นโยบายการรักษาความปลอดภัยด้านเทคโนโลยีสารสนเทศ (IT security policy) PAGE - 2 - ประกาศสำนักงานคณะกรรมการกำกับหลักทรัพย์และตลาดหลักทรัพย์ ที่ อธ./น. 5/2547 เรื่อง แนวทางปฏิบัติในการควบคุมการปฏิบัติงาน

นโยบายการรักษาความปลอดภัยด้านเทคโนโลยีสารสนเทศ (IT security policy) เอกสารประกอบการ public hearing ร่างข้อบังคับและแนวทางปฏิบัติด้านเทคโนโลยีสารสนเทศ PAGE - 30 - เอกสารประกอบการ public hearing ร่าง

criteria: (1) establish conditions and controls relating to information security in an agreement signed by both parties; (2) monitor, evaluate, review and audit service delivery of the outsourcee regularly

security as well as supervise, monitor and examine compliance with such policies, measures, and operating systems, and review the suitability thereof regularly; In the interest of meeting the aforesaid

No. OrThor/Nor. 5/2547 Re: Operational Control and Security of the Information Technology of Securities Company For the purpose of rendering the securities companies to efficiently comply with the

company by taking into account the appropriateness and acceptable risk level. The securities company should specify the details on the designation or approval for such action clearly in writing, and monitor

Exchange Commission No. 30/2558 Re: Approval of Foreign Auditors in the Capital Market. 2. I will closely monitor the applicant to perform an audit work in giving opinions on financial statements with

aforementioned. Clause 6. Derivatives broker shall arrange to have an acceptable and reliable compliance unit. Such unit shall independently operate to monitor the operation of derivatives broker. Clause 7

are adopted. The compliance unit shall be independent to monitor the operation of the derivatives broker . Clause 8 The derivatives broker shall put in place an efficient risk system for the management

risk management. 4. There should be an establishment of a compliance unit to supervise and monitor the operation that is independent from the management and other units. 5. Operation conducted with