C for Service OrganizC for Service Organizazinagazinagsn™oitSOsn™oitSO123*1 FISC Security Guidelines are a set of guidelines and explanatory notes on security measures for computer systems for financial institutions, etc., established by the Financial Information Systems Center (FISC) as voluntary guidelines for financial institutions, etc. in Japan*2 A report that expresses an assurance opinion based on an objective evaluation from a third-party perspective regarding SOC (System and Organization Controls), a framework for evaluating and reporting on internal control over fiduciary services at a fiduciary company, as provided by the American Institute of Certified Public Accountants (AICPA).*3 A system in which a third party examines and certifies that an organization has put in place a management system for confidentiality, integrity, and availability of information security as well as a management system by repeating the PDCA cycle.aicpa.org/soc4soaicpa.org/soc4soInitiative to ensure information securityWith financial institutions as our main clients, we believe that systemic risk countermeasures in cyber security are critically important. Based on this belief, we are building an infrastructure backed by solid security, developing systems compliant with the FISC Security Guidelines*1 to prevent financial systemic risks, and conducting system audits by the Internal Audit Office on a regular and ad-hoc basis.Third-party certificationWe have obtained security-related certifications from third-party organizations to ensure that our clients can use our systems safely and securely. For internal control, we have obtained the SOC1 Type 2 Report and SOC2 (Security) Type 2 Report*2, whereas for information security, we have obtained the Information Security Management System (ISMS)*3 certifications for each solution. The acquisition of these third-party certifications not only enhances our information security, but also improves the reliability of the systems provided by the Simplex Group.Since our founding, we have consistently engaged in business with an advanced awareness of information security and accumulated extensive expertise and experience in this area. Specifically, we have established the Basic Policy on Information Security and have adopted robust security measures for software and hardware in our internal systems to thoroughly prevent the leakage of confidential information. In addition, we are constantly striving to improve security awareness and knowledge of all employees through monthly theme-specific training sessions and an annual comprehension measurement test.Furthermore, in light of the importance of maintaining confidentiality in business-to-business transactions as well as the confidentiality of personal information handled by clients, we have established the Personal Information Protection Policy and develop and provide robust products and services under strict control.System integration services associated with Simplex Inc.’s solutions/Operation and maintenance services/Subscription (ASP) servicesSystem integration services associated with Simplex Inc.’s solutions/Operation and maintenance services/Subscription (ASP) services56A)SOC1 Type2 ReportB) SOC2 Type2 Report (Applicable criteria: Security)Software development, maintenance, operation and provision of service infrastructure for FX (foreign exchange margin trading) systemsSoftware development, maintenance, operation and provision of service infrastructure for cryptoasset systems Cloud system development, maintenance, operation and provision of service infrastructure for financial institutionsSOC2Cyber-attacks targeting the vast amount of client data, financial assets and cryptoassets held by companies are becoming more sophisticated, and the required level of security measures and resilience is increasing every year.Simplex-CSIRT was established in 2017 as a team dedicated to centrally control security across Simplex Group to strengthen organizational security and achieve effective security against the abovementioned threats.The Simplex-CSIRT is responsible for developing security policy, guidelines and rules, providing education and training, responding to any incidents, and review security in system development, operation and maintenance; primarily in the following two areas: Group-wide security management and the provision of security services for the commercial systems we provides to our clients. Group-wide security management involves security checks when using non-standard software and external services, dissemination of vulnerability information, response to customer audits, and security training.On the other hand, in the provision of security services for commercial systems we provides to our clients, Simplex is responsible for defining security requirements, design, solution selection, implementation, and operation for the commercial systems we provide, in cooperation with project members.Tomoyuki WadaPrincipal, Simplex Inc.Services covered by SOC1 and SOC2SOC1Scope of ISMS (ISO27001) RegistrationIS577203 / ISO27001Simplex-CSIRT InitiativesAICPASOCations | Service OrAICPASOCations | Service OrInformation Security
元のページ ../index.html#56