นโยบายการรักษาความปลอดภัยด้านเทคโนโลยีสารสนเทศ (IT security policy) PAGE - 2 - ประกาศสำนักงานคณะกรรมการกำกับหลักทรัพย์และตลาดหลักทรัพย์ ที่ อธ./น. 5/2547 เรื่อง แนวทางปฏิบัติในการควบคุมการปฏิบัติงาน

นโยบายการรักษาความปลอดภัยด้านเทคโนโลยีสารสนเทศ (IT security policy) เอกสารประกอบการ public hearing ร่างข้อบังคับและแนวทางปฏิบัติด้านเทคโนโลยีสารสนเทศ PAGE - 30 - เอกสารประกอบการ public hearing ร่าง

shall establish the information security incident management in accordance with the following criteria: (1) establish procedures and processes to manage information security incidents; (2) define the

Section 133 Securities and Exchange Act B.E. 2535 Section 133. The securities company shall manage a private fund with honesty and care to preserve the interests of the person who has authorized the

security as well as supervise, monitor and examine compliance with such policies, measures, and operating systems, and review the suitability thereof regularly; In the interest of meeting the aforesaid

Section 117 Securities and Exchange Act B.E. 2535 Section 117. In the management of a mutual fund, a securities company may set up and manage a mutual fund only when its application to set up the

whole or in part, to manage the business of the securities company only with the approval from the Office. In cases where it later appears that the persons under the first paragraph have the prohibited

Office in accordance with the rules, conditions and procedures specified in the notification of the SEC. The securities company may act as a custodian for the person who has authorized it to manage the

is using the online service; 2. the management company has an operating system to verify the identity of the investor; (d) security system for customer information and other important information

: Operational Control and Security for Information Technology of a Licensed Derivatives Broker. By virtue of the second paragraph of Clause 7 of the Notification of the Securities and Exchange Commission No