• Font Size:
  • S
  • M
  • L
友善列印
WORD

Article NO. Content

Title:

Establishing Information Security Inspection Mechanisms for Securities Firms  CH

Amended Date: 2024.02.05 (Articles 1, 2 amended,English version coming soon)
Current English version amended on 2022.12.28 
Categories: Market Supervision > Regulation of Securities Firms
1     Risk Assessment and Management (CC-11000, applicable to securities firms placing orders via the Internet, but not applicable to those doing so via telephone or in the traditional manner; annual audit)
  1. All of the company's information assets within the scope of applicable information security risk and all owners of such assets shall be identified.
  2. The acceptable level of information security risk for each of the company's operations shall be determined.
  3. The company shall prepare written reports on information security risk evaluations. An evaluation shall be carried out at least once per year and all relevant records retained.
  4. The core system should be examined to determine a tolerable time period for interruption.