Communications with relevant persons (7) Division 7 Cross-border communication (8) Division 8 Companies shall test and assess the BCP (Training, Exercising and Auditing) (9) Division 9 Examples of emergency

, how does the firm inform its personnel or what kind of process that the firm use to ensure that its staff evaluate clients risk? 5 Regarding integrity checks does the firm’s conduct, for example

); (5) review procedures and processes in the management of information security incidents, after the testing under (4) is carried out, at least once a year; (6) evaluate the results of the testing under

· Forms 2 Does the firm have policies and procedures for the retention of firm’s documentation for a period of time sufficient to permit those performing monitoring and review procedures to evaluate the

inspection to evaluate its compliance with its policies and procedures? – Monitoring Process If yes, please specify 1) Who perform such function e.g. in-house, outsource, network firm? 2) How often the firm

internal control is rectified as follows: (1) monitor, inspect and evaluate the effectiveness of the operating procedures of the work unit responsible for the following functions by an independent auditor

otherwise entitled. Clause 3 Intermediaries shall identify its critical functions, assess their risks of major operational disruptions, conduct business impact analysis and assess potential damages arising

during the period of providing services: (1) compile and assess the information of the service-receiving client for the following purposes: (a) to know the client; (b) to categorize the client; (c) to

following actions during the period of providing services: (1) compile and assess the information of the service-receiving client for the following purposes: (a) to know the client; (b) to categorize the

securities company shall identify its critical functions, assess their risks of major operational disruptions, conduct business impact analysis and assess potential damages arising from major operational