JAL Group Expands ISO/IEC 27001:2022 Certification to 12 Companies

JAL Group Expands ISO/IEC 27001:2022 Certification

In a significant move towards strengthening its information security measures, the JAL Group has announced the attainment of the ISO/IEC 27001:2022 certification. This internationally recognized standard validates the group's commitment to creating a reliable information management framework and ensuring proper operational practices. As of now, this certification has been extended to 12 companies within the JAL Group, with the latest expansion involving eight additional subsidiaries from January to June of 2025.

Obtaining this certification signifies that the JAL Group meets international criteria for its information security management system, having passed rigorous assessments conducted by the BSI Group, a renowned third-party certification body. The BSI Group's role is instrumental, offering a range of certification services that ensure quality and safety, including the critical ISO 9001 and ISO 27001 standards.

Importance of Information Security in the Digital Age

In today’s digital landscape, the risk of information leaks and cyber-attacks is ever-increasing. Consequently, it becomes paramount for organizations to implement effective measures throughout their supply chains, particularly when it involves group companies and external vendors. The recent expansion of the certification encompasses eight companies within the JAL Group that have information systems departments, aiming to create an even stricter and more secure information management system.

The ISO/IEC 27001:2022 certification helps companies mitigate risks related to data leaks, tampering, and data loss by establishing essential requirements for managing and operating information security. This process not only improves the robustness of information security infrastructures but also aligns them with global standards, fostering greater trust among customers and stakeholders.

Companies Certified

All companies within the JAL Group undergoing this certification share a common focus on digital and IT operational domains. The four companies, which updated to the latest certification version, include:
1. Japan Airlines (Nippon Airways)
2. JAL Card
3. JAL Mileage Bank
4. JAL Brand Communication

Regarding these companies, their initial certification dates varied; for instance, Japan Airlines first achieved certification in December 2022, while JAL Card and JAL Mileage Bank had been certified earlier in November 2007 and January 2017, respectively.

For the eight newly certified companies, they include:
1. JAL Digital
2. JTA Infocom
3. JAL ABC
4. JAL Grand Service
5. JALUX
6. Jalpak
7. ZIPAIR
8. Spring Japan

While some divisions of JALUX had prior certifications, this marks the new achievement in their digital and IT departments.

Commitment to Secure Services

This certification expansion represents the JAL Group's unwavering dedication to providing safe and comfortable services to customers. Upholding and enhancing its information security framework is crucial for maintaining the trust and safety of passengers and clients. JAL Group's proactive approach ensures that they not only comply with international standards but also lead the industry in effective information management practices, setting a benchmark for others to follow.

As the threat landscape continues to evolve, the JAL Group's commitment to security cannot be overstated. They remain steadfast in their mission to protect sensitive information and deliver exceptional service experiences.

For further details, refer to the official BSI Group press release here.