What are general principles to ensure network information safety and network security in Vietnam?

What are general principles to ensure network information safety and network security in Vietnam?

Pursuant to Article 3 of the Regulation on ensuring network information safety and network security promulgated together with the Decision 1760/QD-BKHCN in 2022 stipulating general principles to ensure network information safety and network security in Vietnam as follows:

1. Ensure network information safety and network security is carried out throughout, the entire process of procurement, upgrading, operation, maintenance and discontinuing use of infrastructure, information systems and software, data.

2. Be responsibile for ensuring network information safety and network security as well as the responsibilities of heads of agencies, units and individuals directly involved.

3. In case there is an update or replacement of a document or regulation or another provision in a legal document or a decision of a higher competent authority, the provisions of such document shall apply.

4. Information on the list of state secrets is protected in accordance with the law on protection of state secrets.

5. Handle information security incidents must be consistent with the responsibilities, powers and ensure the legitimate interests of relevant agencies, units and individuals and according to the provisions of law.

What are prohibited acts in ensuring network information safety and network security in Vietnam?

Pursuant to Article 4 of the Regulation on ensuring network information safety and network security promulgated together with the Decision 1760/QD-BKHCN in 2022 stipulating prohibited acts in ensuring network information safety and network security in Vietnam as follows:

1. Prohibited acts specified in Article 7 of the Law on Cyberinformation Security and Article 8 of the Law on Cybersecurity.

2. Arbitrarily connecting network devices, network address allocation devices, broadcasting devices such as personal wireless network access points to the internal network without the guidance or consent of the management unit information system; on the same device, simultaneously accessing the local network and accessing the Internet using a personal Internet-connected device (dial-up modem, USB 3G/4G, mobile phone, tablet, laptop computer) hand).

3. Arbitrarily changing or removing information security measures installed on information technology equipment for work; arbitrarily replace, install new, swap components of the computer for work.

4. Deliberately creating, installing and spreading malicious code that affects the normal operation of the information system.

5. Obstructing service provision of information systems; prevent access to information of other agencies and individuals in the network environment, unless otherwise permitted by law.

6. Jailbreak, theft, use of passwords, cryptographic keys and information of other agencies and individuals in the network environment.

7. Other acts that cause insecurity and confidentiality of information of other agencies or individuals may be exchanged, transmitted or stored in the network environment.

What are regulations on management of information technology equipment to ensure network information security in Vietnam?

Pursuant to Article 5 of the Regulation on ensuring network information safety and network security promulgated together with the Decision 1760/QD-BKHCN in 2022 stipulating management of information technology equipment to ensure network information security in Vietnam as follows:

1. Individuals or collectives are responsible for ensuring network information security in the management and use of assigned information technology equipment.

2. Information technology equipment that stores sensitive data when changing the purpose of use or liquidation, the unit must take measures to delete or destroy such data to ensure that there is no possibility of recovery. In case the data cannot be destroyed, the unit must destroy the data storage component on that information technology equipment.

3. Information technology equipment with a data storage part or data storage device, when it is brought out for warranty, maintenance, repair or stopped using, must remove the storage part from the device or delete information and data stored on the device (except for data recovery).

4. The units under the Ministry are responsible for maintenance, maintenance and instructions on how to use, manage and operate their technical infrastructure system; appoint a department in charge of information technology to manage, operate and periodically inspect, repair and maintain equipment (including active and backup equipment).

Best regards!