on risks and possibility of major operational disruptions due to a possible emergency incident, as well as analyse a business impact and assess damages from major operational disruptions, so that
); (5) review procedures and processes in the management of information security incidents, after the testing under (4) is carried out, at least once a year; (6) evaluate the results of the testing under
) assess security requirement of IT assets based on their results of a risk assessment and criticality; (2) define the secure areas and the siting of the critical IT assets to ensure security and prevent
· Forms 2 Does the firm have policies and procedures for the retention of firm’s documentation for a period of time sufficient to permit those performing monitoring and review procedures to evaluate the
Remedying Identified Deficiencies 1 Does the firm evaluate the effect of deficiencies noted as a result of monitoring process and determine whether they are either 1) Instances that do not necessarily
firm – a. Undertakes only those engagements that the firm can reasonably expect to be completed with professional competence b. Appropriately considers the risks associated with providing professional
incorporated into a single notification. By virtue of Section 14, Section 100, Section 109, Section 117 and Section 124 of the Securities and Exchange Act B.E. 2535 (1992), Section 126(5) of the Securities and
during the period of providing services: (1) compile and assess the information of the service-receiving client for the following purposes: (a) to know the client; (b) to categorize the client; (c) to
following actions during the period of providing services: (1) compile and assess the information of the service-receiving client for the following purposes: (a) to know the client; (b) to categorize the
activities related to services, transactions or any other functions of a securities company, the disruption of which would significantly affect customers, business operation, reputation, position and results