The Center for Financial Industry Information Systems (FISC)

FAQs

• What are the FISC Security Guidelines on Computer Systems for Banking and Related Financial Institutions?

  The FISC Security Guidelines are broadly recognized and used by Japanese Banking and Financial Institutions regulated by the FSA in the architecture and operation of their computer systems. These guidelines were revised in 1991, 1998, 2000, 2001, 2003, 2006, 2011, 2018 and 2019. See the publication details on the official FISC website (in Japanese) for more information.

• What guidelines do FISC give Financial Institutions conducting audits on Cloud Services?

  Given the advanced technologies involved in cloud services, FISC recommends Financial Institutions leverage reports from assurance audits consigned by the cloud service provider, such as SOC 1 and SOC 2 reports, when conducting audits.

  AWS Systems and Organization Controls (SOC) reports are based on audits performed by an independent third-party auditor. SOC 1 and SOC 2 reports are available to AWS customers via AWS Artifact. AWS’s SOC 3 report is publicly available as a whitepaper.
  

• How does AWS help Japanese Banking and Financial Institutions address FISC Security Guidelines?

  When customers use AWS, they should review the delegation of responsibility under AWS’ Shared Responsibility Model. AWS Solution Architects and Professional Services teams can work with customers to provide guidance on best practices for security and availability in order to assist customers in determining how these meet requirements set by Japanese regulatory authorities. Our experts can also assist you in preparing responses for commonly asked questions about AWS and its services.

  If there is any question about 9th edition (revised) FISC Security Guidelines, please contact with AWS Japan account team.