No products in the basket.
SEC conducts public hearing on changes to the Information Technology System Establishment Rules
The Securities and Exchange Commission (SEC) is currently inviting public comments on proposed amendments to IT Regulations and Guidelines.
The Securities and Exchange Commission (SEC) is currently inviting public comments on proposed amendments to IT Regulations and Guidelines. These amendments are intended to align with the varying risk profiles of different business operators. The goal is to accommodate technological advancements and cyber threats without imposing excessive burdens on the operators.
Bangkok, 12 September 2024 – The Securities and Exchange Commission (SEC) is seeking public comments on draft amendments to the Rules on Establishment of Information Technology System (or IT Regulations and Guidelines) to be in line with the risk profiles of different groups of business operators. The draft amendments aim to accommodate evolving developments of technology, cyber threats and international standards, without causing unnecessary burdens for business operators.
Key Takeaways
- The Securities and Exchange Commission (SEC) is seeking public comments on draft amendments to the Rules on Establishment of Information Technology System to better align with the risk profiles of different business operators.
- The proposed amendments aim to reduce the submission frequency of IT audit reports for small and low-risk business operators, adjust submission schedules, and improve security measures based on risk levels.
- Stakeholders and the public can participate in the public hearing by submitting comments and suggestions through the SEC website or email before the deadline on 15 October 2024.
With reference to a public hearing on the proposed revision to the IT Standard conducted between 14 June and 15 July 2024, the SEC received a wide range of valuable responses from stakeholders. The respondents’ feedback and recommendations were carefully considered for the drafting of relevant amendments.
The SEC is conducting this public hearing on the proposed amendments to the IT Regulations and Guidelines, which cover the following key points:
(1) To reduce the submission frequency of IT audit reports suitable for the risk level of small business operators and low-risk business operators to every three years or upon occurrence of a widespread adverse incident;
(2) To adjust the submission schedule for the Risk Level Assessment (RLA) report and IT audit report to be within the same period (during the first quarter of each calendar year);
(3) To adjust security measures to be in line with the risks of small business operators, such as reducing the penetration testing frequency to once every three years, covering additional access control measures to include both user accounts (or non-administrator accounts) and privileged accounts, and maintaining incident records with root cause analysis for at least two years;
Discover more from Thailand Business News
Subscribe to get the latest posts sent to your email.
