reference. PAGE 13 Notification of the Office of the Securities and Exchange Commission No. Sor Thor. 37/2559 Re: Rules in Detail on Establishment of Information Technology System By virtue of Clause 5(1) in

of the Information Technology of a Securities Company. 2. Segregation of Duties. 3. Physical Security. 4. Information and Network Security. 5. Change Management. 6. Backup and IT Contingency Plan. 7

business operation and has the duty to convey the goals under the missions, strategies, policies, and operating plan at the enterprise level to the information technology-related goals under the supervision

investment decision accurately; (b) protection of the service user’s confidentiality; (c) handling of the service user’s complaints; (d) sufficient management of information technology risk and cyber risk by

decisions accurately; (b) protection of the service user’s confidentiality; (c) handling of the service user’s complaints; (d) sufficient management of information technology risk and cyber risk by giving an

investors as follows: “Prior to making an investment decision, investors should carefully exercise their own judgment when considering detailed information relating to the issuer and the terms of the

long term, such as damage on building or place of business or branches, a failure of information technology system, inaccessibility or unusability of building or personnel unable to come for work in both

who provide back office service for securities company; “Back office” means operation, accounting and finance, information technology concerning to client information, internal audit, compliance or

, policy and operating plan of the company and units of the company should be clearly prescribed and conform to the fiduciary duties and good corporate governance with an aim to enable the management company

with the Notification of Capital Market Supervisory Board concerning Establishment of Compliance Unit of Intermediaries ; (11) having efficient information technology system; (12) having system for