Circular 09: Regulations on management of access to information systems of banks in Vietnam

According to Article 30 of the Circular No. 09/2020/TT-NHNN of the State Bank of Vietnam, each institution shall formulate and implement regulations on management of access which must meet the following requirements:

1. Take control of utility software possibly affecting information systems.

2. Regulate time of access to applications corresponding with the time of professional operations and services provided by such applications. Automatically switch off a work session during a rest time in order to prevent unauthorized access efforts.

3. Manage and delegate authority to access information and applications according to the principle that such authority is sufficient for users:

- Delegation of authority to access specific folders and functions of a program;

- Delegation of authority to read, record, delete and execute information, data or program.

4. Information systems which use the same resource must be approved by the competent authority.

5. With regard to servers of information systems of level 3 or higher and information systems that process clients’ personal information, secure connections and auto login prevention plans are required.

6. With regard to servers of information systems of level 4 or higher, multi-factor authentication must be employed when accessing servers, applications and important network and network security equipment.

View more details at the Circular No. 09/2020/TT-NHNN of the State Bank of Vietnam, effective from January 01, 2021.

Thuy Tram

>> CLICK HERE TO READ THIS ARTICLE IN VIETNAMESE