THIRD PARTY ACCESS UNDERTAKING

Addendum to Confidentiality of Information

Having been authorized to connect and access bank system, and information via:
 VPN
 One Time PIN mobile application
 Others _______________________

I confirm that I have fully read and understood the Information Security Policy of
CTBC Bank (Philippines) Corporation, among others:

1. the classification of information, to whom these can be forwarded and copied, as well
as proper handling in soft or hard copy format;

2. proper inventory and protection of restricted and confidential information whenever

said connection to the systems or access to information is established;

3. my responsibility to protect and handle with utmost security the access credentials
provided by the Bank;

4. my responsibility to employ PIN, password, or biometrics, whichever is available, to

secure the authentication device from unauthorized access.

5. my responsibility to report to proper Bank authorities in case employee have change

in function, resignation, password found to be compromised and/or device/s is/are
lost, within 24 hours from the time the incident is discovered; and,

6. my full cooperation in the investigation and resolution of the above incident, and
exhaust all possible means to recover the lost device and deter the unauthorized
transfer of the compromised information

I shall abide by the rules to ensure the privilege granted to me in accessing, storing and using
Bank information are aligned with its Information Security Policy to protect such bank asset.

____________________________________ ______________________________
Third Party’s Employee’s Name and Signature Date

___________________________________ ______________________________
Third Party’s Manager’s Name and Signature Company
Information Classification CONFIDENTIAL

No copy of this document or any portion of it can be disseminated without prior notification and approval from the originating party.