the Office of the Securities and Exchange Commission No. OrThor. 7/2549 Re: Guidelines and Conditions for Securities Company Relating to the Using of Back Office Service from Service Provider Whereas

of the subcontracted cloud provider on information security aspect which are comparable to those of the cloud provider or meet the international standards; (c) monitoring, evaluation, and review of the

Office of the Securities and Exchange Commission No. SorThor. 20/2549 Re: Rules for Derivatives Broker on Using of Derivatives Investor Contact Service and Back Office Service from Service Provider By

and completely. Clause 10. In the case where the securities company uses an information technology of the outsider provider, the securities company shall determine a measure for selection and

system provider specifically to only those who have granted approval under the notification concerning support system provider ; (5) service provider managing payment information for securities trading

guideline for risk assessment according to the degree of importance of the outsourced function; (6) information security system of a service provider for protecting the information of the intermediary and the

technology, and the service provider that supports the operation of the organization’s information systems, and update contacts of each channel. Additional Guidelines 1. The intermediary should assign a senior

for rendering the securities company get service of information technology from other provider efficiently, acceptable and able to control a risk and having a content cover guideline for selection and

of operation of the securities company. “Service provider” means a provider of services as an investor contact on behalf of securities companies or a provider of back office services to securities

details for implementation by the personnel or person assigned to operate the business; (2) Information, including the roles and responsibilities, of the personnel in charge of operations in the event of