Important contents on management of access of users of banks in Vietnam

This is an important content of the Circular No. 09/2020/TT-NHNN prescribing information system security in banking operations issued by the State Bank of Vietnam on October 21, 2020.

quản lý truy cập người dùng, Thông tư 09/2020/TT-NHNN

According to the Circular No. 09/2020/TT-NHNN of the State Bank of Vietnam, each institution shall set out regulations on management of access of users, group of users, devices and tools used for purposes of access to the information system which must ensure conformity to operational requirements and information security requirements, including the following basic contents:

- Register, grant, renew and revoke access rights of users;

- Each user account shall be given to the only person to access the system; any sharing of a user account requires an approval from the competent authority and determination of the user’s responsibilities at each time of use;

- The user account which is automatically connected to applications/services must be managed to an administrator and granted with limited access rights depending on purpose of use; the administrator shall be not allowed to use this user account for any other purposes;

- The use of administrator’s accounts to obtain access to an information system of level 3 or higher and other information systems that process personal information of clients must be limited and control by means of: (i) Formulate a mechanism for controlling the creation of administrator’s accounts in order to ensure that no administrator’s account shall be used without an approval from the competent authority; (ii) Adopt measures to monitor the use of administrator’s accounts; (iii) Limit the use of administrator’s accounts to an amount of time which is long enough to perform tasks and revoke the access rights upon task completion; (iv) Any system administration connection must be made through the proxy server or centralized management systems and cannot made directly from the administrator's server;

- Manage and grant password to access information systems;

- Review, check and revise users’ access rights;

- Set out information security requirements or conditions in respect of devices and instruments used for access purposes.

View more details at the Circular No. 09/2020/TT-NHNN of the State Bank of Vietnam, effective from January 01, 2021.

Thuy Tram

>> CLICK HERE TO READ THIS ARTICLE IN VIETNAMESE

71 lượt xem



  • Address: 19 Nguyen Gia Thieu, Vo Thi Sau Ward, District 3, Ho Chi Minh City
    Phone: (028) 7302 2286
    E-mail: info@lawnet.vn
Parent company: THU VIEN PHAP LUAT Ltd.
Editorial Director: Mr. Bui Tuong Vu - Tel. 028 3935 2079
P.702A , Centre Point, 106 Nguyen Van Troi, Ward 8, Phu Nhuan District, HCM City;