documented information security policy which addresses at least the following matters: (1) policy on the use of cloud computing which covers the methods for selection and evaluation of cloud providers, review
objective in undertaking fund management business for short and long term. Objective should be set for the short-term plan and criteria/factor for evaluation of the accomplishment of the plan should be
in the environmental and social areas, which include respect for human rights and good corporate governance. For example, climate change risk, biohygienic and safety risk, disputes with the community
plan; (2) Evaluation of the test results under (1) and preparation of the test evaluation report by the personnel in charge who is qualified, knowledgeable and independent; (3) Reporting result of the
continuity plan under Clause 6; (2) Evaluation of the test results under (1) and preparation of the test evaluation report by the personnel in charge who is qualified, knowledgeable and independent; (3
and safety of such stored things, and shall be at least in accordance with Clause 14; (13) having additional system for the following specific services: (a) investment analysis for capital market
. ความเสี่ยงจากการจ้างงาน และความปลอดภัยในสถานที่ทำงาน (employment practices and workplace safety) 4. ความเสี่ยงจากลูกค้า ผลิตภัณฑ์ และวิธีการดำเนินธุรกิจ (clients, products and business practices) 5. ความ
regard, such system shall serve accurately and thoroughly, including verification and safety of such stored things, and shall be at least in accordance with Clause 14; (13) having additional system for the
which covers the methods for selection and evaluation of cloud providers, review of the qualifications of the cloud providers, the terms of services, and inspection of records and evidence; (2) policy on
evaluation by the SEC Office regarding the management of the operational risk and the customer relationship risk not higher than the medium level or in an acceptable level, unless granted an exemption from the