Vietnam: How long is the time limit for recording operations of information systems of banks?

According to Article 26 of the Circular No. 09/2020/TT-NHNN of the State Bank of Vietnam, each institution shall supervise and record operations of information systems of level 2 or higher into the logbook in accordance with the following provisions:

1. Enter and preserve the logbook of operations of information systems and users, errors and information security incidents, including the followings:

- Firewall log;

- Login log;

- Configuration change log;

- Log of access to important data and services (if any);

- Log of errors occurring during operations of the system;

- Log of warnings from devices;

- Log of operation performance of devices (as regards an information system of level 3 or higher).

2. Data contained in the logbook of a level 2 information system must be preserved online for at least 1 month and backed up for at least 6 months. Data contained in the logbook of an information system of level 3 or higher must be preserved online for at least 3 months in a concentrated manner and backed up for at least one year.

3. Adopt measures to monitor and warn about changes to classified information contained in storage systems/devices of an information system of level 4 or higher.

4. Protect functions of logbook writing functions and information contained in the logbook, anti-phishing, anti-revision and illegal access. System administrators and users shall not be allowed to delete or revise the logbook containing their own activities on the system.

5. Synchronize the time of different information systems.

View more details at the Circular No. 09/2020/TT-NHNN of the State Bank of Vietnam, effective from January 01, 2021.

Thuy Tram

>> CLICK HERE TO READ THIS ARTICLE IN VIETNAMESE