
permitted and file operations may impact convenience permitted operations may impact convenience permitted operations may impact convenience
access is and availability.) and availability.) and availability.)
permitted
X [-] For terminals which do not serve [-] For terminals which do not serve [-] For terminals which do not serve
as bases for attacks on important as bases for attacks on important as bases for attacks on important
information, etc., countermeasures information, etc., countermeasures information, etc., countermeasures
based on operational methods will be based on operational methods will be based on operational methods will be
used. used. used.
E.5.2.2 Operation None Only minimum [Metric]

limitations placed amount of This refers to physical measures, such as access management for server rooms via security gates, etc., locks for
by physical hardware usage data storage locations, servers, etc., and restrictions on input/output devices such as USB memory or CD-RWs.
measures and operation
allowed
E.5.3.1 Management This item relates to the establishment of rules Management rule Not performed Performed
method concerning the addition, updating, deletion, establishment
etc., of information necessary for
authentication (ex: unique agent identification
information such as IDs/passwords,
fingerprints, retinal scans, and vein patterns).

Important item
Overlapping
Impact on
operation
costs
item
E.6.1.1 Data Data encryption This item is for confirming whether or not Transmitted data None Only Important [Level 1] 1 Only Encryption will be performed on 2 Important In order to counter the threat of 2 Important In order to counter the threat of
confidentiality encryption of confidential data is performed encryption authentication information is "Only authentication information is encrypted" means that, regardless of whether the system is handling critical authenticatio passwords, etc. that are sent over information is eavesdropping, etc., especially information is eavesdropping, etc., especially
when transmitting or storing data. information is encrypted information, only authentication information, such as passwords, etc., is encrypted. n information the network in order to prevent them encrypted important data must be encrypted encrypted important data must be encrypted
encrypted is encrypted being obtained by third parties. when transmitted, even over the local when transmitted, even over the local
network. network.
[-] Authentication information is not (There is a possibility of decreased (There is a possibility of decreased
be sent over the network. performance due to encryption of performance due to encryption of
transmitted data.) transmitted data.)
[-] Physical measures, such as the [-] Physical measures, such as the
X use of leased lines, are used / The use of leased lines, are used / The
threat of eavesdropping on local threat of eavesdropping on local
networks is accepted / Important networks is accepted / Important
data will be handled which does not data will be handled which does not
require confidentiality but does require confidentiality but does
require integrity. require integrity.
E.6.1.2 Encryption of None Only Important [Level 1] 1 Only 2 Important In order to counter the threat of the 2 Important In order to counter the threat of the
stored data authentication information is "Only authentication information is encrypted" means that, regardless of whether the system is handling critical authenticatio information is leakage of important information information is leakage of important information
information is encrypted information, only authentication information, such as passwords, etc., is encrypted. n information encrypted such as personal information, encrypted such as personal information,
encrypted is encrypted passwords, etc., stored in databases, passwords, etc., stored in databases,
on backup tapes, etc., stored data on backup tapes, etc., stored data
must be encrypted. must be encrypted.
(There is a possibility that encrypting (There is a possibility that encrypting
stored data may impact stored data may impact
performance.) performance.)
X [-] Safety will be secured through [-] Safety will be secured through
other multiple measures, such as other multiple measures, such as
using tamper-proof devices, using tamper-proof devices,
authentication measures, operation authentication measures, operation
measures, etc. / Important data will measures, etc. / Important data will
be handled which does not require be handled which does not require
confidentiality but does require confidentiality but does require
integrity. integrity.
E.6.1.3 Key management None Software based Tamperproof [Level]

key management device based "Software based key management" refers to the use of software settings, etc., to restrict access to private key
key management data.
"Tamperproof device based key management" refers to the use of IC cards or other physical measures in order
to provide management through dedicated devices with improved attack resistance. This makes it possible to
perform even more thorough management of threats such as key data tampering or leakage.
E.7.1.1 Fraud tracking / Fraud monitoring This item is for confirming the scope of Log acquisition Not performed Performed [Metric] 1 Performed Logs must be taken so that when 1 Performed Logs must be taken so that when 1 Performed Logs must be taken so that when
monitoring fraudulent activity monitoring, the volume of Acquired logs refer to logs such as the following, used to detect fraudulent activities. unauthorized access occurs, it is unauthorized access occurs, it is unauthorized access occurs, it is
stored monitoring records, and the length for • Login / logout history (success / failure) possible to confirm who did what, possible to confirm who did what, possible to confirm who did what,
which said monitoring records are retained. • Operation logs from where, when, and what from where, when, and what from where, when, and what
The types of logs which should be acquired Etc. happened as a result, and take happened as a result, and take happened as a result, and take
must be decided based on the specific immediate response measures. immediate response measures. immediate response measures.
system and service. X (There is a possibility that logging (There is a possibility that logging (There is a possibility that logging
When logs are taken, together with fraud processes may impact performance.) processes may impact performance.) processes may impact performance.)
monitoring targets, the scope of logs which
are checked for fraud must also be defined.
E.7.1.2 Log retention 6 months 1 year 3 years 5 years 10 years or Permanent 0 6 months Logs must be retained for an 2 3 years Logs must be retained for an 3 5 years Logs must be retained for an
period longer retention appropriate length of time for appropriate length of time for appropriate length of time for
purposes of fraudulent activity purposes of fraudulent activity purposes of fraudulent activity
checking, and in order to maintain an checking, and in order to maintain an checking, and in order to maintain an
audit trail of successful processes. audit trail of successful processes. audit trail of successful processes.
[-] Log confirmation interval is short. [-] Log confirmation interval is short. [-] Log confirmation interval is short.
X
[+] Capacity can be secured for [+] Capacity can be secured for [+] Capacity can be secured for
backups, etc. backups, etc. backups, etc.
E.7.1.3 Fraud monitoring None Scope which Entire system [Metric] 1 Scope which In order to detect threats when they 1 Scope which In order to detect threats when they 2 Entire system In order to detect threats when they
scope includes highly The "fraud monitoring scope (equipment)" metric is used to confirm the scope of logs which are to be acquired in includes occur, and immediately launch includes occur, and immediately launch occur, and immediately launch
(equipment) important assets, order to perform fraudulent access monitoring, etc., for servers, storage devices, etc. highly countermeasures, the scope of highly countermeasures, the scope of countermeasures, the scope of
and external important servers, storage, etc., to be important servers, storage, etc., to be servers, storage, etc., to be
connection assets, and monitored must be defined. assets, and monitored must be defined. monitored must be defined. Attacks
X related areas external external via external networks do not have a
connection connection limited attack scope, and as such,
related areas related areas monitoring must be performed of the
entire system.
scope (network) includes highly The "fraud monitoring scope (network)" metric is used to confirm the scope of logs which are to be acquired in includes occur, and immediately launch includes occur, and immediately launch occur, and rapidly launch
important assets, order to monitor unauthorized packets, etc., on the network. highly countermeasures, the scope of the highly countermeasures, the scope of the countermeasures, the scope of the
and external important network to be monitored must be important network to be monitored must be network to be monitored must be
connection assets, and defined. assets, and defined. defined. Attacks via external
X related areas external external networks do not have a limited attack
connection connection scope, and as such, monitoring must
related areas related areas be performed of the entire system.
scope (intruders / includes highly The "fraud monitoring scope (intruders / unauthorized operations). etc." metric is used to confirm the scope of includes occur, and immediately launch includes occur, and immediately launch occur, and immediately launch
unauthorized important assets, monitoring consisting of monitoring cameras installed to monitor for intruders, etc. highly countermeasures, the physical scope highly countermeasures, the physical scope countermeasures, the physical scope
operations, etc.) and external important to be monitored, such as floors, important to be monitored, such as floors, to be monitored, such as floors,
connection assets, and areas, etc. must be defined. assets, and areas, etc. must be defined. areas, etc. must be defined.
related areas external external
X connection [-] Room access management, connection
related areas operation restrictions, etc., are related areas
implemented sufficiently.
E.7.1.6 Confirmation None Performed when Performed when On-going [Level]

interval security related security related confirmation "Security related events" refer to when critical threats are detected, or when there is a possibility that an incident
events are events are has occurred due to service malfunctions, etc.
recognized (as recognized (as "On-going confirmation" refers to constant monitoring for unauthorized access, and the ability to take immediate
needed) needed) response measures.
+ The implementation of automatic detection systems, and systems where e-mail notifications, etc., are
Performed automatically sent in the event that fraudulent or unauthorized actions are detected, are included in "Performed
regularly when security related events occur (as needed)."
E.7.2.1 Data validation This item is for confirming whether a digital Digital signature None Yes
signature system is implemented in order to usage
make it possible to certify that data has been
correctly processed and stored, and to detect
data tampering.

Important item
Overlapping
Impact on
operation
costs
item
Data validation This item is for confirming whether a digital 0 1 2 3 4 5 Selected level Selection conditions Selected level Selection conditions Selected level Selection conditions
signature system is implemented in order to
make it possible to certify that data has been
E.7.2.2 correctly processed and stored, and to detect Confirmation None Performed when Performed when On-going
data tampering. interval security related security related confirmation
events are events are
recognized (as recognized (as
needed) needed)
+
Performed
regularly
E.8.1.1 Network Network control This item is for confirming whether Transmission None Yes [Level 1] 1 Yes In order to prevent threats, such as 1 Yes In order to prevent threats, such as 1 Yes In order to prevent threats, such as
measures transmission control is implemented in order control When implementing transmission control, firewall deployment, etc., must also be considered. becoming a stepping stone in becoming a stepping stone in becoming a stepping stone in
to block unauthorized transmissions. attacks, or having information taken attacks, or having information taken attacks, or having information taken
away, network controls such as away, network controls such as away, network controls such as
blocking of unauthorized blocking of unauthorized blocking of unauthorized
transmissions must be implemented. transmissions must be implemented. transmissions must be implemented.
X
[-] Threats, such as becoming a [-] Threats, such as becoming a [-] Threats, such as becoming a
stepping stone in attacks, are stepping stone in attacks, are stepping stone in attacks, are
accepted. accepted. accepted.
E.8.2.1 Fraud detection This item is for confirming the scope of Fraudulent None Scope which Entire system [Metric] 1 Scope which In order to identify unauthorized 1 Scope which In order to identify unauthorized 1 Scope which In order to identify unauthorized
network based fraud tracking / monitoring transmission includes highly Depending on the defined detection scope, the deployment of IDS, etc., must also be considered. includes transmissions and rapidly deploy includes transmissions and rapidly deploy includes transmissions and rapidly deploy
detection of fraudulent activities or detection scope important assets, highly countermeasures, fraud detection highly countermeasures, fraud detection highly countermeasures, fraud detection
transmissions within the system. and external important must be implemented. important must be implemented. important must be implemented.
connection assets, and assets, and assets, and
X related areas external external external
connection connection connection
related areas related areas related areas
E.8.3.1 Denial of service This item is for confirming whether Network None Yes 1 Yes The system must deal with denial of 1 Yes The system must deal with to denial 1 Yes The system must deal with to denial
(DoS) attack countermeasures are enacted against congestion service attacks (DoS/DDoS attacks). of service attacks (DoS/DDoS of service attacks (DoS/DDoS
avoidance congestion caused by attacks on the countermeasures (Relates to availability) attacks). attacks).
network. (Relates to availability) (Relates to availability)
[-] For DoS/DDoS attacks,
countermeasures to some extent are [-] For DoS/DDoS attacks, [-] For DoS/DDoS attacks,
implemented as part of availability countermeasures to some extent are countermeasures to some extent are
X requirements, and anything beyond implemented as part of availability implemented as part of availability
that are accepted. requirements, and anything beyond requirements, and anything beyond
that are accepted. that are accepted.
E.9.1.1 Malware Malware This item is for confirming the implementation Malware None Scope which Entire system 1 Scope which In order to prevent the threat of 1 Scope which In order to prevent the threat of 1 Scope which In order to prevent the threat of
countermeasure countermeasures scope of measures to prevent malware countermeasure includes highly includes service interruption, etc., due to includes important information leakage, etc., includes important information leakage, etc.,
s (viruses, worms, bots, etc.) from infecting the implementation important assets, highly malware infection, malware highly due to malware infection, malware highly due to malware infection, malware
system, and the timing of malware checking. scope and external important countermeasures must be important countermeasures must be important countermeasures must be
When countermeasures are implemented, X connection assets, and implemented. assets, and implemented. assets, and implemented.
virus pattern file update methods and timing related areas external external external
must also be considered, and virus patterns connection [-] An OS, etc., which is not very connection [-] An OS, etc., which is not very connection [-] An OS, etc., which is not very
must be kept up to date. related areas susceptible to attacks will be used. related areas susceptible to attacks will be used. related areas susceptible to attacks will be used.
E.9.1.2 Real-time Not performed Performed [Level 1]

scanning Real-time scanning is performed, for example, at the occasions listed below. When implementing real-time
implementation scanning, the timing must be considered.
• When copying data to the file server
• When receiving data from the mail server
• Before performing input/output processing to files
Etc.
E.9.1.3 Regular full scan None Non-regularly 1 time/month 1 time/week 1 time/day

check timing (Full scanning
performed when
possible)
E.10.1.1 Web measures Web This item is for confirming whether measures Measure None Measure [Metric] 1 Measure In open systems, in order to counter 1 Measure In open systems, in order to counter 1 Measure In open systems, in order to counter
implementation related to Web application-specific threats or enhancement enhancement The number of Web system attacks is increasing, and when constructing a Web system, measures such as enhancement the threat of leakage of important enhancement the threat of leakage of important enhancement the threat of leakage of important
measures vulnerabilities are implemented through secure secure coding and Web server configuration must be considered. When implemented, consideration must also data contained in databases, etc., as data contained in databases, etc., as data contained in databases, etc., as
coding, Web be given to specialist review and source code diagnostics as well as tool-based checking in order to evaluate well as spoofing of users, etc., Web well as spoofing of users, etc., Web well as spoofing of users, etc., Web
server their effectiveness. server measures must be server measures must be server measures must be
configuration, etc. implemented. implemented. implemented.
X
[-] Web applications will not be used. [-] Web applications will not be used. [-] Web applications will not be used.
E.10.1.2 WAF None Yes [Metric] 0 None Important information is not handled, 0 None There will be no connections to 1 Yes In order to counter the threat, such
implementation WAF stands for Web Application Firewall. so there is no need for WAF external networks. As such, there is as information leakage or becoming
deployment. little likelihood of the threat of a stepping stone in attacks via
network based attacks. system intrusion, device-based
intrusion prevention and detection
[+] There is a threat of attacks via measures must be implemented.
internal networks.
[-] Web server measures,
X unauthorized access prevention
measures, and regular log
confirmation, etc., are performed.
F.1.1.1 System System System This item relates to whether or not there are System No restrictions Possible Possible [Metric] 0 No There are no particular limitations 1 Possible The system is affected by company 1 Possible The system is affected by legal
environment restrictions / construction applicable restrictions when constructing the construction restrictions (only restrictions (all During system development, sometimes it is necessary to handle confidential information, personal information, restrictions which affect the system. restrictions rules, etc. restrictions restrictions.
and ecology prerequisites restrictions system, such as company regulations, laws, restrictions critical restrictions etc. In order to minimize the risk of their leakage, projects must prepare a development environment which (only critical (only critical
local governmental ordinances, etc. restrictions apply) implements risk reduction measures such as restricting personnel that can use the information/data, controlling [+] Legal or regulatory restrictions restrictions [-] No legal or regulatory restrictions restrictions [-] No legal or regulatory restrictions
Ex) apply) room access, encrypting information/data, etc. affect the system, or the system is apply) affect the system, or there are no apply) affect the system, or there are no
• Financial Instruments and Exchange Act Other restrictions may also apply, such as situations where the planned operation site cannot be used for system bound by industry or similar industry or similar standards or industry or similar standards or
• ISO/IEC27000 series construction, and it is necessary to construct the system in a staging environment at a different site and standards and arrangements. arrangements. arrangements.
• Standards for Information Security transporting it to the planned operation site, or situations where system construction can only be performed at the [+] There are restrictions placed by
Measures for the Central Government planned operation site. company standards which exceed
Computer Systems those demanded by legal and
• FISC regulatory conformance, and
X
• PrivacyMark System conformance is required for all said
• Construction location restrictions restrictions.
Etc.


Important item
Overlapping
Impact on
operation
costs
item
F.1.2.1 Operating This item relates to whether or not there are Operating No restrictions Possible Possible 0 No There are no particular limitations 1 Possible Consideration is given to centers / 1 Possible Consideration is given to centers /
restrictions applicable restrictions when the system is in restrictions restrictions (only restrictions (all restrictions which affect the system. restrictions machine rooms where certain restrictions machine rooms where certain
live operation, such as company regulations, critical restrictions (only critical restrictions may be applied to (only critical restrictions may be applied to
laws, local governmental ordinances, etc. restrictions apply) [+] Installed center policies, restrictions installations. However, conditions restrictions installations. However, conditions
Ex) apply) operation related methods such as apply) can be adjusted. apply) can be adjusted.
• Financial Instruments and Exchange Act joint operation methods, and the like
• ISO/IEC27000 series act as restrictions on the system. [+] Installed center policies, operation [+] Installed center policies, operation
• Standards for Information Security related methods such as joint related methods such as joint
Measures for the Central Government operation methods, and the like act operation methods, and the like act
Computer Systems as restrictions on the system. as restrictions on the system.
• FISC
• PrivacyMark System X
• Possibility of remote operation
Etc.

F.2.1.1 System Number of users The number of system users (end users). Number of users Specific users Upper limit is Usable by [Overlapping Item] 0 Specific users This assumes cases where users 1 Upper limit is This assumes cases where an upper 2 Usable by This assumes cases where the
characteristics only specified unspecified B.1.1.1. The "number of users" is essential for deciding performance and scalability, and is an item that defines only can be identified since the use is specified limit is specified. unspecified general public will access the
number of users the system environment as well, so this item is included in both "Performance and scalability" and "System within a department. number of system.
environment and ecology". [-] Consensus has been reached that users
[+] When users cannot be identified. only specific users will use the [-] It is possible to specify an upper
X X
[Level] system. limit.
Even if the numerical value for this prerequisite cannot be precisely determined, it is important that at least a
tentative value, based on similar systems, etc., should be decided on.
F.2.2.1 Number of clients The number of clients used by the system, Number of clients Specified clients Upper limit is Usable by 0 Specified Only specific clients will use the 1 Upper limit is A specific value will be determined, 1 Upper limit is A specific value will be determined,
which must be managed. only specified unspecified clients only system. specified and consensus regarding it will be specified and consensus regarding it will be
number of clients obtained. obtained.
[+] The number of clients is expected
to grow in the future, and consensus [+] No upper limit will be specified. [+] No upper limit will be specified.
X must be obtained regarding the
maximum number of clients.
F.2.3.1 Number of sites The number of sites in which the system is in Number of sites Single site Multiple sites [Level 1] 0 Single site Single site system. 1 Multiple sites Multiple site system. 1 Multiple sites Multiple site system.
operation. Specify the exact number when consensus has been reached regarding the number of sites.
X [+] Multiple sites [-] Single site [-] Single site
F.2.4.1 Geographical The geographical range over which the Geographical Inside site Within 1 city Within 1 Within 1 region Domestic International [Level] 0 Inside site The access scope will be limited to 0 Inside site The access scope will be limited to 4 Domestic The access scope will not extend
spread system operates. spread prefectural area When the selected level is 5, consideration must also be given to multi-language support, etc. within the site, and there will be no within the site, and there will be no overseas.
Even for domestic systems, if the geographical reach of the system is expansive, network, logistical, and support access from the outside. access from the outside.
handling will also be necessary. [-] User rights will be limited to
[+] The access scope will extend [+] Other offices will also access the company and organization users.
outside the site, due to allowing system. [+] The system will be an Internet
X remote access, etc. based system, or similar system, with
an access scope that extends
overseas.
F.2.5.1 Specification of This item is for confirming if users have Use of specific No products Some products Products that are 0 No products There is no particular product 1 Some There are particular products 0 No products There is no particular product
specific products specified the use of open source products, products specified specified difficult to specified specified to be used in the system. products specified to be used in the system. specified specified to be used in the system.
third-party products (ISV/IHV, etc.). support are specified
Confirmation is from the perspective of X specified [+] There are explicit specifications. [-] There are no explicit [+] There are explicit specifications.
whether the selection has an impact on the specifications.
difficulty of providing support.
F.2.6.1 System utilization Range of groups to which system users System utilization Within division Within company External (BtoB) External (BtoC)
scope belong. scope only only
F.2.7.1 Multi-language Languages which must be used in system Number of Only handles 1 2 5 10 100 [Level]
support construction, or which must be offered by languages numbers, etc. In addition to the number of languages, the difficulty of the languages must also be considered.
services. Consider the number of languages Consideration must also be given to currency units, etc.
which must be supported, and accessibility to
people skilled in each language. [Level 0]
"Only handles numbers, etc." assumes systems designed to interface with machines, not to offer presentation
functions for people. For example, gateway systems.
F.3.1.1 Conformity Product safety This item is for confirming whether product Standard Standard UL60950 0 Standard There is no particular equipment 1 UL60950 There is equipment specified for 0 Standard There is no particular equipment
standards standards safety standards such as UL60950 are certification certification not equivalent certification specified for standard certification. equivalent standard certification. certification specified for standard certification.
required to be held by products used in the necessary certification not certification not necessary
system. X acquired necessary [+] There are explicit specifications. acquired [-] There are no explicit [+] There are explicit specifications.
specifications.
F.3.2.1 Environmental This item is for confirming whether specified Standard Standard RoHS directive 0 Standard There are no particular limitations 1 RoHS RoHS Directive supporting devices 0 Standard There are no particular limitations
protection toxic substance usage restriction related certification certification not equivalent certification which affect the system. directive are specified. certification which affect the system.
standards such as those set out in the RoHS necessary certification not equivalent not necessary
directive are required to be held by products acquired necessary [+] There are explicit specifications. certification [-] There are no specifications. [+] There are explicit specifications.
X
used in the system. acquired
F.3.3.1 Electromagnetic This item is for confirming whether standards Standard Standard VCCI Class A VCCI Class B
interference governing equipment maintaining an certification certification not acquired acquired
electromagnetic emission level equal to or necessary
below a specific level, such as VCCI, are
required to be held by products used in the
system.
F.4.1.1 Conditions of Earthquake Specifies the effective maximum earthquake Earthquake Countermeasure Seismic intensity Seismic intensity Seismic Seismic Seismic [Metric] 2 Seismic Seismic intensity 5-lower equivalent. 3 Seismic Seismic intensity 6-lower equivalent. 4 Seismic Seismic intensity 6-upper equivalent.
equipment resistance / intensity which the system environment must resistance s not necessary 4 equivalent (50 5-lower intensity 6-lower intensity 6- intensity 7 For buildings containing system environments which have the same degree of vibration inside as out, the intensity 5- intensity 6- intensity 6-
installation seismic isolation be able to withstand. If measures such as intensity Gal) equivalent (100 equivalent (250 upper equivalent effective seismic intensity of the system environment can be expected to be roughly equivalent to the external lower [-] The level is changed in lower [-] The level is changed in upper [-] Consideration is given to the
environment building vibration damping are used to, for Gal) Gal) equivalent (500 (1000 Gal) seismic intensity. As such, the level can be selected based on the exterior seismic intensity. When seismic equivalent accordance with building or equivalent accordance with building or equivalent combined building environment and
example, decrease the effective seismic Gal) isolation facilities, etc., guarantee a reduced maximum seismic intensity for the system environment, that seismic (100 Gal) installation environment conditions (250 Gal) installation environment conditions (500 Gal) equipment environment, such as
intensity of an earthquake from 7 or greater intensity can be considered as the effective seismic intensity, and level assignment can be based on it (users when the system is installed in a when the system is installed in a installing the system in a seismically
outside the building to a maximum inside may specifically request a higher level assignment). In the event that an earthquake of a certain intensity or seismically isolated building, etc. seismically isolated building, etc. isolated building, etc.
intensity of 4, then set the level for seismic greater would result in there being no system users in environments where they could use the system, and as [+] When specific values are [+] The level is changed when [+] A value which corresponds to a
intensity to 4. If it is acceptable for service to such system continuity becomes unnecessary, the level may be set based on that seismic intensity. In any case, specified, change to an appropriate specific values are specified, in major earthquake, with a seismic
be discontinued at or above a given seismic it is unreasonable to set the standard higher than the earthquake resistance intensity of the building itself. level. Consideration must also be accordance with building or intensity of 7-upper, etc., is specified.
intensity, set the level for that given seismic given to raising the level when installation environment conditions.
X
intensity. [Level 0] earthquake resistant racks are used
The risk of service outage due to earthquakes must be accepted. in order to prevent accidents or
injuries due to rack collapse when
installed in an office without seismic
isolation.

Important item
Overlapping
Impact on
operation
costs
item
F.4.2.1 Space This item relates to how much floor space Installation space No space related Design using Design using [Metric] 2 Design using The system will be rack-mounted. 2 Design using The system will be rack-mounted. 2 Design using The system will be rack-mounted in a
(WxD) and height is necessary. restrictions restrictions floor-standing rack-mount Confirm specific floor space and height. Also note the shape of the space, and any variations in load-bearing by rack-mount rack-mount rack-mount center.
Consideration must also be given to (machine room) equipment equipment location. equipment [-] There are no installation-related equipment [-] There are no installation-related equipment
maintenance operation space. Whether or X restrictions. restrictions. [-] There are no installation-related
not space for parallel operation of new and restrictions.
old system can be secured for system
migration must also be confirmed. If possible,
F.4.2.2 it must be confirmed in advance. Installation space No space related Dedicated space System must be [Metric] 1 Dedicated The system will be installed in a 2 System must The equipment will consist of front- 2 System must The equipment will consist of front-
restrictions restrictions can be set aside installed in space Confirm specific floor space and height. Also note the shape of the space, and any variations in load-bearing by space can be server corner, etc., on the office floor. be installed in end business devices such as be installed in end business devices such as
(installation in for system also used by location. set aside for space also terminal devices. space also terminal devices.
office space) people system [-] The system will be installed in an used by used by
[Level] area with little foot traffic. people [-] From a business perspective, the people [-] From a business perspective, the
Consider installation space restrictions as already defined prerequisites, and set levels based on the difficulty of [+] Due to operation or monitoring equipment does not need to be in an equipment does not need to be in an
X installing the system given those requirements. Please note that this is not the difficulty involved in securing the needs, the system must be installed area used by people. area used by people.
space itself. in an area regularly used by people,
with no partitions.
F.4.2.3 Parallel operation A dedicated A shared space No space can be [Metric]

space (migration) space can be can be secured secured During system construction, if the space in which will be used for production system operation is not available,
secured consideration must also be given to space in which to construct the system, and the transportation of the
constructed system. Specific floor space and height must also be verified. Also note the shape of the space, and
any variations in load-bearing by location.
[Level 2]
When parallel operation is performed, consider related measures separately. D.1.1.3 and F.4.4.3 are related
items.
F.4.2.4 Installation space There is sufficient There are some There are [Metric]
expansion expansion limitations (which limitations (which "Installation space expansion capacity" refers not only to direct floor placement, but also rack restrictions, floor
capacity capacity can be handled require load, etc.
with existing customization or
products) construction
work)
F.4.3.1 Weight This item is for confirming whether system Floor load limit 2,000Kg/m2 or 1,200Kg/m2 800Kg/m2 500Kg/m2 300Kg/m2 200Kg/m2 [Level]
design must take building floor load limit into more Set level based on floor's load capacity. The greater the floor's load capacity, the lesser restrictions on system
account. When the floor load limit is low, installation.
there is a high likelihood that special
measures will need to be taken in relation to X [Impact on Operation Costs]
installation. When the floor load limit is high, high-density installation may be possible, resulting in the need to perform
maintenance work at high rack positions.
F.4.3.2 Installation Not necessary Installation of Limit weight per Perform

measures load distribution rack, and installation
materials (metal distribute system design, taking
plates, etc.) across racks into
consideration
specific
conditions of
installation
environment
(beam
locations, etc.)
F.4.4.1 Compatibility with This item relates to the compatibility of the Compatibility with No restrictions of Electrical work is Electrical work is Electrical work Power is
electric facilities system with the electrical conditions of the supplied electric note with current necessary, but it necessary, but is not possible, completely
installation site provided by the user (power power facilities can be handled both primary and and power insufficient, and
supply voltage / current / frequency / phase / through secondary capacity is installation
number of power lines / power protection / secondary work, electrical work slightly low for location must
scale of required construction work, etc.). such as power are possible system scale be reconsidered
Installation location air conditioning must also distribution board
be evaluated. The possibility of parallel improvement
operation during migration must also be
considered. If possible, it must be confirmed
in advance.
F.4.4.2 Power capacity No restrictions Some limitations Some limitations
restrictions (needed power (which can be (which will
capacity can be handled with require
secured) existing customization,
products) construction,
etc.)
F.4.4.3 Parallel operation Needed power Needed power is It is difficult to [Level 2]

power (migration) can be partially available secure sufficient When parallel operation is necessary for migration, consider related measures separately. D.1.1.3 and F.4.2.3
completely power are related items.
available
F.4.4.4 Power loss None Short 10 minutes 1 hour 1 day 1 week [Level 1]
countermeasures interruptions Consider power stabilization measures, such as UPS or CVCF use.
(approx 10ms)
F.4.4.5 Prospective +/-10% or less Over +/-10% [Level 1]

installation When equipment operation conditions are exceeded, power stabilization measures, such as UPS or CVCF use,
location voltage will be necessary.
fluctuation
F.4.4.6 Prospective +/-2% or less Over +/-2% [Level 1]

installation When equipment operation conditions are exceeded, power stabilization measures, such as UPS or CVCF use,
location will be necessary.
frequency
fluctuation
F.4.4.7 Grounding Grounding not Grounding Exclusive

necessary necessary grounding
necessary
F.4.5.1 Temperature Environmental temperate range conditions of Temperature Countermeasure 16 degrees C to 5 degrees C to 0 degrees C to 0 degrees C to -30 degrees C [Metric]
(range) system. (range) s not necessary 32 degrees C 35 degrees C 40 degrees C 60 degrees C to 80 degrees C Also consider maintaining temperature gradient of approximately 10 deg C/h or less. For level 2 and above
Depending on the surrounding environment, (operating (operating environments, separate consideration must be given to the temperature range during system downtime.
special measures may be required for normal conditions for conditions for
system operation. many tape many types of [Level]
devices) equipment) Set the level based on the surrounding environmental temperate range when equipment is operating. For
example, for an environment whose ambient temperature range varies between 0 to 20 degrees C, choose the
lowest matching level, level 3.
F.4.6.1 Humidity (range) Environmental humidity range conditions of Humidity (range) Countermeasure 45% to 55% 20% to 80% 0% to 85% The only [Level]
system. s not necessary condition is that Set the level based on the surrounding environmental temperate range when equipment is operating. For
Depending on the surrounding environment, there be no example, for an environment whose ambient humidity range varies between 20% to 50%, choose the lowest
special measures may be required for normal condensation matching level, level 2.
system operation.
F.4.7.1 Air conditioning Air conditioning with sufficient cooling Air conditioning Sufficient Targeted Insufficient [Metric]
capacity capacity for system operation, and, if there capacity available capacity measures are capacity, Countermeasures etc. against refuse, hazardous gas, and others must also be considered as necessary.
are specific hotspots, cooling air supply which necessary for measures are
takes them into consideration. hotspots, etc. required

Important item
Overlapping
Air conditioning Air conditioning with sufficient cooling
Impact on
operation
capacity capacity for system operation, and, if there
costs
item
No. Minorhotspots,
are specific category description
cooling air supply which Notes
category category category takes them into consideration. 0 1 2 3 4 5 Selected level Selection conditions Selected level Selection conditions Selected level Selection conditions
F.4.7.2 Air conditioning No restrictions Some limitations

Some limitations
facility restrictions (Sufficient air (which can be
(which will
conditioning can handled withrequire
be secured) existing customization,
products) construction,
etc.)
F.5.1.1 Environmental Measures to This item concerns measures which reduce Degree of Does not need to Some Law on Only Law on
management reduce the environmental load of the system, such compliance with be addressed Promoting Green Promoting Green
environmental as the purchasing of environmentally environmentally Purchasing Purchasing
load preferable purchasing law compliant products preferable standard standard
or the use of materials and supplies with purchasing law conformant conformant
minimal environmental load. products used products used
Reduction of waste materials throughout the
system lifecycle must also be considered,
such as the use of materials which do not
F.5.1.2 need to be disposed of during system Expandability of None 2-fold 4-fold 10-fold 30-fold 100-fold or [Metric]
expansion, but can be merely replaced or the existing greater This refers to the ability to expand existing equipment merely by adding to it, without disposing of existing
added to. Also, the longer the lifecycle of a equipment equipment (cases where contractually only addition occurs but in reality equipment is entirely replaced and the
unit, the less waste it can be considered to previous equipment disposed of is not covered by this). Consideration must also be paid to the energy used
create. during production, and the amount of waste.
[Level]
Generally, a scale up approach is primarily used when expanding a system to a size several times larger than its
initial configuration, after which a scale out approach is used.
F.5.1.3 Equipment 3 years 5 years 7 years 10 years or [Metric]

lifecycle period longer "Lifecycle" here refers to the defined period before hardware replacement. It is generally advisable to use
equipment for long periods of time, but if used for an excessively long time, the system may not be able to reap
the benefits of performance improvements and advances in energy savings.
X
Using equipment with short lifecycles results in frequent updates, and increased operation costs.
F.5.2.1 Energy Normally, this is the amount of work per unit Energy No targets Targets provided Targets provided, [Level 0]
consumption of energy, determined by defining the consumption as well as Reconfirmation of compatibility with power supply facilities is required.
efficiency system's work volume by the amount of targets requirements for
energy consumed. However, as there are no further [Level 2]
universal definitions of work volumes, it is reductions Indicates that in addition to achieving level 1 targets, there are additional, stricter standard option demands.
difficult to directly calculate efficiency. Also,
there are frequently no comparable systems [Impact on Operation Costs]
performing the same work, making When consensus is reached for a low level, additional measures may need to be taken after the system goes
comparison difficult. As such, with regards to into operation and a new legislation, etc., is passed.
energy consumption efficiency, a slightly
different perspective is used, with levels
based on whether users issue targets or not. X
For systems based on power energy, energy
consumption is roughly equivalent to heat
generation.
When data center energy efficiency is looked
at instead of system work volume, indices
such as PUE (Power Usage Effectiveness)
and DPPE (Datacenter Performance Per
Energy) are also used.
F.5.3.1 Amount of CO2 The amount of CO2 emissions resulting from CO2 emission No targets Targets provided Targets provided, [Metric]
emissions the system over the course of its lifecycle. targets necessary as well as CO2 emission levels during system operation are generally linked to the amount of power consumed. This, plus
Assignment of levels directly based on CO2 requirements for the amount of CO2 emissions resulting from equipment and device manufacturing and disposal, makes up the
emissions is difficult, so a slightly different further system's total lifecycle emissions.
perspective is used, with levels based on reductions
whether users issue targets or not. [Level 0]
If no targets are required, reconfirmation of compatibility with CSR, etc., is required.
X [Level 2]
Indicates that in addition to achieving level 1 targets, there are additional, stricter standard option demands.

When consensus is reached for a low level, additional measures may need to be taken after the system goes
into operation and a new legislation, etc., is passed.
F.5.4.1 Low noise This item relates to the amount of noise Noise value Countermeasure 87dB (tolerance 85dB (2nd action 80dB (1st 40dB (library 35dB (bedroom [Impact on Operation Costs]
generated by the system. Requirements tend s not necessary limit value taking level according action level level) or less level) or less If consensus is reached for a low level, reconfirmation of compatibility with the work environment, etc., is
to be particularly high when the system is into to the British according to the required.
installed in an office environment. When consideration RoSPA noise British RoSPA
installed in data centers, as well, noise over a use of protective standard) or less noise standard)
certain level is a problem from a work hearing or less
environment perspective. equipment as X
defined by the
British RoSPA
noise standard)
or less

Heat Utilization Sheet

Uploaded by

Copyright:

Available Formats

Heat Utilization Sheet

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Heat Utilization Sheet

Uploaded by

Copyright:

Available Formats

System Infrastructure Non-Functional Requirements

Related Utilization Sheet

Information-Technology Promotion Agency, Japan

Copyright © 2010 IPA

Copyright © 2010 IPA

1 /22 Copyright © 2010 IPA

A.2.1.2 Redundancy Non-redundant Redundant Redundant [Level 1]

A.2.2.2 Redundancy Non-redundant Redundant Redundant [Level 1]

A.2.3.2 Redundancy Non-redundant Redundant Redundant [Level 1]

A.2.4.2 Route No redundancy Partial Full redundancy [Metric]

A.2.4.3 Network No segmentation Segmentation for Segmentation by [Level 2]

A.2.5.2 Redundancy Non-redundant Redundant Redundant [Level 1]

A.2.5.3 Redundancy Non-redundant Redundancy with Redundancy with [Level 2]

2 /22 Copyright © 2010 IPA

A.4.1.2 Alternative None Alternative Alternative [Overlapping Item]

3 /22 Copyright © 2010 IPA

System Infrastructure Non-Functional Requirements Related Utilization Sheet Utilization Sheet

B.1.1.6 Number of Business A list of There is a list of [Metric]

B.1.3.2 Scope Online viewable Includes archives [Metric]

4 /22 Copyright © 2010 IPA

B.2.2.3 Degree of No degraded Within specified Sufficient [Level 1]

B.2.3.3 Process margin No degraded Half the The processing

5 /22 Copyright © 2010 IPA

B.4.2.2 Confirmation No confirmation Confirmation that Confirmation that

6 /22 Copyright © 2010 IPA

7 /22 Copyright © 2010 IPA

[Impact on Operation Costs]

C.1.3.3 System level No monitoring Partial Full monitoring [Metric]

C.1.3.4 Process level No monitoring Partial Full monitoring [Metric]

C.1.3.5 Database level No monitoring Partial Full monitoring [Metric]

C.1.3.6 Storage level No monitoring Partial Full monitoring [Metric]

C.1.3.7 Server (node) No monitoring Partial Full monitoring [Metric]

C.1.3.8 Terminal/networki No monitoring Partial Full monitoring [Metric]

8 /22 Copyright © 2010 IPA

C.1.3.9 Network/packet No monitoring Partial Full monitoring [Metric]

C.2.2.3 Terminal software Terminal software Terminal Terminal Terminal [Metric]

C.2.3.4 Performance of Patch validation Patch validation Patch validation

9 /22 Copyright © 2010 IPA

C.2.4.2 Scope of No maintenance Maintenance Maintenance [Metric]

C.3.1.2 Alternative None Alternative Alternative [Overlapping Item]

C.3.4.2 Availability of No backup Backups for Backups for all

10 /22 Copyright © 2010 IPA

System Infrastructure Non-Functional Requirements Related Utilization Sheet Utilization Sheet

C.4.5.2 Existence of No monitoring Connected to Connected to [Level 2]

C.4.5.3 Existence of job No job Connected to Connected to [Level 2]

11 /22 Copyright © 2010 IPA

C.5.8.3 Implementation Not performed Only at system Held regularly

C.5.9.2 Report content None Failure reporting Failure reporting Failure

12 /22 Copyright © 2010 IPA

13 /22 Copyright © 2010 IPA

D.5.2.2 Rehearsal No rehearsal Production data Production data [Level]

D.5.2.3 Number of No rehearsal 1 time 2 times 3 times 4 times 5 times or more

D.5.2.4 Joint rehearsal None Yes Yes [Metric]

(* The above examples are mainly Japanese

14 /22 Copyright © 2010 IPA

System Infrastructure Non-Functional Requirements Related Utilization Sheet Utilization Sheet

E.3.1.3 Existence of None Yes [Metric]

E.4.1.2 Security risk No analysis Scope which Entire system

E.4.2.2 Risk None Yes [Level 1]

E.5.1.2 Authentication of Not performed 1 time Authentication Authentication