35. The TSD has an operational risk management framework in place consisting of
systems, policies, procedures, and controls to identify, monitor, and manage operational risks.
This is made part of the enterprise-wide risk management (ERM) framework of the SET Group with
the RMD of the SET responsible for its implementation. The RMD of SET reports to the TSD board
and to the risk management committee of the SET Board. Its procedures ensure scalable capacity
adequate to handle increasing volumes. Operational reliability targets have been set at
99.95 percent of system availability. ISO 27001 for IT security and ISO 23001 for business continuity
management have been implemented. Policies for physical and information security policies are in
place. A BCP is in place, as well as a secondary site. The BCP is tested on an annual basis with all
relevant stakeholders, including the BoT and TCH. The RTO is two hours. Cybersecurity measures
include carrying out penetration tests. TSD is adopting the best practices outlined in the
CPMI-IOSCO Report "Guidance on cyber resilience for financial market infrastructures."
36. It is recommended to include specific scenarios and carry out periodic tests to ensure
completion of securities settlement taking into account interdependencies between TSD,
BAHTNET, and TCH. TSD should identify direct and indirect effects on its ability to process and
settle transactions in the normal course of business and manage risks that stem from an external
operational failure of connected FMIs. These scenarios should also capture the effects transmitted
through its depositors, which may be participants in BAHTNET and TCH. TSD should also identify,
monitor, and manage the risks it faces from and poses to BAHTNET and TCH.
Access (Principle 18–20)
37. The access criteria of the TSD allow for fair and open access to its services based on
Do'stlaringiz bilan baham: |
