Order to improve IT business operators in the capital market Build investor confidence
Date 08 May 2022 at 20:22
The SEC is preparing to improve the standards of IT operators in the capital market to be secure. Build investor confidence
The Securities and Exchange Commission (SEC) is accepting opinions on amendments to the IT Criteria Draft Notification Criteria to increase the standards for the security of information technology systems of business operators in the capital. secure markets and build confidence for investors
The SEC has an idea to revise the draft announcement on the provision of information technology systems to be in line with the changing use of information technology in business operations. and cyber threats In December 2021, public hearings were held for stakeholder views and recommendations were made to improve the criteria for becoming more appropriate. The main principles of this announcement are as follows:
(1) Determine criteria for risk classification related to information technology systems. and align standards for the control and supervision of information technology of business operators with the level of risk and diversify the nature of the business such as the structure, size and complexity of the technology used
(2) Focus on the role, duties and involvement of the board of directors of business operators. and a structure for overseeing the use of technology in safe business operations and having security checks by independent and qualified auditors
(3) improve the content of rules and guidelines to be in accordance with international standards and regulatory guidelines for regulators in the financial industry
(4) provide additional requirements for quality management and information technology system services, such as information technology project management; and resource management systems (Capacity Management)
(5) Improving the security measures of information technology must be strong. to prevent the occurrence of cyber threats and comply with cyber legal guidelines such as technical vulnerability assessments. (Vulnerability Assessment) and Penetration Testing, etc.
(6) Improve the requirements for third party management by expanding the scope to cover information technology service providers. The person connected to the business operator information system and the person who can access or exchange important business operator information or customer information under the responsibility of the business operator.
The SEC has released a public hearing document on the determination of these regulatory guidelines on the SEC website https://www.sec.or.th/TH/Pages/PB_Detail.aspx?SECID=795. Those involved and interested can express their views on the website or via email: email@example.com, firstname.lastname@example.org or email@example.com until June 6, 2022.