Procedures for citizens to exploit information through the public service portal in Vietnam

Procedures for citizens to exploit information through the public service portal in Vietnam (Internet image)

1. Procedures for citizens to exploit information through the public service portal in Vietnam

According to Article 12 of Circular 46/2022/TT-BCA, citizens can search and exploit information through the public service portal in Vietnam as follows:

- Citizens access the government service portal.

- Citizens can choose between a lookup service and a service that exploits personal information.

- The Ministry of Public Security returns the citizens' search results based on the information displayed on the public service portal or returns the results of information extraction using the Notice made in accordance with Form No. 01 issued in conjunction with Circular 46/2022/TT-BCA

2. Conditions for connection to the national population database of agencies and organizations in Vietnam

Conditions for connection to the National Population Database include:

(1) Information systems of agencies or organizations connected to the National Population Database must satisfy requirements for ensuring information system safety at level 3 or higher, in accordance with the law on assurance of information system security by level.

(2) Before or after making the connection with the National Population Database, if the information system of the agency or organization has an adjustment or change in the system design, it must be inspected and evaluated for security and safety.

The inspection and assessment are carried out using professional equipment and software from the People's Public Security Force, and the contents of the inspection and evaluation include:

+ Setting up security configurations on system devices, servers, applications, and databases;

+ Detecting malicious code, vulnerabilities, and weaknesses, and testing system penetration for system devices, servers, and applications;

+ Application source code information security;

+ Safety and security of hardware

+ The promulgation of regulations and policies on account management, in and out of the server area, password management of administrative accounts, and access management; written agreements on the rights, obligations, and responsibilities of the subjects involved in the management, operation, and provision of services for the information system.

(3) For information systems managed by the Ministry of National Defense, the agency managing the national population database of the Ministry of Public Security is responsible for coordinating and guiding specialized units of the Ministry of National Defense to assess and inspect information security and safety in accordance with regulations. at (2).

(4) The Department of Cybersecurity and High-Tech Crime Prevention shall assume the prime responsibility for, and coordinate with, the Department of Professional Technology, the agency that manages the National Population Database of the Ministry of Public Security, and the relevant entity shall:

+ Inspect and evaluate information security and safety of information systems that require connection to the National Population Database before connecting, there is a written confirmation of assurance of information security and safety.

If information systems that require connection to the National Population Database are linked to an electronic identification and authentication platform, they are exempt from the requirement in (2) to check and assess information security and safety.

- Unscheduled inspection and assessment of the information security and safety assurance of the information system connected to the National Population Database according to the content specified in (2);

- Inspect and evaluate the information system connected to the National Population Database on a regular basis (once a year) to ensure information security and safety, in accordance with the content specified in (2).

Except for the information system managed by the Ministry of National Defense; the information system has shared online data on network security and information safety monitoring with the Ministry of Public Security, or the information system has been inspected, evaluated, and certified by a competent agency for security and safety assurance within 01 year in accordance with the law on assurance of information system safety at different levels. 

(Article 6 of Circular 46/2022/TT-BCA)

Diem My

>> CLICK HERE TO READ THIS ARTICLE IN VIETNAMESE