Basic Policy
At the Simplex Group, we believe that properly protecting all information assets we handle is essential to earning the trust of our customers and society, as well as to practicing effective risk management. Based on this belief, we are committed to ensuring information security by safeguarding the confidentiality, integrity, and availability of our information assets.
Major Initiatives
Systemic Risk Management
With financial institutions as our main clients, we believe that systemic risk countermeasures in cyber security are critically important. Based on this belief, we are building an infrastructure backed by solid security, developing systems compliant with the FISC Security Guidelines*1 to prevent financial systemic risks, and conducting system audits by the Internal Audit Office on a regular and ad-hoc basis.
FISC Security Guidelines are a set of guidelines and explanatory notes on security measures for computer systems for financial institutions, etc., established by the Financial Information Systems Center (FISC) as voluntary guidelines for financial institutions, etc. in Japan
Ensuring Information Security
Since our founding, we have consistently engaged in business with an advanced awareness of information security and accumulated extensive expertise and experience in this area. Specifically, we have established the Basic Policy on Information Security and have adopted robust security measures for software and hardware in our internal systems to thoroughly prevent the leakage of confidential information. In addition, we are constantly striving to improve security awareness and knowledge of all employees through monthly theme-specific training sessions and an annual comprehension measurement test.
Proper Management of Personal Information
Furthermore, in light of the importance of maintaining confidentiality in business-to-business transactions as well as the confidentiality of personal information handled by clients, we have established the Personal Information Protection Policy and develop and provide robust products and services under strict control.
Third-party Certification
We have obtained security-related certifications from third-party organizations to ensure that our clients can use our systems safely and securely. For internal control, we have obtained the SOC1 Type 2 Report and SOC2 (Security) Type 2 Report, whereas for information security, we have obtained the Information Security Management System (ISMS) certifications for each solution. The acquisition of these third-party certifications not only enhances our information security, but also improves the reliability of the systems provided by the Simplex Group.
SOC1 and 2
Simplex Inc. has obtained “SOC1 Type 2 report” and “SOC2 (Security) Type 2 report” regarding internal controls, and has received assurance opinions about the integrity of our system through objectively evaluating third-party experts. SOC (System and Organization Controls) is a framework defined by the American Institute of Certified Public Accountants (AICPA) for evaluating and reporting on a service organization’s internal control over engaged activities (services provided to customers, etc.). These reports provide a statement of assurance based on an objective third-party assessment.
Services covered by SOC1 and SOC2
- A)SOC1 Type2 Report
- System integration services associated with Simplex Inc.’s solutions/Operation and maintenance services/Subscription (ASP) services
- B)SOC2 Type2 Report(Applicable criteria: Security)
- System integration services associated with Simplex Inc.’s solutions/Operation and maintenance services/Subscription (ASP) services
SOC1
SOC2
Information Security Management System (ISMS)
Simplex Inc. has obtained certification for the Information Security Management System (ISMS) for the following solutions. ISMS (ISO 27001) is a system that involves third-party audits to certify that the organization maintains a management system ensuring the confidentiality, integrity, and availability of its information security. Additionally, it demonstrates the organization’s commitment to continually applying the PDCA cycle (Plan-Do-Check-Act) for effective implementation.
Scope of ISMS (ISO27001) Registration
