level agreement, recovery time objectives (RTO) and recovery point objectives (RPO); (6) set forth the liability if the cloud provider is unable to provide services in accordance with the service

Section 133 Securities and Exchange Act B.E. 2535 Section 133. The securities company shall manage a private fund with honesty and care to preserve the interests of the person who has authorized the

Section 117 Securities and Exchange Act B.E. 2535 Section 117. In the management of a mutual fund, a securities company may set up and manage a mutual fund only when its application to set up the

its business rehabilitation or operational plan has not been approved by the regulatory agency of such financial institution or the Board of the Financial Restructuring Authority (FRA), or which has

responsible for the damage occurring to the financial institution whose license has been revoked, or business has been controlled or operation has been ceased due to the rehabilitation plan was not approved by

shall establish the information security incident management in accordance with the following criteria: (1) establish procedures and processes to manage information security incidents; (2) define the

shareholders’ meeting resolution of the securities issuer; 3. a creditor of a securities issuer according to the rehabilitation plan approved by the court under the bankruptcy law or the debt restructuring

whole or in part, to manage the business of the securities company only with the approval from the Office. In cases where it later appears that the persons under the first paragraph have the prohibited

Office in accordance with the rules, conditions and procedures specified in the notification of the SEC. The securities company may act as a custodian for the person who has authorized it to manage the

4 Companies should determine a recovery objective to restore normal operations (5) Division 5 Companies shall arrange business continuity planning for supporting business continuity (6) Division 6