This is a notable content of the Circular No. 09/2020/TT-NHNN prescribing information system security in banking operations issued by the State Bank of Vietnam on October 21, 2020.
According to Article 26 of the Circular No. 09/2020/TT-NHNN of the State Bank of Vietnam, each institution shall supervise and record operations of information systems of level 2 or higher into the logbook in accordance with the following provisions:
1. Enter and preserve the logbook of operations of information systems and users, errors and information security incidents, including the followings:
- Firewall log;
- Login log;
- Configuration change log;
- Log of access to important data and services (if any);
- Log of errors occurring during operations of the system;
- Log of warnings from devices;
- Log of operation performance of devices (as regards an information system of level 3 or higher).
2. Data contained in the logbook of a level 2 information system must be preserved online for at least 1 month and backed up for at least 6 months. Data contained in the logbook of an information system of level 3 or higher must be preserved online for at least 3 months in a concentrated manner and backed up for at least one year.
3. Adopt measures to monitor and warn about changes to classified information contained in storage systems/devices of an information system of level 4 or higher.
4. Protect functions of logbook writing functions and information contained in the logbook, anti-phishing, anti-revision and illegal access. System administrators and users shall not be allowed to delete or revise the logbook containing their own activities on the system.
5. Synchronize the time of different information systems.
View more details at the Circular No. 09/2020/TT-NHNN of the State Bank of Vietnam, effective from January 01, 2021.
Thuy Tram
Address: | 19 Nguyen Gia Thieu, Vo Thi Sau Ward, District 3, Ho Chi Minh City |
Phone: | (028) 7302 2286 |
E-mail: | info@lawnet.vn |