otherwise entitled. Clause 3 Intermediaries shall identify its critical functions, assess their risks of major operational disruptions, conduct business impact analysis and assess potential damages arising

securities company shall establish measures to control and monitor compliance with the policy set out in Clause 3 and allocate sufficient resources to support the implementation of the policy. Clause 5. A

Communications with relevant persons (7) Division 7 Cross-border communication (8) Division 8 Companies shall test and assess the BCP (Training, Exercising and Auditing) (9) Division 9 Examples of emergency

personnel skills, employment of external IT personnel; (4) management of critical risks in the case of being unable to allocate sufficient resources for the operation of the information technology function

services relating to capital market products . Division 1 Compilation and assessment of client information _____________________________ Clause 30 An intermediary shall compile and assess a client ’s

during the period of providing services: (1) compile and assess the information of the service-receiving client for the following purposes: (a) to know the client; (b) to categorize the client; (c) to

following actions during the period of providing services: (1) compile and assess the information of the service-receiving client for the following purposes: (a) to know the client; (b) to categorize the

against any employee who has committed an IT security breach. Chapter 3 Management of IT Assets and Access Control _______________________ Clause 14 In managing IT assets and assess control of data and

give the securities company sufficient time for preparing or taking any action to allocate fund or solve an issue of maintaining the financial position possibly arising from operational risk. Clause 4 A

Information _____________________________ Clause 30 An intermediary shall compile and assess a client ’s information for the following purposes prior to providing services: (1) knowing the client ; (2