To help you quickly verify security information, HENNGE One discloses information using the security assessment platform "Assured."
Please review the following steps in order, starting from Step 1.
In most cases, you can find all the necessary basic information on the "Trust Page" in Step 1.
Step 1
For customers who want to know whether ISO certifications are held or want to check basic security specifications.
We publish the official HENNGE One security profile (Trust Page).
Please check the "Trust Page" first.
HENNGE One Security Trust Page
This page summarizes the status of third-party certifications and answers to frequently asked security questions (FAQ), and you can view it immediately without registration.
Examples of information available on the Trust Page
- Third-party certifications: Status of ISO/IEC 27001, ISO/IEC 27018, etc.
- Basic specifications: Data center location (domestic, etc.), data encryption methods
- Policy: Log retention period, backup system, incident response flow
- Others: Whether vulnerability assessments are conducted, service SLA, etc.
Step 2
For customers who need more than the information on the Trust Page or require detailed audit items with over 100 questions.
Request a security assessment via Assured
We can provide answers in as little as a few business days.
If you need a detailed security assessment based on guidelines in addition to the Trust Page information, please submit a "Assessment Report" request on Assured.
Available content
Detailed answers and third-party assessments for over 100 items, based on major domestic and international frameworks (NIST, ISO, financial/medical guidelines, etc.)
Guidelines and frameworks
Assured uses a comprehensive question format based on the following guidelines and frameworks. In addition, the results of more than 100 questions regarding our HENNGE One service are published and updated regularly.
International frameworks
- NIST SP 800-53: Guidelines for US federal government security standards
- ISO27001: International standard for Information Security Management Systems (ISMS)
- ISO27017: Guideline standard for information security controls for cloud services
Major domestic guidelines
- Ministry of Internal Affairs and Communications
- Information Security Measures Guidelines for Cloud Service Providers
- Information Disclosure Guidelines for the Safety and Reliability of Cloud Services
- Ministry of Economy, Trade and Industry
- Information Security Management Guidelines for Cloud Service Use
Industry-specific guidelines
- Finance
- Security Standards and Commentary for Computer Systems of Financial Institutions
- PCI SSC: PCI DSS
- Medical
- Guidelines for the Safe Management of Medical Information Systems
- Safety Management Guidelines for Providers of Information Systems and Services Handling Medical Information
Trends
- Amended Act on the Protection of Personal Information
Example of assessment report question category structure
For your reference, below is an example of the category structure in the assessment report.
- Basic items
- Presence of third-party certifications, handling of entrusted data, security incident history, etc.
- Security measures for the service itself
- Organizational structure, access control, encryption, security incident management, etc.
- Security measures for specific functions
- Whether file upload functionality is available, whether entrusted data is shared externally, etc.
Step 3
Response to individual security questionnaires.
*For special requirements that cannot be addressed by the above two steps.
To provide accurate answers, the standard lead time is at least four weeks.
To ensure a smooth review process, we strongly recommend considering alternatives in Step 1 or Step 2 whenever possible.