Security Check Sheet

From the SaaS "Assured," which aggregates risk assessment information for cloud services, you can now request security information for HENNGE One.

Security Assessment Request

Request Security Assessment from Assured

Assured is a SaaS that allows you to view third-party evaluation information on the security of cloud services.

Responses in individual spreadsheets, etc., usually have a grace period of 4 weeks or more. On the other hand, on Assured, our company answers the original questions prepared by Assured, and based on the contents of the answers, Assured evaluates the safety of the service and provides the results of this investigation to the customer.

Guidelines and Framework

Assured is composed of a comprehensive question format based on the following guidelines and frameworks. In addition, the investigation results for over 100 questions related to our HENNGE One service are posted, and these results are regularly updated.

International Frameworks

  • NIST SP 800-53: Guidelines indicating security standards for the U.S. federal government
  • ISO27001: International standard for Information Security Management Systems (ISMS)
  • ISO27017: Guidelines standard for information security management for cloud services

Major Guidelines in Japan

  • Ministry of Internal Affairs and Communications
    • Guidelines for Information Security Measures in Cloud Service Provision
    • Guidelines for Information Disclosure regarding the Safety and Reliability of Cloud Services
  • Ministry of Economy, Trade and Industry
    • Guidelines for Information Security Management for Cloud Service Use

Industry-Specific Guidelines

  • Finance
    • Safety measures and explanatory documents for computer systems of financial institutions, etc.
    • PCI SSC: PCI DSS
  • Medical
    • Guidelines for the safety management of medical information systems
    • Guidelines for the safety management of information system and service providers handling medical information

Trends

  • Revised Personal Information Protection Law

Example of Assured Question Category Configuration

For reference, an example of the category configuration of questions within Assured is as follows:

  • Basic Items
    • Presence of third-party certification, handling of deposited data, history of security incidents, etc.

  • Security Measures for the Service Itself
    • Organizational structure, access control, encryption, security incident management, etc.

  • Security Measures for Specific Functions
    • Presence of file upload function, external sharing of deposited data, etc.
          
Was this article helpful?