3 years during a 5-year period prior to application submission, please specify details of the company where the applicant has performed duty as an audit supervisor or a person who reviews audit

of the IT services provided to serve clients or to support critical activities ; (5) require periodic reviews of the cloud provider such as the financial condition or the capacity planning, to ensure

those mentioned above, penetration testing shall be carried out at least once every six years. (b) carry out vulnerability assessments with all critical information systems at least once a year and upon

accordance with the Good Corporate Governance Guidelines for listed companies in 2017 to support assessments such as Corporate Governance Report, ASEAN CG Scorecard and the Shareholders’ Meeting Quality

order of importance; 6.3.3 The Company may disclose action in other matters in accordance with the corporate governance principles in preparation for assessments, for example, Corporate Governance Report