Exchange Commission No. KorThor. 24/2549 Re: Rules, Conditions and Procedures for Operational Control of Securities Underwriting dated 25 October 2006; (4) Clause 2(1) and Clause 19 of the Notification of
otherwise entitled. Clause 3 Intermediaries shall identify its critical functions, assess their risks of major operational disruptions, conduct business impact analysis and assess potential damages arising
documented information security policy which addresses at least the following matters: (1) policy on the use of cloud computing which covers the methods for selection and evaluation of cloud providers, review
such as information structure document, operational manual, name list account of user, functional program and program specification etc. and keep such document in the safe place and simply use. [M
1 Organizational Structure, Operating System and Operational Control Clause 2 In undertaking the derivatives business, a derivatives dealer shall set up organizational structure, operating systems and
Practice Guidelines No. NorPor. 4/2559 Re: Practical Guidelines for Business Continuity Management _______________________________ Reference is made to the notification of the Capital Market Supervisory
reporting of suspicious transactions. The policy mentioned in the first paragraph must be approved by the securities company’s Board of Directors, except for the company whose shareholding and functional
evaluation by the SEC Office regarding the management of the operational risk and the customer relationship risk not higher than the medium level or in an acceptable level, unless granted an exemption from the
objective in undertaking fund management business for short and long term. Objective should be set for the short-term plan and criteria/factor for evaluation of the accomplishment of the plan should be
which covers the methods for selection and evaluation of cloud providers, review of the qualifications of the cloud providers, the terms of services, and inspection of records and evidence; (2) policy on