This is the main content of the Circular No. 09/2020/TT-NHNN prescribing information system security in banking operations issued by the State Bank of Vietnam on October 21, 2020.
According to the Circular No. 09/2020/TT-NHNN of the State Bank of Vietnam, human resources management is guided as follows:
1. Organization of human resources
- Each institution’s lawful representative shall directly provide guidelines and take responsibility for preparation of strategies and plans for assurance of information security and response to information security incidents that occur in that institution.
- An institution that has information systems of level 2 or lower shall assign a specific department to take charge of assuring information security.
- An institution that directly manages an information system of level 3 or higher shall:
Establish or assign a specialized information security department to perform functions and tasks of assuring information security and responding to any information security incidents that occur in the institution;
Separate personnel into the following tasks: (i) Development and administration of information systems; (ii) Development and operation of information systems; (iii) Administration and operation of information systems; (iv) Information security inspection and development, administration and operation of information systems.
2. Recruitment and duty assignment
Each institution shall recruit and assign tasks to its employees in accordance with the following provisions:
- Determine responsibilities of each position to which an employee is recruited or assigned for assurance of information security.
- Strictly consider and evaluate ethical behaviors and professional qualifications with reference to an employee's personal background and criminal record before assigning that employee taking up an important position in the information systems, such as operator of an information system of level 3, or higher, or information systems administrator.
- Request recruited candidates to make a written commitment to information security on a separate basis or give such commitment in employment contracts. This commitment must include terms and conditions regarding responsibilities for assurance of information security during and after the period of time when they work at an institution.
- Organize training and dissemination of the institution’s regulations on information security to newly recruited employees.
3. Management and use of human resources
Each institution shall manage its human resources in accordance with the following provisions:
- Disseminate and provide updated regulations on information security to all staff members at least once a year.
- Inspect the compliance with regulations on information security by its directly-affiliated individuals or departments at least once a year.
- Take disciplinary actions against individuals or departments that commit violations against regulations on information security in accordance with laws and regulations adopted by the institution.
View more details at the Circular No. 09/2020/TT-NHNN of the State Bank of Vietnam, effective from January 01, 2021.
Thuy Tram
Address: | 19 Nguyen Gia Thieu, Vo Thi Sau Ward, District 3, Ho Chi Minh City |
Phone: | (028) 7302 2286 |
E-mail: | info@lawnet.vn |