Recently, the State Bank of Vietnam has issued the Circular No. 09/2020/TT-NHNN prescribing information system security in banking operations.
According to Clause 1 Article 7 of the Circular No. 09/2020/TT-NHNN of the State Bank of Vietnam, information technology assets include:
- Information asset: data or information expressed in digital format, processed and stored through the information system;
- Physical asset: information technology equipment, means of communications, information-bearing objects and devices, all of which provide assistance for operations of information systems;
- Software asset: system software, utility software, middleware, database management system, application programs, source codes and development tools.
Note:
- Each institution shall compile a list of all information technology assets attached to each information system in accordance with the provisions in Clause 9 Article 5 hereof. The list of information technology assets shall be revised and updated at least once a year.
- Based on the classification of information systems, each institution shall adopt appropriate measures to manage and protect each type of information technology assets.
- Based on the classification of information technology assets prescribed in Clause 1 of this Article, each institution shall set out and implement regulations on management and use of such assets in accordance with the provisions in Article 8 through 12 hereof.
Concurrently, management of information assets in banking operations is as follows:
- Each institution shall list information assets of each information system, and stipulate authority and responsibility of persons or departments that are entitled to access, exploit and manage such information assets.
- Information assets must be classified by classifications of information prescribed in Article 4 hereof.
- Any information asset that is categorized as classified information must be encrypted or secured by appropriate methods in order to ensure the confidentiality of information during the process of creating, exchanging and storing such information.
- Data loss prevention measures must be adopted for information assets contained on the information system of level 3 or higher.
View more details at the Circular No. 09/2020/TT-NHNN of the State Bank of Vietnam, effective from January 01, 2021.
Thuy Tram
Address: | 19 Nguyen Gia Thieu, Vo Thi Sau Ward, District 3, Ho Chi Minh City |
Phone: | (028) 7302 2286 |
E-mail: | info@lawnet.vn |