FISC Security Guidelines Self-Assessment Published

Compliance

HStorage references the FISC Security Guidelines — the industry standard for computer systems at financial institutions in Japan — and publishes a self-assessed summary of its alignment. This page provides the information enterprises, especially those in the financial sector, need to adopt HStorage with confidence.

60
Self-Assessed Items
9
Categories
2026.07
Last Updated

OverviewWhat Are the FISC Security Guidelines?

The FISC Security Guidelines (Security Guidelines on Computer Systems for Financial Institutions) are voluntary industry guidelines established by The Center for Financial Industry Information Systems (FISC), a public interest incorporated foundation in Japan. First published in 1985 and revised continuously since, they are referenced in the Financial Services Agency's supervisory guidelines and are widely used by Japanese financial institutions as the de facto industry standard.

HStorage references these guidelines and voluntarily publishes a self-assessed summary of its alignment with each item. Financial institutions and other enterprises can use it as reference material when performing risk assessments for cloud service adoption.

Please Note

The FISC Security Guidelines are not a certification program. This page and the alignment summary present HStorage's self-assessed status against the guidelines, and do not imply certification or a guarantee of conformity by FISC or any third party.

HStorage is not a bank API connection service, so items specific to bank APIs are marked as out of scope.

SummaryAlignment Summary

An overview of HStorage's alignment with each category of the FISC Security Guidelines (60 items in total). For the detailed status of each item, please see the downloadable summary (Excel) below.

10 items

Information & Security Governance

Published security policy, SLA, and management responsibilities; incident response structure; third-party vulnerability assessments.

3 items

Outsourcing Management

Verification of published security information and certifications of external services such as Auth0, Stripe, Wasabi, and Cloudflare.

6 items

Cooperation with Banks & API Partners

User protection through a contact desk, public status page, and SLA credits.

3 items

Computer Facility Management

Domestic data centers (Wasabi Japan region) with redundancy across multiple data centers.

4 items

Office Facility Management

Entry/exit controls, centralized device management via MDM and security software, and malware checks.

14 items

System Development & Operations

Authentication via Auth0, API keys, and S3-compatible signatures; CI/CD, automated tests, and code review; access and audit logging; vulnerability countermeasures with Dependabot, gosec, and more.

9 items

Service System Security Features

TLS and encryption at rest, WORM storage, share passwords and download limits, and recoverability.

8 items

API Security Features

Protection via JWT, signature verification, rate limiting, and nonces. Items specific to bank APIs are marked as out of scope.

3 items

API Usage Security

Accountability for API usage through documentation, terms of service, and the SLA.

DownloadDownload the Alignment Summary

We publish a summary of HStorage's alignment with all 60 items of the FISC Security Guidelines, including current status, future plans, and related internal policies. No registration is required — anyone can download it.

Download the FISC Security Guidelines Alignment Summary (Excel)

File format: Excel (.xlsx)Last updated: July 2, 2026

HistoryRevision History

  • July 6, 2026Published the compliance page
  • July 2, 2026Updated the FISC Security Guidelines alignment summary