The Bankers Association of the Republic of China (BAROC)

The "Regulations Governing Computer System Information Security Assessments by Financial Institutions" (released on May 29, 2014) lists Security Standards for Information Systems of Financial Institutions (the BAROC Security Standards) and the Guidelines for Security Measures of Financial Institutions for Electronic Banking Services as general security requirements and requires financial institutions in Taiwan to manage and assess information security of their computer systems according to these standards and guidelines.

In Japan, the Security Guidelines on Computer Systems for Banking and Related Financial Institutions (the FISC Security Guidelines) established by the Center for Financial Industry Information Systems (FISC) are broadly recognized and used by many Japanese financial institutions in the architecture and operation of their computer systems. The Financial Services Agency’s (FSA) Financial Inspection Manual lists the FISC Security Guidelines as a document that inspectors can reference while conducting inspections at financial institutions.

AWS has been providing information on the FISC Security Guidelines based on the Shared Responsibility Model and translated the information into Chinese to assist the customers in considering compliance with requirements set out in BAROC’s Guidelines.

AWS information on the FISC Security Guidelines (the 8th edition) based on the Shared Responsibility Model is available from the following URLs:

Download the Chinese version (Traditional Chinese)

Download the Japanese version

Download the English version

These documents are provided as reference related to the BAROC’s Security Standards.

For the official version of the FISC Guidelines, see the FISC website.

Additionally, Risk and Compliance Whitepaper provides information on third-party attestations, certifications which AWS maintains and various compliance programs. It also provides information on security requirements such as the Consensus Assessment Initiative Questionnaire (CAIQ) of the Cloud Security Alliance (CSA).