This document appears to be a questionnaire from a virtual currency exchange company regarding registration for their virtual currency exchange business. It contains questions in several sections, including basic information about the company and organization, business model, risks associated with handling virtual currency, system development processes, and other administrative details. The company is seeking detailed responses and supporting documentation for each question regarding its operations, policies, processes, and compliance with relevant laws and regulations for operating a virtual currency exchange.
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
Questionnaire for registration of virtual currency exchange
1. (● Co., Ltd.)
(Head office location: ●
●)
Questionnaire for the registration examination of the virtual
currency exchange company
Title
Name
Name of
department
Person in charge Telephone
number
Mail Address Remarks(Response Responsibility
Field)
Append
ix 2
3. 2/83 Basic
informatio
n1
Num
ber
質 問 内 容 Example of the material
to be attached
回 答 Attached
material
Basic information
1 Name Without
2 Address 〒Xxxx-xxxx Without
3 Name of Representative Without
4 Url Without
5 Date of establishment (YYYY/MM/DD) Without
6 Capital Amount (yen) Without
7 Number of offices Without
8 Number of staff (excluding officers) Includes temporary employees
and does not include outsourcing partners)
Without
9 Closing Date (MM/DD) Without
10 Main shareholder and shareholding ratio AaInc. (Xx. X%)、BbInc. (Xx. X%)、・・・・ Without
4. 3/83 Basic
informatio
n1
Num
ber
質 問 内 容 Example of the material
to be attached
回 答 Attached
material
11 Parent company (name, Country (country code), listed, industry) Name 国
Listing (east1, name,
etc.) Listing code
Industry Without
12 Subsidiary (name, Country code), listed, industry Name 国
Listing (east2, name,
etc.) Listing code
Industry Without
13
Major affiliates other than parent companies and subsidiaries
(Name, Country (country code), listed code, industry)
Name 国
Listing (east2, name,
etc.) Listing code
Industry Without
14 Organization design of the company A company with a nominating committee, a company with corporate auditors, and
an audit and supervisory Committee
Without
15
Financial statement Audits
Certified Public accountant or audit corporation and status
Agreement Name Url Status (concludedOrUnder
negotiation)
16
Segregated management audits
Certified Public accountant or audit corporation and status
Agreement Name Url Status (concludedOrUnder
negotiation)
17 Legal Counsel (or legal Counsel's office) and status Agreement Name Url Status (concludedOrUnder
negotiation)
18 Consultant 1 (or consulting company) and consulting contents Name Url Consulting Contents Without
19 Consultant 2 (or consulting company) and consulting contents Name Url Consulting Contents Without
20 The Association and status of certified funds settlement
companies
Name Url Status (concludedOrUnder
negotiation)
Without
5. 4/83 Basic
information
2
Trade or
exchange
Mediate
d
Introducin
g
Surrogat
e
Number of
handling Remarks
Other
Other
boards
Own
board
Trading
Board
Informatio
n
presentati
on
Offer/BidPresent
EminemRiskMona CoinsLight coinCounter
Party
RippleEthernet ChicIsariamBitcoin cacheBitcoin
Rem
arks
XEMLskMONALtcXcpXRPEtcEthBCH/BCCBtc
Business related to virtual currency (in addition to the virtual currency exchange business, the provision of white label, dealing, deposit business, lending business, discounts settlement transactions without the transfer of the actual, etc., it is
not limited thereto.I would ask you about.
1 The number of virtual currency handling for your virtual currency exchange and your conduct, the number input and the relevant items○. If you need a supplement, please include the remarks.
2 For the method of presenting your virtual currency and transaction information (such as the price of virtual currency), please refer to the appropriate pattern○. If you need a supplement, please include the remarks.
3 For your virtual currency and transaction type, please refer to the appropriate pattern○. If you need a supplement, please include the remarks.
If you choose to trade in margin, please explain in detail the outline of "handling currency" and "transaction information (such as the price of virtual currency, etc.)" In accordance with the classification of transaction types.
Example of description
The type of transaction you are using is based on your internal organization.
Credit transactions > a transaction in which the user (customer) borrows the statutory currency and the virtual currency from the company. Show trading information on the same plate as the physical transaction (own board). Settlement of position,
discounts settlement in the opposite sale, discounts settlement or physical delivery in the repayment date. Handling Virtual Currency はBtcOnly. Discounts Settlement currency is JPY only
<***Trading >The relative transactions between you and the user who accept the margin from the customer and leverage it based on the virtual currency price that you present. Position settlements discounts settlements in opposing trades.
Handling Virtual currency isBtcOnly. Discounts Settlement Currency is JPYUsd
Futures > We will design our products and3、6、9、12The last month of5Months are traded. Handled by virtual currency(BTC、XRPの2Type)and by Month (5The trading information is displayed on its own plate. Settlement of position, discounts
settlement in the opposite trade, the highest 終Physical transfer in settlement orDiscounts settlement. Discounts Closing currency isJPY・Usd
Options Trading > Swap trading >
Other
Margin Trading
Physical transactions Virtual
currency⇔Virtual currency
Physical transactions Virtual
currency⇔Legal currency
EminemRiskMona CoinsLight coinCounter
Party
RippleEthernet ChicIsariamBitcoin cacheBitcoin
Rem
arks
XEMLskMONALtcXcpXRPEtcEthBCH/BCCBtc
6. 5/83 Basic
information
2
User (Customer) 対 User (Customer)
User (Customer) 対 Market maker
User (Customer) 対 Your
User (Customer) 対 Users of other
companies (customers)
Other
Name 国
Name 国
Name 国
Name 国
Name 国
Name 国
Liquidity
Securing
Dealing Other
Face
-to-
face
Non-
face
Store Outside
the store
Internet Phone Virtual
currencyAtm
Other
Face-
to-face
Non-
face
Store Visit Seminar Internet Phone Dm
4 If you have your own board, enter the number of your own board and the relevant item for the relationship○. If you choose other or need supplemental(When you have your own board for each type of transaction or transaction typePlease describe the
details in remarks.
5 If you are a market maker, the number of market makers, major market makers,Please enter your company name and country. If you need a supplement, please include it in the remarks.
6 If you have a cover transaction, please enter the number of covers, the main cover (company name, country). Please describe the policy pertaining to the cover transaction in remarks.If you need a supplement, please include it in the
remarks.
7 If you are doing margin transactions, enter the maximum leverage ratio below.
倍
8 For the purpose of the self-account transaction,○For more information. If you choose other or need supplemental, please include the details in the remarks.
9 For your trading channel, please refer to the relevant○. If you choose other or need supplemental, please include the details in the remarks.
10 For your solicitation channel, please refer to the appropriate item○. If you are using a distributor,○. If you need more details about the agency, please describe it in the remarks.
Number of
own boards
Rem
arks
Market
maker
数
Remarks
Number of
cover
destination
Remarks
Remarks
Remarks
Agency
Remarks
Maximum leverage
ratio
Remarks
7. 6/83 Basic
information
2
Personal Corporat
ion
Between
suppliers※
Other
Name Url Status (concludedOrUnder
negotiation)
Name Url Status (concludedOrUnder
negotiation)
Name Url Status (concludedOrUnder
negotiation)
Name Url Status (concludedOrUnder
negotiation)
11 Your target audience (customer)to the relevant item.○. If you want to use other information, please describe the details in remarks. A non-resident(excluding cover)Countries and regions should be described in remarks.
※A person who is solely engaged in the business of virtual currency in Japan and abroad
12 For your fee, see "Handling Virtual currency" and "Trading Information"(e.g., the price of virtual currency, etc.), please explain the outline of the "trading type", and describe the outer frame
and the interior (including spreads). In the case of an outline, please explain the idea of the price determination to present to the customer in the case of the calculation method
of the fee, the internal frame (including spreads).
13 If you are outsourcing the confirmation of the transaction, please describe the subcontractor. If you need a supplement, please include the remarks.
14 AmlIf you are purchasing a target or anti-company listing data for, please indicate where you are providing your data.If you need a supplement, please include the remarks.
15 Regarding the establishment of a window to respond to complaints or consultations from users, the relevant items○. If you need a supplement, please include the remarks.
Face-
to-face
Call Center Internet Other
If you are commissioned, please describe the contractor.
Name Url Status (concludedOrUnder
negotiation)
Name Url Status (concludedOrUnder
negotiation)
A non-
resident Remarks
Remarks
Remarks
Rem
arks
8. 7/83 Basic
information
2
Wallet Management
System
Other system
development
Other system operation
Name Url Status (concludedOrUnder
negotiation)
Name Url Status (concludedOrUnder
negotiation)
Plan Creating a System Plan
Requiremen
ts definition
Requirements definition/Project plan preparation/risk assessment (completion of the system
planning form)
Design and
developmen
t
Design and development (requirements defined, project plan written, risk assessment
completed)
Test Testing (design and development completed)
Waiting for
release
Test complete (service in wait)
16 For outsourcing of the system, if you are using the relevant items,○.
※A white label is a form of service that you provide to your company using a system provided by other companies.
If you are using a white label, please include the source of the offer. In addition, please describe the use business and the range in remarks. If you need a supplement, please include it in the remarks.
If you are using a cloud service, please include the source of the offer. In addition, please describe the range of service use in remarks. If you need a supplement, please include it in the remarks.
If you are using some other company's wallet management system, please include the source of the offer. In addition, please describe the use business and the scope in remarks (if it is in combination with the company, the scope is
clarified).
If you are outsourcing the system development other than the above, please describe the scope of consignment.
If you are outsourcing the system operation other than the above, please describe the consignment range.
17 What is the most appropriate current process in your system development schedule?○Please put(multiple selection not allowed). If you need a supplement, please include it in the remarks.
RemarksName Url Status (concludedOrUnder
negotiation)
White Travel※ Cloud Services
Remarks
Remarks
Rem
arks
9. 8/83 Business model
Num
ber
質 問 内 容 Example of the material to be
attached
回 答 Attached
material
Administrative
guideline Items
Business model
1 Business related to virtual currency(注)Which your company and your
group
Corporate philosophy
In particular, including the following points on how to conduct such
business
-Medium-term management plan
The Business model Overview
①Background and reason for entering into the virtual currency
exchange business
Meeting minutes of shareholders '
meetings
②The relationship between the realization of the corporate
philosophy and the entry into virtual currency exchange
Reports and minutes of the board of
Directors
③Medium-term (3~5The group and corporate image that we are
aiming at
-Approval documents
境 Press releases and other external
publication documents
④Medium-term (3~5Revenue, transaction size, customer size
and employee scale
Provision Service Overview
If the risk scenario is also formulated.) -Internal documents, such as
proposals
⑤System strategy
⑥Business model and Revenue source
⑦Differentiation and significance of business overview and
existing third-party services
⑧Main target customer image
⑨Basic concept and realization method of user convenience and
user protection
(注)In addition to the virtual currency exchange business, the
operations related to
Deposit business, lending business, and the actual
There are discounts settlement transactions without giving or
receiving, but not limited to these.
2 Business that is not related to your group's virtual currency. -Medium-term management plan
And revenue sources, including the following points. Meeting minutes of shareholders '
meetings
Please explain. Reports and minutes of the board of
Directors
①Group strategy -Approval documents
②Group Relationship Diagram -Internal documents, such as
proposals
③Your position in the group
④Medium-term (3~5Group Vision
⑤Group-by-segment mid-term revenue plan
3 Organization chart and how you work with your organization and
responsibilities.
Organization Chart
List of staff members (department, title, name, age, and contract form). Staff List
Frumpy Job Segregation table
※Please make sure that you know the other of full-time
employees and temporary employees.
-Segregation of duties and
regulations
10. [Note on the entry]
The following laws and ordinances are abbreviated. The official name and abbreviation are as follows.
9/83 Notes on filling
out
Abbreviation Official name
Fund Settlement Law Act on Settlement of funds (Heisei21Law No.59Issue
Cabinet Office Ordinance Cabinet Office Ordinance on Virtual currency Exchange (Heisei29Cabinet Office Ordinance
(7Issue
Financial sector guidelines Guidelines for the protection of personal information in the financial field
Practical guidelines Practical guidelines for safety management measures, etc. of guidelines for the protection of
personal information in the financial field
Personal Information Protection
Act
Act on the Protection of personal information (Heisei15Law No.57Issue
Elimination of discrimination
against Persons with
Disabilities
Act on the promotion of the elimination of discrimination that is the reason for the failure
(Heisei25Law No.65Issue
Guidelines for resolving
disability discrimination
Guideline for the promotion of the elimination of discrimination, which is the reason for the
failure in the business field of the FSA
11. 10/83 Risk of handling virtual
currency
Num
ber
質 問 内 容 Example of the material to be
attached
回 答 Attached
material
Administrative
guideline Items
Risk management, etc. concerning the handling of virtual currency
1 Do you have internal rules for the examination of the handling
virtual currency?
If so, what items are judged and what are the following Please
explain in detail, including points.
①Handling virtual currency issuance status, transaction status and
usage 項
②Matters concerning the issuer of the virtual currency, the
administrator, and other stakeholders
③Matters concerning the technology of virtual currency and
record ledger
④Content of projects closely related to virtual currency
⑤The status of securing the internal framework for handling
virtual currency (virtual currency safety management system,
virtual currency technology response capability and yourAbility to
handle, impact on financial soundness, demand for virtual currency
The situation of conflict of interest with the user and how to determine
the price at the beginning of handling Law, terms of service,
information provided to users, and complaints, etc.)
Internal rules
Other relevant internal documents
Virtual currency range,
etc.
(Ⅰ1
2 In the internal system pertaining to the examination of the handling
virtual currency, including the following points Please explain in
detail.
①Position of the department in charge
②Staffing status in the DepartmentAppropriate number of people and
personnel to be placed including sex.)
③Department in chargeTraining and voluntary inspections of
employees engaged in Implementation status of business guidance
④The status of duties of employees engaged in the departmentSales
Department Including separation with the person engaged in the.)
Internal rules
Structure Chart
Other relevant internal documents
Virtual currency range,
etc.
(Ⅰ1
3 The virtual currency of the funds settlement law corresponds to
the virtual currencyPlease explain specifically"Virtual currency"
posted on the FSA Web page (excluding those listed in the
"Handling virtual currency" of the "Trading Trader Registration
List").
White Paper
Description of Virtual currency
handling
The person involved in the virtual
currency handlingDocument
represented
Other relevant internal documents
Virtual currency range,
etc.
(Ⅰ1
4 If the currency is handled in the case of the examination of the virtual
currency Risk (hereinafter referred to as "handling risk"). What
kind of informationHow they are identified and evaluated using the
information Explain specifically.
Internal rules
-Identification and evaluation of
risks
Other relevant internal documents
Virtual currency range,
etc.
(Ⅰ1
5 What are the specific and evaluated handling risks associated with
virtual currency handling? Judgment on the appropriateness of the
handling of the virtual currency using a methodPlease explain
specifically what is reflected in the.
In light of the specific and evaluated handling risks, what kind of virtual
currency Please explain specifically whether you are going to
handle it or not.
Internal rules
-Writing about the contents and
results of the screening
Other relevant internal documents
Virtual currency range,
etc.
(Ⅰ1
12. 11/83 Risk of handling virtual
currency
6 Handling virtual currency, including the identification and evaluation of
the risk What is the process of judging judging by the appropriateness of
currency handling? Please explain in detail.
Internal rules
Other relevant internal documents
Virtual currency range,
etc.
(Ⅰ1
13. 12/83 Risk of handling virtual
currency
Num
ber
質 問 内 容 Example of the material to be
attached
回 答 Attached
material
Administrative
guideline Items
7 If you want to start dealing with a new virtual currency, you can make
a
You are trying to save, or you can explain the details in conjunction
with the retention period. Frumpy
corresponding document Virtual currency range,
etc.
(Ⅰ1
8 To begin handling a new virtual currency, the virtual currency And
what kind of information to provide to the user using what means
Please explain specifically what you are expecting.
Information disclosure materials to
users
Contract with the user (including
the terms of useYikes)
Other relevant internal documents
Virtual currency range,
etc.
(Ⅰ1
9 After starting the handling of virtual currency, which How often do
you collect information? Please explain.
Departments that collect such informationand collected information
in-house Please explain the reporting system concretely.
In addition, we assume that the information collected is provided to
the user. The content of the information provided and the means to
provide it. Please explain specifically.
Internal rules
Other relevant internal documents
Virtual currency range,
etc.
(Ⅰ1
10 Regarding the risk of handling virtual currencyUpdate the content
and re-evaluate (Hereinafter referred to as "revaluation, etc.")are
going to be Or, please explain the specifics including the following
points.
①Criteria, scene and frequency for re-evaluation
②Re-evaluation process
③Re-evaluation Division(Department)
④Above9Use of information collected based on
Internal rules
Other relevant internal documents
Virtual currency range,
etc.
(Ⅰ1
11 As a result of the re-evaluation of the handling risk, the contents of
the handling risk previously evaluated and discrepancy, what about
the handling of the virtual currency? Please explain specifically what
you are trying to respond.
Internal rules
Other relevant internal documents
Virtual currency range,
etc.
(Ⅰ1
12 If the handling of virtual currency is abolished or suspended, the virtual
How to respond to the handling of the currency, or Please explain in
detail, including the point of.
①Internal processes leading up to abolition or suspension
②External processes leading up to abolition or suspension
③Content and methods of knowledge to the user
④Refund policy in case of return of user's property
Internal rules
-well-known materials to users
Contract with the user (including
the terms of useYikes)
Other relevant internal documents
Virtual currency range,
etc.
(Ⅰ1
14. 12/83 Business
Administrati
on
Num
ber
質 問 内 容 Example of the material to be
attached
回 答 Attached
material
Administrative
guideline Items
Business Administration
1 Organization meeting body in your company and your groupIn
addition to the Board of DirectorsOther than the organization under
the Company law which has been installed arbitrarily, such as
Including. The purpose, frequency, and members of the The same
Internal rules
-Regulations, clerical
correspondence, etc.
Business Administration
(Ⅱ-1-2)
2 Directors (outside, in-house), executive officer, department manager
and auditor Especially financial institutions andItBusiness experience
in the relevant company. Not
When a major shareholder is a natural person, the material that
understands the biography of the shareholder Please also submit.
Job history Business Administration
(Ⅱ-1-2)
3 Audits conducted by corporate auditors and the audit Committee
(where no corporate auditors have been established Directors),
please submit a material that understands the plan of the
Director.If the audit is already conducted, the audit report will also be
Please submit.
Audit plan
-Audit Report
Business Administration
(Ⅱ-1-2)
4 Management policy, and what kind of management policy The review
process and results that have been made known to the staff as
Please explain specifically.
Meeting minutes of the Board of
Directors
Other meeting Minutes
-Regulations, clerical
correspondence, etc.
Business Administration
(Ⅱ-1-2)
5 What management risks can be incurred by doing business? Describe
the process and the results of the study, including the frequency
of identification, evaluation, and evaluation.
Meeting minutes of the Board of
Directors
Other meeting Minutes
-Regulations, clerical
correspondence, etc.
Business Administration
(Ⅱ-1-2)
6 The management team5Management risks identified and assessed
based on the How it is reflected in the management plan and
management Explain the results of the process.
Meeting minutes of the Board of
Directors
Other meeting Minutes
-Regulations, clerical
correspondence, etc.
Business Administration
(Ⅱ-1-2)
7 The management team5Management risks that are identified and
evaluated based on Management system, and what kind of
management Explain the process and the results of the study.
Meeting minutes of the Board of
Directors
Other meeting Minutes
-Regulations, clerical
correspondence, etc.
Business Administration
(Ⅱ-1-2)
8 Management issues obtained through the re-evaluation of
management risksHow they reflect the management plan and
management Please explain the process and the results in detail.
Meeting minutes of the Board of
Directors
Other meeting Minutes
-Regulations, clerical
correspondence, etc.
Business Administration
(Ⅱ-1-2)
15. 13/83 Business
Administrati
on
Num
ber
質 問 内 容 Example of the material to be
attached
回 答 Attached
material
Administrative
guideline Items
9 The management team5From8Properly monitor and verify the
performance ofWhat kind of internal controls are being built to And
the results of the course.
Meeting minutes of the Board of
Directors
Other meeting Minutes
-Regulations, clerical
correspondence, etc.
Business Administration
(Ⅱ-1-2)
10 Establishes basic policies and internal rules for maintaining and
verifying financial soundness ?
If so, what matters are included in the study of And the results of
the course.
Internal rules
Meeting minutes of the Board of
Directors
Other meeting Minutes
-Regulations, clerical
correspondence, etc.
Business Administration
(Ⅱ-1-2)
11 In order to maintain and verify financial soundness, the company has
Describe the process and the results of the study, including the
following points.
①Installation status of the department or person in charge
②Financial risk analysis in the context of a business model
③Financial Risk Management Methods
④Management involvement in financial risk management
⑤Policies to respond when financial risks emerge
Internal rules
-Regulations, clerical
correspondence, etc.
Organization Chart
Financial Risk Analysis Materials
Meeting minutes of the Board of
Directors
Minutes of other meetings
Business Administration
(Ⅱ-1-2)
12 Cover destination and reason for selection (credit rating, etc.)The
specific Please explain.
Examination materials for selection
Gabar Materials
Other relevant internal documents
Business Administration
(Ⅱ-1-2)
13 Is the information disclosed to the user about the status of
financial soundness?
When disclosing information, the content of the information to be
disclosed and the method of disclosure Please explain specifically.
Internal rules
Information disclosure materials to
users
Other relevant internal documents
Business Administration
(Ⅱ-1-2)
14 About internal audits
1Internal audit of whether the internal management structure is
functioning effectively Are you setting up internal rules?
If so, explain specifically what matters The
Internal rules
Other relevant internal documents
Business Administration
(Ⅱ-1-2)
15 2For internal audits, including the following points Please explain.
①Position of the department in charge
②Staffing status in the DepartmentAppropriate number of people and
personnel to be placed including sex.)
③Department in chargeTraining and voluntary inspections of
employees engaged in Implementation status of business guidance
④The status of duties of employees engaged in the departmentSales
Department And the separation with the person in charge of the
internal management department.)
Internal rules
Structure Chart
Other relevant internal documents
Business Administration
(Ⅱ-1-2)
16. 14/83 Business
Administrati
on
Num
ber
質 問 内 容 Example of the material to be
attached
回 答 Attached
material
Administrative
guideline Items
16 3In order to conduct an internal audit, the following is the structure of Internal rules Business Administration
Please explain in detail, including the point of. Other relevant internal documents (Ⅱ-1-2)
①Concept of risk-based approach
②Subject, item and frequency of internal audits
③Process of formulation and execution of internal audit plan
④process of reporting and sharing internal audit results
⑤Improvement measures, verification, and prevention of recurrence in
the results of internal audits
Process of formulating measures
⑥Status of cooperation with external audit functions and
corporate auditors and the Board of Auditors
17 Commissioned or commissioned a financial statement audit and a
separate management audit
Contract Agreement Business Administration
The name of the Audit corporation or CPA and the status of the
contract
Documents pertaining to the
verification result of the
commissioned destination
(Ⅱ-1-2)
The following points, and explain them specifically. Other relevant internal documents
①Matters examined in selecting the commissioned destination
②Matters concerning the audit capacity of the commissioned
party
③Details of the contract with the commissioned party (such as
draft contract)
18 An audit corporation or CPA who is commissioned or scheduled to
be commissioned by you
Contract Agreement Business Administration
The virtual currency that you hold or handle (you cannot track the
transaction history, etc.)
Documents pertaining to the
verification result of the
commissioned destination
(Ⅱ-1-2)
including non-feasible or difficult virtual currency, but limited Other relevant internal documents
Not. Audits (including both segregated and financial statements).
Yikes Please describe your company's views on whether or not to
do so.
17. 15/83 Compliance
with laws and
regulations
Num
ber
質 問 内 容 Example of the material to be
attached
回 答 Attached
material
Administrative
guideline Items
Compliance with laws and regulations
1 Compliance with laws and regulations from the standpoint of ensuring
business operationsCompliance Basic policies and specific practice
plans that takeCompliance Pro and Code of Conduct (Code of ethics
and compliance manuals) etc. Are you determined?
If so, explain specifically what matters The
Applicable internal documents, etc. Compliance with laws
and regulations
(Ⅱ-2-1-1-2)
2 Compliance with laws and regulationsThe following points about the
internal system Please explain in detail, including
①Position of the department in charge
②Staffing status in the DepartmentAppropriate number of people and
personnel to be placed including sex.)
③Department in chargeTraining and voluntary inspections of
employees engaged in Implementation status of business guidance
④The status of duties of employees engaged in the departmentSales
Department Including separation with the person in charge of the.)
Internal rules
Structure Chart
Other relevant internal documents
Compliance with laws
and regulations
(Ⅱ-2-1-1-2)
3 Above1And2Compliance with laws and regulationsAbout which yo
The company's internal management system, and the following points,
including Please explain.
①Evaluation and follow-up of practice plans and code of conduct
②The process of informing, reviewing, and improving the content
of the practice plan and Code of Conduct
③Status of compliance training for executives and employees and
evaluation after training and follow-up
④Implementation status of voluntary inspections and follow-up
after implementation
Internal rules
Other relevant internal documents
Compliance with laws
and regulations
(Ⅱ-2-1-1-2)
4 Do you have rules for the service of employees?
If so, what kind of content do you include? The
Service Regulations Compliance with laws
and regulations
(Ⅱ-2-1-1-2)
5 What actions are prohibited based on the rules of service of officers
and employees? Please explain in detail.
Measures taken to prevent such prohibited acts and How to verify
and monitor whether the Please explain in detail.
Service Regulations Compliance with laws
and regulations
(Ⅱ-2-1-1-2)
18. 16/83 Compliance
with laws and
regulations
Num
ber
質 問 内 容 Example of the material to be
attached
回 答 Attached
material
Administrative
guideline Items
6 To start a new transaction using virtual currency, a series of
transactions
-Documents discussing issues Compliance with laws
and regulations
How to establish a way to verify that it does not conflict with the
law
Other relevant internal documents (Ⅱ-2-1-1-2)
Or, please explain specifically the following points.
①Verification principal and verification process
②How to make decisions based on verification results
③If there are points already considered, the content of the
verification and the result of examination
7 Foreign exchange and foreign trade law, Japan and foreign or
resident and non-
Internal rules Compliance with laws
and regulations
Between residents and3,000Payment or payment exceeding the
equivalent amount
Other relevant internal documents (Ⅱ-2-1-1-2)
The Minister of Finance should report it to the
In the case of the use of virtual currency, the company recognizes
that it includes
Regulations, etc.
If so, explain specifically what matters
The
19. 17/83 Blocking relations with
antisocial forces
Num
ber
質 問 内 容 Example of the material to be
attached
回 答 Attached
material
Administrative
guideline Items
Blocking relations with antisocial forces
1 Basic policies and internal rules to block the relationship with antisocial
What is the
If so, explain specifically what matters The
Internal rules
Other relevant internal documents
by antisocial
forces.Prevention of
harm
(Ⅱ-2-1-3-2)
2 Regarding the internal structure relating to the interception of
relations with antisocial forces, the following points Please explain it
specifically.
①Position of the department in charge
②Staffing status in the DepartmentAppropriate number of people and
personnel to be placed including sex.)
③Department in chargeTraining and voluntary inspections of
employees engaged in Implementation status of business guidance
④Status of duties of executives and employees engaged in the
department in charge
Internal rules
Structure Chart
Other relevant internal documents
by antisocial
forces.Prevention of
harm
(Ⅱ-2-1-3-2)
3 Above1And2In order to block the relationship with antisocial
forces.In-house management, including the following points. Please
explain.
①A method of screening and monitoring of anti-social forces(Trading
including both before and after the start.)
②How to gather information about antisocial forces
③Building a database that centrally manages the information of
antisocial forces, Status of updates (additions, deletions, changes,
etc.)
④Construction of cooperation system with external specialized
organizations such as police
⑤The status of internal processes after it turns out to be anti-
social forces
⑥A method of blocking relations after it turns out to be anti-
social forces
⑦Status of the report to the relevant authorities after it turns out
to be anti-social forces
⑧In the event of a wrongful request, the information is promptly
Appropriate reporting and consultation system
⑨不In the event that this request is made, it is positively System to
consult
⑩Center for the promotion of violence in the event of unreasonable
demand The system to respond to the unreasonable requirements
Internal rules
Contract with the user (including
the terms of useYikes)
Other relevant internal documents
by antisocial
forces.Prevention of
harm
(Ⅱ-2-1-3-2)
4 Have you introduced a gang exclusion clause in contracts or terms
of business?
If so, what are the terms of the The same
Contract with the user (including
the terms of useYikes)
by antisocial
forces.Prevention of
harm
(Ⅱ-2-1-3-2)
5 Periodically, such as checking the transaction status of the company's
stock and the shareholder's attribute information Do you manage
shareholder information properly?
What kind of management techniques you manage, and specifically
Please explain.
Internal rules
Other relevant internal documents
by antisocial
forces.Prevention of
harm
(Ⅱ-2-1-3-2)
20. 18/83 Response to the hidden
case
Num
ber
質 問 内 容 Example of the material
to be attached
他 回 答 Attached
material
Administrative
guideline Items
Response to the hidden case
1 The Cabinet Office Ordinance33"Virtual currency exchange to
directors or employees," as stipulated in article
Internal rules Response to the hidden
case
Act in violation of the law or the virtual currency exchange
business.
Other relevant internal documents (Ⅱ-2-1-4-2)
Acts that interfere with the actual performance of the hidden)
occurred
Are there any basic policies or internal rules?
If so, explain specifically what matters
The
The hidden case is a violation of the act of the virtual currency
exchange business.
The following actions are applicable.
①For the business of the virtual currency exchange industry,
Fraud, embezzlement, breach, etc.
②In relation to the business of the virtual currency exchange
business, the user is accused or
The act of being arrested
③To interfere with the proper and reliable implementation of the
operations of the virtual currency exchange business.
Acts that are or may be
Equivalent to
2 Regarding the internal system pertaining to the response to the
hidden incident, including the following points
Internal rules Response to the hidden
case
Please explain the body. Structure Chart (Ⅱ-2-1-4-2)
①Position of the department in charge Other relevant internal documents
②Position of personnel in the Department (department)
including sex. )
③Training and voluntary inspections for executives and employees
engaged in the department in charge
Implementation status of business guidance
④The status of duties of employees engaged in the department in
charge (department)
Including separation with the person in charge of the.)
3 Above1And2In addition, when the hidden case is discovered, the
hidden incident
Internal rules Response to the hidden
case
In order to respond to the timely and appropriate Other relevant internal documents (Ⅱ-2-1-4-2)
Please explain it concretely including the point below.
①In-house reporting systems (in accordance with internal regulations,
and
Reporting and reporting to the management team, etc.)
②Reporting system to the authorities and other external
organizations
③Investigation and clarification of scandals in independent
departments (internal audit departments, etc.)
Roses
④System to protect users
⑤System for prevention of recurrence, such as generation cause
analysis and formulation of improvement measures
21. 19/83 User protection
measures
Num
ber
質 問 内 容 Example of the material to be
attached
回 答 Attached
material
Administrative
guideline Items
User protection measures
1 To provide explanations, information, and other user protection The
company has established internal rules for the necessary
measures.
If so, explain specifically what matters The
Internal rules
Other relevant internal documents
User protection
measures
(Ⅱ-2-2-1-2)
2 In order to make proper transactions with the user, the customer
attributes(Age, assets and income Situation, investment experience,
etc.)Determine the appropriateness of starting a transaction with a
different user The standards of the
If so, explain specifically what matters The
Internal rules
Other relevant internal documents
User protection
measures
(Ⅱ-2-2-1-2)
3 The situation to manage the dealings with the user(Rules, structure,
etc.)How to Or, please explain specifically, including the following
points.
①Customer attributes(Age, asset and income status, investment
experience, etc.)Transactions considering setting of form, handling
virtual currency, leverage ratio, transaction limit, etc.
②When opening a trading account, it is necessary toTiming to
receive deposit of the necessary margin for currency or margin
transactions Ring
③The number of accounts allowed for the same user
Internal rules
Other relevant internal documents
User protection
measures
(Ⅱ-2-2-1-2)
4 The company's internal system for explaining and providing information
to users Please explain it concretely including the following points.
①Position of the department in charge
②Staffing status in the DepartmentAppropriate number of people and
personnel to be placed including sex.)
③Department in chargeTraining and voluntary inspections of
employees engaged in Implementation status of business guidance
④Status of duties of executives and employees engaged in the
department in charge
Internal rules
Structure Chart
Other relevant internal documents
User protection
measures
(Ⅱ-2-2-1-2)
5 Above1And4To provide explanations and information to the users.
What kind of internal management system you are building, including the
following points Please explain the
①To verify the status of the implementation of the information
Monitoring
②Correspondence when there is a defect in the description
contents etc.
③Status of documents, etc. issued or notified
④Response to inquiries from users regarding the contents of the
description
Internal rules
Other relevant internal documents
User protection
measures
(Ⅱ-2-2-1-2)
22. 20/83 User protection
measures
Num
ber
質 問 内 容 Example of the material to be
attached
回 答 Attached
material
Administrative
guideline Items
6 Information on the user's information and at what point Internal rules User protection
measures
Who is going to manage the user information? Other relevant internal documents (Ⅱ-2-2-1-2)
Please explain in detail according to the following categories.
①If the user is not a natural person or a natural person
②Different types of transactions that users apply
7 The Cabinet Office Ordinance16The Items and17To provide
information as specified in each item of the article.
Internal rules User protection
measures
Please explain the following points in detail. Information disclosure materials to
users
(Ⅱ-2-2-1-2)
①Content and methods of information provision Other relevant internal documents
②When to provide information
③Status of verification of timely and appropriate information
provision
④Status of records and storage of information provided
8 The Cabinet Office Ordinance16The Items and17Other than the
information specified in each item
Internal rules User protection
measures
If there is a written or electromagnetic record to be issued or notified
to an
Information disclosure materials to
users
(Ⅱ-2-2-1-2)
Please explain the points below specifically. Other relevant internal documents
①Contents and methods of documents or electromagnetic
records to be issued or notified
②When to grant or notify
③Status of verification that the delivery or notice has been done
in a timely and appropriate manner
④The status of records and storage of a grant or notification
9 In order to start trading with the user, Internal rules User protection
measures
In accordance with the following categories, the specific Information disclosure materials to
users
(Ⅱ-2-2-1-2)
Please explain the Other relevant internal documents
Note: The Cabinet Office Ordinance16The Items and17Information
specified in each item of article is included
If you have any questions, please explain them, including such
information.
①Trading method
②Policy pertaining to order acceptance and contract processing
③Dealing with branches in a large block chain
④If the slippage occurs, the slippage
項
⑤Matters concerning fees
Note⑤, for example, to present and trade prices with spreads
If the transaction price includes the equivalent
24. 22/83 User protection
measures
Num
ber
質 問 内 容 Example of the material to be
attached
回 答 Attached
material
Administrative
guideline Items
10 Explain to the user when starting a transaction with the user
The contents of "virtual Currency and transaction risk" are Please
explain.
Internal rules
Information disclosure materials to
users
Other relevant internal documents
User protection
measures
(Ⅱ-2-2-1-2)
11 Explain to the user when starting a transaction with the user
The contents of the management of user assets The same
Internal rules
Information disclosure materials to
users
Other relevant internal documents
User protection
measures
(Ⅱ-2-2-1-2)
12 In the event of a margin transaction with the user, prior to the
commencement of the transaction The contents of the "margin
transaction" described by the user. Please explain it concretely
including the following points.
①How does margin trading work?
②Matters concerning mid-career cancellation
③Loss-cut trading matters
④Additional margin matters
⑤The content of the risk, including the possibility of loss
exceeding the margin.)
Internal rules
Information disclosure materials to
users
Other relevant internal documents
Applicable internal documents, etc.
User protection
measures
(Ⅱ-2-2-1-2)
13 On behalf of the user or by theDomestic and international alike.) to
When ordering a transaction, explain to the user Please describe the
content of the matter to be specific.
Internal rules
Information disclosure materials to
users
Other relevant internal documents
User protection
measures
(Ⅱ-2-2-1-2)
14 In order to initiate a transaction with the user, the Please describe
the contents of "matters concerning the settlement of disputes
arising from the reception of user complaints and transactions
with users".
Internal rules
Information disclosure materials to
users
Other relevant internal documents
User protection
measures
(Ⅱ-2-2-1-2)
15 In order to initiate a transaction with the user, the The burden of
damage arising from the transaction and the whereabouts of liability
Please explain specifically.
Internal rules
Information disclosure materials to
users
Other relevant internal documents
User protection
measures
(Ⅱ-2-2-1-2)
16 In order to initiate a transaction with the user, the Describe the
content of "prohibited acts by the user". Not
Internal rules
Information disclosure materials to
users
Other relevant internal documents
User protection
measures
(Ⅱ-2-2-1-2)
25. 23/83 User protection
measures
Num
ber
質 問 内 容 Example of the material to be
attached
回 答 Attached
material
Administrative
guideline Items
17 To provide information in an appropriate manner in lieu of issuing a
written
Internal rules User protection
measures
To receive the intention of accepting or withdrawing from the user. Accept or WithdrawHpScreen etc. (Ⅱ-2-2-1-2)
Or not. Other relevant internal documents
If you are going to receive the intention to receive the
Or, please explain specifically, including the following points.
①Timing and method of receipt of the intention display
②Method and recording period of the receipt of the received
intention
18 When dealing with users through the Internet, Internal rules User protection
measures
What measures are taken to ensure that the following Information disclosure materials to
users
(Ⅱ-2-2-1-2)
Please explain in detail including the point. Other relevant internal documents
①The user does not mistake the trading party for the link of the
homepage.
Measures to make
②Anti-fraud measures such as phishing
③Before the user submits the order of the transaction, the user
The correspondence that the contents of the order can be easily
confirmed and corrected.
26. 23/83 Separate control of User
property
Num
ber
質 問 内 容 Example of the material to be
attached
回 答 Attached
material
Administrative
guideline Items
Separate control of User property
1 Operations pertaining to the fractionation management of user assets
(hereinafter referred to as "segregated management operations"))
The company has established internal rules regarding
If so, explain specifically what matters The
Internal rules
Other relevant internal documents
The money andSeparate
Virtual currency
management
(Ⅱ-2-2-2-2)
2 The company's internal system for sorting and management
operations, including the following points Please explain the
①Position of the department in charge
②Staffing status in the DepartmentAppropriate number of people and
personnel to be placed including sex.)
③Department in chargeTraining and voluntary inspections of
employees engaged in Implementation status of business guidance
④The status of duties of employees engaged in the departmentThe
following In the)The person who is checking the balance of the
user's property(Below
Referred to as "a collating person."including the separation of. )
Internal rules
Structure Chart
Other relevant internal documents
The money andSeparate
Virtual currency
management
(Ⅱ-2-2-2-2)
3 Of the user's property, the money received from the user (hereinafter
referred to as "deposit" That )In any way to manage their own
money and Or, please explain the following points specifically.
①The range of deposits that are subject to discretion
management
②How to separate the deposit of deposits
③The balance of the user's property on the books (hereinafter
referred to as "book balance"))How to calculate method, calculation
frequency, subject of calculation
④What should I do if I have an abnormal value in my book
balance?
⑤Maintenance measures to prevent the balance of deposits from
being insufficient in the book balance The presence of
⑥Measures to prevent the management of co-storage with own
money and storage How to deal with the occurrence of
Internal rules
Other relevant internal documents
The money andSeparate
Virtual currency
management
(Ⅱ-2-2-2-2)
4 In the case of separate management of deposits to banks and other
Account and other savings accounts that manage the money of the
Treasury. The status of the opening of the bank or the consultation
situation for opening the The same
Bank book
Other relevant internal documents
The money andSeparate
Virtual currency
management
(Ⅱ-2-2-2-2)
5 Financial trusts to banks engaged in trust business In the case of
segregated management by the contract of Please explain the
contents of the Trust agreement concretely.
Trust contract
Other relevant internal documents
The money andSeparate
Virtual currency
management
(Ⅱ-2-2-2-2)
27. 24/83 Separate control of User
property
Num
ber
質 問 内 容 Example of the material to be
attached
回 答 Attached
material
Administrative
guideline Items
6 The procedure for matching of the deposit and the book balance,
including the following points
Internal rules The money and
Please explain the body. -Documents and books to be
checked
Separate Virtual
currency management
①Materials and forms to match Other relevant internal documents (Ⅱ-2-2-2-2)
②Collation person
③Verification procedure
④Collation frequency
⑤The body of report and cause analysis in the event of a
discrepancy between deposit and book balance
制
⑥Measures when the deposit is insufficient for the book balance
⑦If the deposit is excessive for the book balance (the
Including the case in which the part is mixed.) measures
7 Of the user's property, the virtual currency that was deposited by
the user (hereinafter
Internal rules The money and
Virtual currency. How to manage your own Other relevant internal documents Separate Virtual
currency management
You have managed to separate the virtual currency, including the
following points, specifically
(Ⅱ-2-2-2-2)
Please explain.
①The range of virtual currency to be separated
②How to separate and manage virtual currency deposits
③Calculation of book balance, calculation frequency, and
calculation target
④What should I do if I have an abnormal value in my book
balance?
⑤High on the network of the block chain of virtual currency
Is there a conservation measure to prevent the shortage of the
book balance?
⑥If you want to manage your own virtual currency in a third party.
Includes other virtual currencies managed by such third parties.And
the management of the mixed warehouse
Measures to prevent and how to cope with the case of mixed
storage
8 High on the network of the block chain of virtual currency Internal rules The money and
For the procedure of the high collation, I explain it concretely
including the following points.
-Documents and books to be
checked
Separate Virtual
currency management
Frumpy Other relevant internal documents (Ⅱ-2-2-2-2)
①Documents and books to match
②Collation person
③Verification procedure
④Collation frequency
⑤High and books on the network, such as the block chain of virtual
currency deposits
Structure of reporting and cause analysis in the event of a
discrepancy in balance
⑥High on the network of the block chain of virtual currency
Measures to be taken when there is a shortage in the book
balance
⑦High on the network of the block chain of virtual currency
If there is an excessive amount of equity in the
29. 26/83 Separate control of User
property
Num
ber
質 問 内 容 Example of the material to be
attached
回 答 Attached
material
Administrative
guideline Items
9 The private key required to manage and dispose of the virtual
currency
Internal rules The money and
The key. How to manage them, including the following points. Other relevant internal documents Separate Virtual
currency management
Please explain. (Ⅱ-2-2-2-2)
①Number of target private key and storage environment
②An environment that is not connected to an external network
such as the Internet
(The following is called "Offline environment".)Storage of virtual
currency by currency
況
③Non-offline environment(The following is called "online
environment".)Targeted at
If you want to keep a private key, you can
Setting the maximum virtual currency that can be disposed of with
a key
④Physical access to the target private key by a non-privileged person
⑤Selection of receipts personnel
⑥Measures to prevent the misuse of the virtual currency deposited by
the receipts
置
⑦How to explain to the user about how to manage the target private
key,
Description of the information and whether or not it is reflected in
the contract with the user
10 If a third party is entrusted to the management of the virtual
currency
Internal rules The money and
Operations pertaining to the management of virtual currency
(hereinafter referred to as "consignment management business").)
Contract agreement and
accompanying statement
Separate Virtual
currency management
To ensure that the system is safe and secure. 書 (Ⅱ-2-2-2-2)
Details, including the following points. Documents pertaining to verification
results of contractors
①Specific details of the commissioned management business Other relevant internal documents Outsourced
②Responsible Department of consignment Management (Ⅱ-2-3-3-2)
③Possibility of conducting external audits of outsourced
management operations
④Confirm Trust status of contractors
⑤Retention of necessary authority such as request for reporting
and improvement of contractors
⑥In advance that the entrusted management business is properly
carried out
Verification of the post and the frequency of the verification
⑦System pertaining to reporting and correspondence in the event
of an incident at a subcontractor
Confirmation of
⑧It became difficult to carry out the consignment management
business in the contractor.
Security measures of the user property in the case
11 Do you have internal rules for separate management audits?
If so, explain specifically what matters are included. Frumpy
Internal rules
Other relevant internal documents
The money andSeparate
Virtual currency
management
(Ⅱ-2-2-2-2)
12 In the company's internal framework for fractionation management Internal rules The money and
30. 27/83 Separate control of User
property
audits, including the following points
Please explain the Other relevant internal documents Separate Virtual
currency management
①Division of segregated Management audits (Ⅱ-2-2-2-2)
②System of internal feedback of the results of segregated
management audits
③Improvement of indications based on fractionation management
audits and subsequent improvement
Monitoring System
31. 26/83 Book
Documen
ts
Num
ber
質 問 内 容 Example of the material to be
attached
回 答 Attached
material
Administrative
guideline Items
Book Documents
1 Book Documents (Cabinet Office Ordinance26The book documents
prescribed in article The same below.)を Please explain the details of
each book document for any purpose or purposes.
Relevant book documents
Other relevant internal documents
In-house on book
documentsRules, etc.
(Ⅱ-2-2-3-2)
2 To create a book document, we have established basic policies and
internal rules. ?
If so, explain specifically what matters The
Internal rules
Other relevant internal documents
In-house on book
documentsRules, etc.
(Ⅱ-2-2-3-2)
3 In-house system pertaining to the creation and management of book
documents, including the following points Please explain in detail.
①Position of the department in charge
②Staffing status in the DepartmentAppropriate number of people and
personnel to be placed including sex. )
③Department in chargeTraining and voluntary inspections of
employees engaged in Implementation status of business guidance
④Status of duties of executives and employees engaged in the
department in charge
Internal rules
Structure Chart
Other relevant internal documents
In-house on book
documentsRules, etc.
(Ⅱ-2-2-3-2)
4 Above2And3In addition to the proper and reliable implementation of
book documents. In order to establish what kind of internal
management system, the following points Please explain in detail,
including
①Policy for dealing with damage to book documents
②How to guarantee and verify the accuracy of the contents of a
book document
③How to store books (storage media, backup, etc.) and storage
location
(with or without external access)
Internal rules
Other relevant internal documents
In-house on book
documentsRules, etc.
(Ⅱ-2-2-3-2)
32. 27/83 User Information
Management
Num
ber
質 問 内 容 Example of the material to be
attached
回 答 Attached
material
Administrative
guideline Items
User Information Management
1 In order to ensure the appropriateness of information management for
users, the basic policy and Are you setting up internal rules?
If so, explain specifically what matters The
Internal rules
Other relevant internal documents
To manage user
informationInternal
rules
(Ⅱ-2-2-4-2)
2 Do you have a standard for handling information about users?
If so, explain specifically what matters The
Applicable internal materials To manage user
informationInternal
rules
(Ⅱ-2-2-4-2)
3 Information, including the parent company and affiliates. )To
communicate Have you set the handling standards?
If so, explain specifically what matters The
Applicable internal materials To manage user
informationInternal
rules
(Ⅱ-2-2-4-2)
4 The following points are included in the internal system pertaining to
the information management of the user. Please explain it
specifically.
①Position of the department in charge
②Staffing status in the DepartmentAppropriate number of people and
personnel to be placed including sex. )
③Department in chargeTraining and voluntary inspections of
employees engaged in Implementation status of business guidance
④The status of duties of employees engaged in the departmentSales
Department Including separation with the person in charge. )
Internal rules
Structure Chart
Other relevant internal documents
To manage user
informationInternal
rules
(Ⅱ-2-2-4-2)
5 Above1From4and to ensure the appropriateness of information
management for users In order to establish any in-house
management, including the following points Please explain in detail.
①The expertise of the staff engaged in the audit concerning the
information management of the user Training and other activities to
enhance
②Status of training on information management for executives and
employees in general Assessment and follow-up status
③To ensure timely and appropriate verification of the management
status of information about users
④Thorough control of access to information about users
⑤relating to the prevention of information about the user by internal
parties Measures
⑥Robustness of information management systems, including the
protection of unauthorized access from outside Measures such as
Applicable internal materials To manage user
informationInternal
rules
(Ⅱ-2-2-4-2)
33. 28/83 User Information
Management
Num
ber
質 問 内 容 Example of the material to be
attached
回 答 Attached
material
Administrative
guideline Items
6 Employees who have a wide range of privileges, such as the ability to
focus on specific personnel
Management and restrain, we have used information about users Do
you have a set of appropriate measures to prevent cheating?
If so, explain specifically what matters The
Applicable internal materials To manage user
information
Internal rules
(Ⅱ-2-2-4-2)
7 In the event of a disclosure of information about the user
(Rules and systems)Are you building? Specifically, including the
following points Please explain.
①Appropriate reporting system to responsible department
②To the target audience and to the public and to the authorities as
necessary. Reporting System
③Investigation of measures to prevent secondary damage and
recurrence
④Measures to prevent the recurrence of similar cases based on leakage
accidents Study
Applicable internal materials To manage user
informationInternal
rules
(Ⅱ-2-2-4-2)
8 Information about the individual user, the Cabinet Office
Ordinance13Based on article In accordance with the following
categories, the specific Please explain the
①Safety Management
イ Financial sector guidelines8Measures pursuant to
the provisions of articleロ Practical
guidelinesⅠand attachment1Measures based on
the provisions of
②Supervision of employees
イ Financial sector guidelines9Measures pursuant to
the provisions of articleロ Practical
guidelinesⅡMeasures based on the provisions of
Applicable internal materials To manage user
informationInternal
rules
(Ⅱ-2-2-4-2)
9 Race, creed, lineage, domicile, health care and Information about a
criminal background or other special private information
(note)Financial sector guidelines.5Article1Except when enumerated in
each item. Please explain specifically what measures are taken to
ensure that you do not use them.
Note: Other special private information is the following information.
①Information on membership in labor unions
②Ethnic information
③Information on sex life
④Enforcement Order of the Personal Information Protection
Act2Article4Information on matters stipulated in the
⑤Enforcement Order of the Personal Information Protection
Act2Article5Information on matters stipulated in the
⑥Information on facts that have been harmed by crimes
⑦Social statusInformation about
Applicable internal materials To manage user
informationInternal
rules
(Ⅱ-2-2-4-2)
10 In order to manage credit card information properly, what measures
are Please explain in detail, including the following points.
①Retention period, storage location and disposition of credit card
information, etc. 置
②Measures to prevent information leaks such as credit card
information
③Rules and systems for protecting credit card information, etc.
Status of internal audits on effectiveness
Applicable internal materials To manage user
informationInternal
rules
(Ⅱ-2-2-4-2)
34. 29/83 Complaint handling and
dispute resolution
Num
ber
質 問 内 容 Example of the material to be
attached
回 答 Attached
material
Administrative
guideline Items
Complaint handling and dispute resolution
1 Complaints and disputes about business (hereinafter collectively
referred to as "complaints, etc.")
Internal rules Dealing with complaints
(financial a)
That The company has established basic policies and internal rules for Other relevant internal documents In response to the DR
System.
? Yikes
If so, explain specifically what matters (Ⅱ-2-2-5)
The
2 In the internal management system pertaining to the processing of
complaints, etc., including the following points
Internal rules Dealing with complaints
(financial a)
Please explain the body. Structure Chart In response to the DR
System.
①Position of the department in charge Other relevant internal documents Yikes
②Position of personnel in the Department (department) (Ⅱ-2-2-5)
including sex. )
③Training and voluntary inspections for executives and employees
engaged in the department in charge
Implementation status of business guidance
④The status of duties of employees engaged in the department in
charge (department)
Including separation with the person in charge of the. )
3 Above1And2In order to properly and reliably handle complaints and
other
Internal rules Dealing with complaints
(financial a)
In-house management, including the following points. Contract for Outsourcing In response to the DR
System.
Please explain. Other relevant internal documents Yikes
①Cooperation of related departments concerning complaints, etc.
(internal process of sharing)
(Ⅱ-2-2-5)
②Access time and access to complaints and other contact points for
user convenience
Set up a column
③Status of explanation and follow-up to users who filed
complaints
④Status of records and storage of complaints, etc. (What tools do
you use?
? )
⑤Formulation of complaints and other causes analysis and
preventive measures
⑥The status of management's involvement in handling complaints
⑦If you have outsourced the handling of complaints or other
Supervision System for Contractors
⑧Pressure posing as complaints by antisocial forces(Unreasonable
demands and Kramer
The including.)Response to
⑨Appropriate progress management of complaints, and prevention
of occurrence of long-term unliquidated
⑩Personal information obtained through complaints, etc.
Securing the handling along
⑪Internal audit framework to ensure effectiveness of complaints
35. 30/83 Complaint handling and
dispute resolution
and other coping functions
⑫Reflecting the results of complaints and other actions to
business operations
⑬Correspondence in case of a mistake of clerical processing
concerning the processing of the complaint etc.
36. 30/83 Complaint handling and
dispute resolution
Num
ber
質 問 内 容 Example of the material to be
attached
回 答 Attached
material
Administrative
guideline Items
4 In the case of using an external agency, etc. When handling complaints,
the external
Internal rules Dealing with complaints
(financial a)
What measures are taken to ensure the proper use of such -Regulations of external
organizations and other external
machines
In response to the DR
System.
Or, please explain the specifics including the following points. Information on Seki Yikes
(注)External organizations, etc.AdrVirtual currency exchange in the
system
Contract with external organizations (Ⅱ-2-2-5)
External agencies used by(Hereinafter referred to as "external
agencies".)including but to this
Other relevant internal documents
Not limited.
①Introduction of appropriate external organizations to users
②Explanation of the standard procedures for using external
organizations, etc.
③While procedures for handling complaints are pending in external
organizations
Appropriate response to the user, if necessary.(General resources
such as providing and explaining to the user.)Measures to do
④Cooperation system for external organizations to resolve
complaints promptly
⑤If you petition an external organization for dispute resolution
Not to have enough of the procedures, but to use the
Response to the filing of complaints from the applicant, and
To conduct appropriate examination in-house as required
5 In regard to complaints handling measures and conflict resolution
measures, the company
Internal rules Dealing with complaints
(financial a)
Please explain in detail, including the following points. External organization regulations
and other external organizations
In response to the DR
System.
Not Materials for Yikes
①The contents and process of the complaint handling measures Contract with an external
organization
(Ⅱ-2-2-5)
②Contents and process of conflict resolution measures Other relevant internal documents
③Scope of application of complaints handling measures and
dispute resolution measures
④Methods and frequency of review and review of complaints
handling measures and dispute resolution measures
⑤When using an external agency, the contents of the arrangements
with the external
⑥In the case of using an external agency, the cost breakdown and the
burden of the user
度
⑦The Cabinet Office Ordinance25Article1Section5or the same
article.2Section4Applicable law
If you use a person, the basis of the requirements
37. 31/83 Complaint handling and
dispute resolution
Num
ber
質 問 内 容 Example of the material to be
attached
回 答 Attached
material
Administrative
guideline Items
6 Above5In addition, in order to develop a situation
In accordance with the following categories, we have established a
Please explain in detail.
(注)"When you make your own arrangements for the handling of
complaints," The Cabinet Office Ordinance25Article1Section1The
case of the issue.
①Provision of advice and guidance to employees through consumer
life advisory staff, etc. If you want to
イ Contents and frequency of training by the consumer
life advisory staff, etc.ロ Communication system with
the consumer life advisory staff, etc.
ハ Internal initiatives to improve the skills and knowledge of
employees
ニ How to use the expertise and experience of the consumer life
consulting staff
②When you develop your own business operation system and
internal rules
イ Status of maintenance of business management system and
internal rules for complaints processingロ Known status of
complaints
ハ Status of business management system and internal rules for
complaints processing
Internal rules
Other relevant internal documents
Dealing with complaints
(financial a)
In response to the DR
System.Yikes
(Ⅱ-2-2-5)
7 Above5And dispute resolution measures in addition to external What
kind of internal structure are you building, the following points
Please explain in detail, including
(注)The use of external agencies for complaints processing and
dispute resolution measures The Cabinet Office
Ordinance25Article1Section2No.5and the same article 第2In the
case of each item.
①Information about external organizations and the contents of
publicity and How
②A petition for grievance or dispute resolution outside the scope
of the handling of external agencies introduced to the user due to
geography or complaints, disputes or other reasonsor other
external agencies that are appropriate to Response Policy
③Compliance to the process of complaints and dispute resolution from
external agencies, the fact that Policy to respond when requested to
submit research or related Materials(of compliance Including the
case study process and the compliance.)
④Settlement proposal, mediation plan, etc. from an external
organization that initiated the dispute resolution procedure Proposed
solution (hereinafter referred to as "solution").)is presented, the
policy of response(Including the process of accepting acceptance
or refusal of acceptance.)
⑤Examination of the subsequent correspondence process and
fulfillment situation in the case of acceptance of the proposed
solution Testimony and monitoring System
Internal rules
External organization regulations and
other external
organizationsMaterials for
Contract with an external
organization
Other relevant internal documents
Dealing with complaints
(financial a) Including
responses to the DR
system
(Ⅱ-2-2-5)
38. 32/83 Administrative
risk
Management
Num
ber
質 問 内 容 Example of the material to be
attached
回 答 Attached
material
Administrative
guideline Items
Administrative risk Management
1 Are there any regulations or internal rules pertaining to the
management of administrative risk?
Internal rules Administrative risk
Management
If so, what kind of content do you include? Other relevant internal documents (Ⅱ-2-3-2-2)
The (1) Administrative risk
management Systems
Note: The business risk is that the employees of the virtual
currency exchange
The virtual currency exchange by causing accidents or irregularities.
Risk of loss.
2 The company's internal system for management of administrative
risk, including the following points
Internal rules Administrative risk
Management
Please explain the body. Structure Chart (Ⅱ-2-3-2-2)
①Position of the department in charge Other relevant internal documents (1) Administrative risk
management Systems
②Position of personnel in the Department of
Including the Cutting property.)
③Training and voluntary inspections for executives and employees
engaged in the department in charge
Implementation status of business guidance
④The status of duties of employees engaged in the department
Including the separation of the person involved in the )
3 Above1And2In order to manage the administrative risk in addition
to
Internal rules Administrative risk
Management
In particular, including the following points. Management policy and Business
plan
(Ⅱ-2-3-2-2)
①Scope of business to detect administrative risk Board of directors ' meetings, minutes
of board meetings, etc.
(1) Administrative risk
management Systems
②How to detect administrative risk Initiatives policy, internal rules, etc.
③The process of internal reporting after the Office risk detection Other relevant internal documents
④Coping process after exposure to administrative risk
⑤Analysis of the cause of administrative risk and formulation of
preventive measures
⑥Status of management's involvement in administrative risk
4 What measures are being taken to mitigate the administrative risk. Initiatives policy, internal rules, etc. Administrative risk
Management
Please explain the The results of the administrative
risk assessment
(Ⅱ-2-3-2-2)
料 (1) Administrative risk
management Systems
Documents that summarize
administrative risk measures
Other relevant internal documents
39. 33/83 Outsourc
ed
Num
ber
質 問 内 容 Example of the material to be
attached
回 答 Attached
material
Administrative
guideline Items
Outsourced
1 The basic policy that defines the correspondence when the
outsourcing risk is actualized
Are you setting up internal rules?
If so, explain specifically what matters The
Internal rules
Other relevant internal documents
Internal Outsourcing
Rules, etc.
(Ⅱ-2-3-3-2)
2 Do you have a criteria for selection of outsourcing partners?
If so, explain specifically what matters The
Internal rules
Other relevant internal documents
Internal
OutsourcingRules, etc.
(Ⅱ-2-3-3-2)
3 The internal management system pertaining to outsourcing, including
the following points Please explain.
①Position of the department in charge
②Staffing status in the DepartmentNumber of people to be placed and
Including the Cutting property.)
③Department in chargeTraining and voluntary inspections of
employees engaged in Implementation status of business guidance
④The status of duties of employees engaged in the departmentSales
Department Including separation with the person in charge of the.)
Internal rules
Structure Chart
Other relevant internal documents
Internal
OutsourcingRules, etc.
(Ⅱ-2-3-3-2)
4 To provide necessary instructions for the improvement of compliance
with the laws and ordinances of subcontractors. The appropriate
measures are taken.
If you have taken a specific explanation of the Frumpy
Contract Agreement
Other relevant internal documents
Internal
OutsourcingRules, etc.
(Ⅱ-2-3-3-2)
5 In order to conduct inspections, report orders, and submit records by
outsourcing Do you take measures that do not interfere with the
fulfillment of obligations to the supervising authorities?
If you have taken a specific explanation of the Frumpy
Contract Agreement
Other relevant internal documents
Internal
OutsourcingRules, etc.
(Ⅱ-2-3-3-2)
6 Even if outsourcing is done, the user is also Is it clear that the same
rights are being secured?
If you have taken a specific explanation of the Frumpy
Contract Agreement
Other relevant internal documents
Internal
OutsourcingRules, etc.
(Ⅱ-2-3-3-2)
7 If the service is not provided as contracted for the consignment
Measures are taken to prevent the inconvenience of convenience. ?
If you have taken a specific explanation of the Frumpy
Contract Agreement
Other relevant internal documents
Internal
OutsourcingRules, etc.
(Ⅱ-2-3-3-2)
40. 34/83 Outsourc
ed
Num
ber
質 問 内 容 Example of the material to be
attached
回 答 Attached
material
Administrative
guideline Items
8 If you entrust the handling of information about the individual user,
the
To prevent leakage, loss or damage of personal information by
custody What measures are being taken, including the following points,
are explained specifically The
①Financial sector guidelines10Measures pursuant to the
provisions of article
②Practical guidelinesⅢMeasures based on the provisions of
Contract Agreement
Other relevant internal documents
Internal Outsourcing
Rules, etc.
(Ⅱ-2-3-3-2)
9 Regarding complaints about the consignment business, the appropriate
and explain specifically what you are building.
Contract Agreement
Other relevant internal documents
Internal
OutsourcingRules, etc.
(Ⅱ-2-3-3-2)
10 The information management of the user is done properly in the
outsourcing destination Please explain specifically how you are
confirming that
Contract Agreement
Other relevant internal documents
Internal
OutsourcingRules, etc.
(Ⅱ-2-3-3-2)
11 In the event of an information leak accident at an outsourcing
destination, the appropriate The system has been supported and
reported promptly to the contractor. Please explain specifically how
you are confirming your
Contract Agreement
Other relevant internal documents
Internal
OutsourcingRules, etc.
(Ⅱ-2-3-3-2)
12 Is it restricted to the extent necessary according to the content
of the consignment business about the permission of the access
to the information about the user by the outsourcing destination?
If you are limited, what scope you are limiting, and Please explain.
Contract Agreement
Other relevant internal documents
Internal
OutsourcingRules, etc.
(Ⅱ-2-3-3-2)
13 What measures have been taken in the event of a two-stage contract?
Or, please explain the specifics including the following points.
①The external contractors are adequately supervised by the
subcontractors and other business operators. How to find out
②How to supervise subcontractors and other business operators
Contract Agreement
Other relevant internal documents
Internal
OutsourcingRules, etc.
(Ⅱ-2-3-3-2)
41. 35/83 Support for
people with
disabilities
Num
ber
質 問 内 容 Example of the material to be
attached
回 答 Attached
material
Administrative
guideline Items
Support for people with disabilities
1 Compliance with the Anti-Discrimination Act and the Guidelines for
the elimination of disability
Internal rules In response to the
disability
What kind of internal management system we are building to
respond to the following
Structure Chart Management system,
etc.
Please explain in detail, including the point of. Other relevant internal documents (Ⅱ-2-4-2)
①Status of placement and staffing of departments in charge
②Training and voluntary inspections for executives and employees
engaged in the department in charge
Implementation status of business guidance
③Specific policy
④Verification and monitoring of response status
42. 36/83 System Risk
Management
Num
ber
質 問 内 容 Example of the material to be
attached
回 答 Attached
material
Administrative
guideline Items
System Risk Management
System risk awareness, management stance, evaluation, etc.
1 What is the system required for your virtual currency exchange
business?You have created a picture or submitted a material that
understands the contents of the system plan. The
It is assumed that the following contents are included.
①A system scope
②Schedule
③System and workforce Planning
④Risk assessment Plan
⑤Development, quality, testing and operation plan
⑥Criterion(Process completion, Release)
Material in the left
2 Management is fully aware of the importance of system risk
management and Policy of Action(Basic policy on system risk
management)or a set of Please explain in detail.
Management policy and Business
plan
Board of Directors meeting and
meeting minutes
Basic policy on system risk
management
Internal rules
System Risk
Managementof Ⅱ-
2-3-1-2)
(1) Backs to system
riskRecognition, etc.
(2) System Risk
Management Voice勢
3 Based on the above policy, the role of management in system risk
managementof the management system and how they are responsible
for Please explain the specifics including the experience.
System Risk Management
Organization chart(Management
TeamThe role and scope of
responsibility of the)
Work history of each management
team
System Risk
Managementof Ⅱ-
2-3-1-2)
(1) Backs to system
riskRecognition, etc.
(2) System Risk
Management Voice勢
4 In light of the above roles and responsibilities, management is
SYSTEMRI Decisions on risk management, using evidence to Please
explain the
Management policy and Business
plan
Board of Directors meeting and
meeting minutes
-Conference body pertaining to
system risk
managementProceedings of
System Risk
Managementof Ⅱ-
2-3-1-2)
(1) Backs to system
riskRecognition, etc.
(2) System Risk
Management Voice勢
5 Management is the location and type of system risk in your system.
Please explain the main risks and the specific issues you are
facing.
The overall structure of the system
and the major risksInformation about
whereabouts and types
Board of Directors meeting and
meeting minutes
System Risk
Managementof Ⅱ-
2-3-1-2)
(1) Backs to system
riskRecognition, etc.
(2) System Risk
Management Voice勢
6 In order to properly manage the system risk, we have to Explain the
system or the scope of the regulations.
Basic policy on system risk
management
General structure and system of
internal rulesMaterial that
understands
System Risk
Managementof Ⅱ-
2-3-1-2)
(1) Backs to system
riskRecognition, etc.
(2) System Risk
Management Voice勢
43. 37/83 System Risk
Management
Num
ber
質 問 内 容 Example of the material to be
attached
回 答 Attached
material
Administrative
guideline Items
7 In order to manage the system risk appropriately, what kind of system
Roles, responsibilities, personnel skills, and organizational checks,
including Please explain the
System Risk Management
Organization chart(Administrative
responsibility
The roles and responsibilities of
each personin which the)
-Understand the background and
qualifications of personnelArticle
Personnel plan
System Risk Management
of Ⅱ-2-3-1-2)
(1) Backs to system
riskRecognition, etc.
(2) System Risk
Management Voice勢
8 About the system risk management process
1To adequately manage system risks, the system risks are covered
and periodic evaluation, improvement, and review of the Process and
input information that is Information about the tools you use.
Internal rules
Implementation plan, operational
rules
Comprehensive overview of system
risk.Materials, etc.(For example,
network
configurationFigure/Operation
flow/processing flow/BusinessFlow
and risk)
System risk and measures list,
correspondence totalA drawing
System Risk
Managementof Ⅱ-
2-3-1-2)
3System risk
Assessment
2Assessment of the above system risk is(Guidelines 等)Based on or
evaluation system(Guidelines, etc.)The name and the selection Please
explain.
Internal rules
Based on the evaluation
standardsGuidelines, frameworks,
etc.Material that understands
3Comprehensive identification of system risks in accordance with the
above process, The status of the assessment, improvement and
review, using evidence to Please explain.
Comprehensive overview of system
risk.Materials, etc.(For example,
network
configurationFigure/Operation
flow/processing flow/BusinessFlow
and risk)
Minutes and minutes of meeting
material
System risk and measures list,
correspondence totalA drawing
9 Management to assess and measure system risks and Please explain
the risks you are aware of and the specific risk.
Comprehensive overview of system
risk.Materials, etc.(For example,
network
configurationFigure/Operation
flow/processing flow/BusinessFlow
and risk)
System risk and measures list,
correspondence totalA drawing
Of the meeting that the management
confirmed and approvedMeeting
Minutes
System Risk
Managementof Ⅱ-
2-3-1-2)
3System risk
Assessment
10 Verifying the system risk management process
1Information security management, cyber security management, system
planning, That the development and operation management, etc. are
being carried out according to the process, the internalExplain how
the department validates the verification Frumpy
Internal rules
Implementation plan, operational
rules
System Risk
Managementof Ⅱ-
2-3-1-2)
3System risk
Assessment
44. 38/83 System Risk
Management
2The implementation status of the verification in accordance with the
above method, using evidence Please explain the
Internal rules
-Operational rules
-Report of the results
45. 39/83 System Risk
Management
Num
ber
質 問 内 容 Example of the material to be
attached
回 答 Attached
material
Administrative
guideline Items
11 Education and training of information security and cyber security
1To improve security awareness, all employees(Outsourcing Partners
Also Including.)In regards to the security education and training
Explain what you plan to do.
Basic Security Policy
-Security education and training
plan
System Risk Management
of Ⅱ-2-3-1-2)
4Information Security
Management
2The State of the implementation of education and training in
accordance with the above plan, using evidence Please explain in
detail.
-Security education and training
plan
-Report of the results of education
and training
12 Human resource development for information security and cyber
security
1Information security and cyber security needs. Policies, plans and
external procurement policy, Please explain specifically whether you
are developing a plan.
Structure Chart
Personnel plan
Development policy and plan
Procurement policy, plan form
System Risk
Managementof Ⅱ-
2-3-1-2)
4Information Security
Management5Cyber
security Management
2The status of training and procurement in accordance with the above
policies and plans Please explain in detail.
Development policy and plan
Procurement policy, plan form
Personnel Skill Transition Table
Board of Directors meeting and
meeting minutes
13 Human resource development for system planning, development
and Operation Management
1System planning, development, and Operation Management, familiar
with the current system mechanism What kind of training should be
made to secure human resources with expertise Plans or external
procurement policies, plans, or specifically Please explain.
Structure Chart
Personnel plan
Development policy and plan
Procurement policy, plan form
System Risk
Managementof Ⅱ-
2-3-1-2)
6System planning,
development
andOperation
Management2The status of training and procurement in accordance with the above
policies and plans Please explain in detail.
Development policy and plan
Procurement policy, plan form
Personnel Skill Transition Table
Board of Directors meeting and
meeting minutes
Information security management, cyber security management
14 Management, the importance of information security and cyber
security management Fully aware of the policy(Basic Security
Management Policy 等)and explain specifically.
Management policy and Business
plan
Board of Directors meeting and
meeting minutes
Basic Policy on security
management
Security Policy
Internal rules pertaining to security
management
System Risk
Management
(Ⅱ-2-3-1-2)
4Information Security
Management5Cyber
security Management
15 Based on the above policy, information security and cyber security
The role and responsibility of the management team in the Please
describe your work experience.
-Security Management System
chart(CTO・Cros・CISOThe role and
responsibility of the management
teamSpecified range)
Work history of each management
team
System Risk
Management
(Ⅱ-2-3-1-2)
4Information Security
Management5Cyber
security Management
46. 40/83 System Risk
Management
Num
ber
質 問 内 容 Example of the material to be
attached
回 答 Attached
material
Administrative
guideline Items
16 In light of the above roles and responsibilities, the management
team
Making decisions pertaining to security and cyber security
management Or use evidence to explain the specifics.
Management policy and Business
plan
Board of Directors meeting and
meeting minutes
-Meetings of the conference body
pertaining to security
managementMaterial and minutes
System Risk
Management
(Ⅱ-2-3-1-2)
4Information Security
Management5Cyber
security Management
17 In order to properly manage information security and cyber security,
Regulations, such as the system or the scope of Please explain the
Internal rules pertaining to security
management
General structure and system of
internal rulesMaterial that
understands
System Risk
Management
(Ⅱ-2-3-1-2)
4Information Security
Management5Cyber
security Management
18 In order to properly manage information security and cyber security,
system, including roles, responsibilities, and personnel skills. Please
explain in detail.
-Security Management System
chart(The role and scope of
responsibility of the supervisor and
each person in chargeIn the)
-Personnel related to security
managementInformation on history
and qualifications
-Personnel planning for security
management
System Risk
Management
(Ⅱ-2-3-1-2)
4Information Security
Management5Cyber
security Management
19 Information security and cyber security management process
1To manage information security and cyber security properly
, what process(A series of procedures for planning, execution,
evaluation and improvement Flow)and explain specifically.
Internal rules pertaining to security
management
Implementation plan, operational
rules
System Risk
Management
(Ⅱ-2-3-1-2)
4Information Security
Management5Cyber
security Management
2Information security and cyber security in accordance with the
above process Please explain the management situation
concretely with evidence.
Board of Directors meeting and
meeting minutes
-Meetings of the conference body
pertaining to security
managementMaterial and minutes
20 Management of information assets
1In order to comprehensively flush the information assets held in
and explain the specific methods, procedures and systems.
-Internal rules, information asset
management procedures
Information Asset Management
Ledger
Information Asset Management Plan
System Risk
Management
(Ⅱ-2-3-1-2)
4Information Security
Management
2Determine what processes to identify information assets to be
protected and evaluation methods for specific purposes, including
Please explain.
-Internal rules, information asset
management procedures
-Evaluation standards for information
assets,Price procedure
3The information asset management situation in accordance with the
above process, using evidence Please explain in detail.
Information Asset Management Plan
Information Asset Management
Ledger
47. 40/83 System Risk
Management
Num
ber
質 問 内 容 Example of the material to be
attached
回 答 Attached
material
Administrative
guideline Items
21 Responding to threats and vulnerabilities
1To flush the threat and vulnerability pertaining to information assets
to be protected Specific processes, procedures, systems, etc. Please
explain.
-Internal rules pertaining to security
management,
Procedure document, etc.
System Risk
Management
(Ⅱ-2-3-1-2)
4Information Security
Management
2To identify the threats and vulnerabilities that need to be
addressed,The evaluation method and the evaluation criteria to identify
Please explain the body.
Internal rules pertaining to security
management
• Evaluation standards for threats and
vulnerabilities,Price procedure
3In order to consider and implement countermeasures against threats
and vulnerabilities, Process, and explain the specific methods,
procedures and systems. Diced
-Internal rules pertaining to security
management,Procedure document,
etc.
4In response to threats and vulnerabilities in accordance with the
above process, evidence Please explain specifically with
-Comprehensive overview of
security risks(For example, the
networkProduction/operation
flow/processing
flow/BusinessRisk/measures map,
etc.)
Security Risk Management Table
List of security measures
22 General cyber security threats and vulnerability information(Your
company's not limited to information related to information assets)In
order to collect, analyze, and respond to Specific processes,
procedures, systems, etc. Please explain.
-Internal rules pertaining to security
management,Procedure document,
etc.
System Risk
Management
(Ⅱ-2-3-1-2)
5Cyber
securityManagement
23 In the system design and development phase, which Security
requirements such as(Access control, authentication, encryption,
etc.)and explain specifically.
System development policies, plans,
standards書
Definition of security requirements
System Risk
Management
(Ⅱ-2-3-1-2)
4Information Security
Management5Cyber
security Management
24 In the system design and development phase, the development of a
What measures are being taken to avoid making Please explain.
System development policies, plans,
standards書
Secure Coding Agreement
Equipment Selection Standards
-Coding Check Procedure
System Risk
Management
(Ⅱ-2-3-1-2)
4Information Security
Management5Cyber
security Management
25 By the White Label Service, the system that other companies develop
and provide When using the service, the risk arising from the use of
What kind of security measures are being taken and the risks Please
explain the specifics of the policy, including the integrity of the
measures.
Data centers and service
operatorsPrior consultation
Materials
Information Security and
CyberseculiA comprehensive
overview of the risk(For example,
network configuration
diagram/operation flow/processing
flow/business flow and threat
risk/countermeasures map, etc.)
System Risk
Management
(Ⅱ-2-3-1-2)
4Information Security
Management5Cyber
security Management
49. 42/83 System Risk
Management
Num
ber
質 問 内 容 Example of the material to be
attached
回 答 Attached
material
Administrative
guideline Items
26 Use of external services such as cloud services.
And what security measures are being considered to Be specific,
including the integrity of risks and countermeasures. Not
Information Security and Cyberseculi
The risk of a comprehensive料(For
example, network configuration
diagram/operation flow/processing
flow/Business flowand
threat/risk/measures map, etc.)
External service Selection
Standards
Security Risk Management Table
List of security measures
System Risk
Management
(Ⅱ-2-3-1-2)
4Information Security
Management5Cyber
security Management
27 ApiOf the public, provision, and connection of the What security
measures have been taken after considering the risk of rationale
Explain the specifics, including the integrity of the risks and
countermeasures.
Information Security and
CyberseculiA comprehensive
overview of the risk(For example,
network configuration
diagram/operation flow/processing
flow/business flow and threat
risk/countermeasures map, etc.)
Security Risk Management Table
List of security measures
・ApiTo understand the purpose of
use and outline of料
System Risk
Management
(Ⅱ-2-3-1-2)
4Information Security
Management5Cyber
security Management
System planning, development and Operation Management
28 In the management strategy and management plan, the management
team (ITStrategy)and explain specifically.
Management strategy and Business
plan
System strategy/ItThe strategy料
・ItInvestment Plan
System Risk
Management
(Ⅱ-2-3-1-2)
6System planning,
development
andOperation
Management
29 Above system strategy(ITStrategy)System planning, development and
In order to determine the specific internal rules of Please explain.
Engaged in system planning,
development and Operation
ManagementInternal rules
System Risk
Management
(Ⅱ-2-3-1-2)
6System planning,
development
andOperation
Management
30 Planning for system planning, development and Operation
Management(System planning, etc.) have been created based on the
above-mentioned internal rules, Please clarify the corresponding
part with the law and explain it concretely.
-Planning of the system
Engaged in system planning,
development and Operation
ManagementInternal rules
System Risk
Management
(Ⅱ-2-3-1-2)
6System planning,
development
andOperation
Management
31 In order to make the above plan effective, we and explain
specifically whether you have set up a workforce plan.
-Planning of the system System Risk
Management
(Ⅱ-2-3-1-2)
6System planning,
development
andOperation
Management
50. 43/83 System Risk
Management
Num
ber
質 問 内 容 Example of the material to be
attached
回 答 Attached
material
Administrative
guideline Items
32 About the system development management process
1What is the development management process to ensure the quality
of the system (Method)or define the development criteria,
please explain specifically.
Internal rules pertaining to system
development management
等
Development standards and
development management
procedures
-Coding Agreement
-Performance management(Capacity
Planning) A plan
Test Plan
System Risk
Management
(Ⅱ-2-3-1-2)
6System planning,
development
andOperation
Management
2The implementation of development management in accordance with
the above process is based on evidence Please explain in detail.
Minutes record(Review meeting,
release decisionMeetings, etc.)
Progress Management Table
Material for performance evaluation
and quality evaluation
Test Results Report
33 To ensure stable and safe operation of the system, we will
Process(Method)or operational rules(Mechanism)The specific Please
explain.
Internal rules pertaining to system
operation management等
-Operation Design Document
Operation Management Procedure
Manual
Configuration Management Plan
-Trouble management procedures
System Risk
Management
(Ⅱ-2-3-1-2)
6System planning,
development
andOperation
Management
System audits
34 Management of internal audits and external audits in system risk
management. The audit policy or the audit plan after the importance
is fully recognized. Please explain the specifics of the
Audit Policy and audit plan System Risk
Management
(Ⅱ-2-3-1-2)
7System audits
35 Internal audits and external audits in system risk management. Explain
specifically whether the system is being developed.
Audit Policy and audit plan
Structure Chart
System Risk
Management
(Ⅱ-2-3-1-2)
7System audits
Outsourced Management
36 When considering whether or not to outsource the business pertaining
to the system, the Custody the risks incurred by the company, and
the possibility of outsourcing How does the decision-making process
determine the custody object? Please explain specifically.
(注)
In this questionnaire, outsourcing is a system development, system
operation, information All or part of business operations(including
subsidiaries.)に To be commissioned. Use of white label and cloud
service Also included in outsourcing.
-Policy concerning outsourcing
-study materials pertaining to
outsourcing(In accordance with the
policy of theEntrust, review and
correspondenceWhat was)
System Risk
Management
(Ⅱ-2-3-1-2)
8Outsourced
Management