Sign In
SEC News
SEC public hearing on draft amendments to the Rules on Establishment of Information Technology System



Thursday 12 September 2024 | No. 187 / 2024


Bangkok, 12 September 2024 – The Securities and Exchange Commission (SEC) is seeking  public comments on draft amendments to the Rules on Establishment of Information Technology System (or IT Regulations and Guidelines) to be in line with the risk profiles of different groups of business operators. The draft amendments aim to accommodate evolving developments of technology, cyber threats and international standards, without causing unnecessary burdens for business operators.

With reference to a public hearing on the proposed revision to the IT Standard conducted between 14 June and 15 July 2024, the SEC received a wide range of valuable responses from stakeholders. The respondents’ feedback and recommendations were carefully considered for the drafting of relevant amendments.

The SEC is conducting this public hearing on the proposed amendments to the IT Regulations and Guidelines, which cover the following key points: 

(1) To reduce the submission frequency of IT audit reports suitable for the risk level of small business operators and low-risk business operators to every three years or upon occurrence of a widespread adverse incident;  

(2) To adjust the submission schedule for the Risk Level Assessment (RLA) report and IT audit report to be within the same period (during the first quarter of each calendar year);  

  (3) To adjust security measures to be in line with the risks of small business operators, such as reducing the penetration testing frequency to once every three years, covering additional access control measures to include both user accounts (or non-administrator accounts) and privileged accounts, and maintaining incident records with root cause analysis for at least two years; 

(4) To adjust the applicable scope of investment advisory business operators to ensure their implementation of sufficient controls over the management of IT-related risks arising from the use of technology; and

  (5) To Improve other details of the rules to better communicate the intent and enable effective risk control implementation.

The public hearing documents are available on the SEC website at: https://www.sec.or.th/TH/Pages/PB_Detail.aspx?SECID=1014  and the central legal hub at: www.law.go.th. Stakeholders and the interested public are welcome to submit comments and/or suggestions via the aforesaid websites or email: cyberteam@sec.or.th. The public hearing ends on 15 October 2024.  






Related News

SEC joins the 2024 World Investor Week featuring fun financial literacy activities
SEC launches Digital Asset Regulatory Sandbox on 9 August 2024
SEC public hearing on the use of digital assets as a means of payment and a proposed amendment to support BOT Programmable Payment Sandbox
From Challenges to Opportunity: Transforming Thailand’s Capital Market
SEC amends regulations related to requirement of minimum number of auditors in the capital market in an audit firm to enhance the overall strength of audit firms in the capital market

Building Confidence in the Capital Market
NEWS
Securities and Exchange Commission
Corporate Communication and Investor Service Department
Tel. (66)2033-9502-5 E-mail: press@sec.or.th
No. 187 / 2024 Thursday 12 September 2024
SEC public hearing on draft amendments to the Rules on Establishment of Information Technology System

Bangkok, 12 September 2024 – The Securities and Exchange Commission (SEC) is seeking  public comments on draft amendments to the Rules on Establishment of Information Technology System (or IT Regulations and Guidelines) to be in line with the risk profiles of different groups of business operators. The draft amendments aim to accommodate evolving developments of technology, cyber threats and international standards, without causing unnecessary burdens for business operators.

With reference to a public hearing on the proposed revision to the IT Standard conducted between 14 June and 15 July 2024, the SEC received a wide range of valuable responses from stakeholders. The respondents’ feedback and recommendations were carefully considered for the drafting of relevant amendments.

The SEC is conducting this public hearing on the proposed amendments to the IT Regulations and Guidelines, which cover the following key points: 

(1) To reduce the submission frequency of IT audit reports suitable for the risk level of small business operators and low-risk business operators to every three years or upon occurrence of a widespread adverse incident;  

(2) To adjust the submission schedule for the Risk Level Assessment (RLA) report and IT audit report to be within the same period (during the first quarter of each calendar year);  

  (3) To adjust security measures to be in line with the risks of small business operators, such as reducing the penetration testing frequency to once every three years, covering additional access control measures to include both user accounts (or non-administrator accounts) and privileged accounts, and maintaining incident records with root cause analysis for at least two years; 

(4) To adjust the applicable scope of investment advisory business operators to ensure their implementation of sufficient controls over the management of IT-related risks arising from the use of technology; and

  (5) To Improve other details of the rules to better communicate the intent and enable effective risk control implementation.

The public hearing documents are available on the SEC website at: https://www.sec.or.th/TH/Pages/PB_Detail.aspx?SECID=1014  and the central legal hub at: www.law.go.th. Stakeholders and the interested public are welcome to submit comments and/or suggestions via the aforesaid websites or email: cyberteam@sec.or.th. The public hearing ends on 15 October 2024.