Information & Security Governance
Published security policy, SLA, and management responsibilities; incident response structure; third-party vulnerability assessments.
HStorage references the FISC Security Guidelines — the industry standard for computer systems at financial institutions in Japan — and publishes a self-assessed summary of its alignment. This page provides the information enterprises, especially those in the financial sector, need to adopt HStorage with confidence.
The FISC Security Guidelines (Security Guidelines on Computer Systems for Financial Institutions) are voluntary industry guidelines established by The Center for Financial Industry Information Systems (FISC), a public interest incorporated foundation in Japan. First published in 1985 and revised continuously since, they are referenced in the Financial Services Agency's supervisory guidelines and are widely used by Japanese financial institutions as the de facto industry standard.
HStorage references these guidelines and voluntarily publishes a self-assessed summary of its alignment with each item. Financial institutions and other enterprises can use it as reference material when performing risk assessments for cloud service adoption.
The FISC Security Guidelines are not a certification program. This page and the alignment summary present HStorage's self-assessed status against the guidelines, and do not imply certification or a guarantee of conformity by FISC or any third party.
HStorage is not a bank API connection service, so items specific to bank APIs are marked as out of scope.
An overview of HStorage's alignment with each category of the FISC Security Guidelines (60 items in total). For the detailed status of each item, please see the downloadable summary (Excel) below.
Published security policy, SLA, and management responsibilities; incident response structure; third-party vulnerability assessments.
Verification of published security information and certifications of external services such as Auth0, Stripe, Wasabi, and Cloudflare.
User protection through a contact desk, public status page, and SLA credits.
Domestic data centers (Wasabi Japan region) with redundancy across multiple data centers.
Entry/exit controls, centralized device management via MDM and security software, and malware checks.
Authentication via Auth0, API keys, and S3-compatible signatures; CI/CD, automated tests, and code review; access and audit logging; vulnerability countermeasures with Dependabot, gosec, and more.
TLS and encryption at rest, WORM storage, share passwords and download limits, and recoverability.
Protection via JWT, signature verification, rate limiting, and nonces. Items specific to bank APIs are marked as out of scope.
Accountability for API usage through documentation, terms of service, and the SLA.
We publish a summary of HStorage's alignment with all 60 items of the FISC Security Guidelines, including current status, future plans, and related internal policies. No registration is required — anyone can download it.