) Chapter 2: IT Security with the following details: 2.1 Information Security Policy; 2.2 Organization of Information Security; 2.3 Human Resource Security; 2.4 Asset Management; 2.5 Access Control 2.6

with Chapter 1; (2) establishment of policies, measures, and management arrangement concerning information security in accordance with Chapter 2; (3) management of IT assets and the access control to

governmental regulation. [A] 2.2 Development environment functionality · Segregating the computer for development environment from production environment and controlling the access for concerned person for each

risks to be of significance, which are: accessing to the information and computer system by an unauthorised person, an authorised person is unable to access to the information in the computer system in

comply with the requirements prescribed by the Office. This is to encourage securities companies to organize more in-house training which will support the ongoing personnel’s skill development to be better

ของระบบสารสนเทศด้านบุคลากร (human resource security) 2.4 การบริหารจัดการทรัพย์สินสารสนเทศ (asset management) 2.5 การควบคุมการเข้าถึงข้อมูลและระบบสารสนเทศ (access control) 2.6 การควบคุมการเข้ารหัสข้อมูล

กำหนดนโยบายให้ผู้ให้บริการ cloud computing ใช้วิธีพิสูจน์ตัวตนแบบ multi-factor authentication 1. กับระบบงานที่สำคัญ 2. สำหรับบุคคลที่สามารถเข้าถึงข้อมูลภายใน (access person) และผู้บริหารระบบ

Operating Results 1. Organizational structure and operation of the group of companies 3 2. Risk management 12 3. Business sustainability development 13 4. Management discussion and analysis (MD&A) 17 5

services within the scope of each type of license granted to the intermediary ; (2) To arrange for clients to access the information prepared by the foreign intermediary or the issuer or the offeror of such

type of license granted to the intermediary ; (2) To arrange for clients to access the information prepared by the foreign intermediary or the issuer or the offeror of such product in support of their