of the Information Technology of a Securities Company. 2. Segregation of Duties. 3. Physical Security. 4. Information and Network Security. 5. Change Management. 6. Backup and IT Contingency Plan. 7

written by such board of directors. In case of any material amendment, change or modification to such policy and plan, intermediaries shall comply with the requirement set out in the first paragraph (1) or

securities company shall identify its critical functions, assess their risks of major operational disruptions, conduct business impact analysis and assess potential damages arising from major operational

Communications with relevant persons (7) Division 7 Cross-border communication (8) Division 8 Companies shall test and assess the BCP (Training, Exercising and Auditing) (9) Division 9 Examples of emergency

against any employee who has committed an IT security breach. Chapter 3 Management of IT Assets and Access Control _______________________ Clause 14 In managing IT assets and assess control of data and

during the period of providing services: (1) compile and assess the information of the service-receiving client for the following purposes: (a) to know the client; (b) to categorize the client; (c) to

following actions during the period of providing services: (1) compile and assess the information of the service-receiving client for the following purposes: (a) to know the client; (b) to categorize the

of cloud computing under Clause 8(1) which contains at least the following matters: (1) assess risks relating to the use of cloud computing services; (2) define areas or function the cloud computing

institution’s clients. However, the securities company must, in case of cross-border omnibus accounts, assess the adequacy and effectiveness of the financial institutions’ KYC/CDD measures and controls prior to

necessary. (2) a procedure for communication and providing services, namely: (a) compiling and assessing information of clients to get to know clients and assess the suitability of their investments or