Vietnam: Requirements for grant of Business Licenses to provide cyber information security services and software

Decree No. 108/2016/NĐ-CP of Vietnam’s Government details regulations for provision of cyber information security services and products. This is an important and necessary regulation that business enterprises need to pay attention to.

According to the Law on Cyberinformation Security 2015 of Vietnam, an enterprise shall be granted a license for trading in cyberinformation security products and services when fully meeting the following conditions:

1. Such trading complies with the national strategy, master plan or plan on cyberinformation security development;

2. It has equipment and physical foundations suitable to the scale of provision of cyberinformation security products and services;

3. It has managerial, administration and technical staff members meeting professional requirements on information security;

4. It has a suitable business plan.

From the above-mentioned conditions, Decree No. 108/2016/NĐ-CP of Vietnam’s Government has clearly specified a number of conditions for enterprises importing cyber information security products as follows:

- Have a management team satisfying professional requirements for information security and technicians in-charge obtaining the bachelor degree in or certificate of information security or information technology or electronics and telecommunications at the appropriate quantity according to the business scale and business methods;

- Have appropriate business methods available that cover the purposes of importation, scope and clients; conformity with relevant technical standards and regulations by each product and basic specifications.

Also according to Decree No. 108/2016/NĐ-CP, enterprises that produce network information security products need to meet the following conditions:

- Have facilities, equipment and production technology that are appropriate for the business method available;

- Have a management team satisfying professional requirements for information security and technicians obtaining bachelor degrees in or certificates of information security of information technology or electronics and telecommunications at the appropriate quantity according to the business scale and business methods;

- Have appropriate business methods available that cover the purposes of importation, scope and clients; expected products, conformity with relevant technical standards and regulations by each products and basic specifications.

Particularly for providing network information security services, enterprises shall:

- Have facilities, and equipment that are appropriate for the business scale and business methods available;

- Have a management team satisfying professional requirements for information security and technicians obtaining bachelor degrees in or certificates of information security of information technology or electronics and telecommunications at the appropriate quantity according to the business scale and business methods;

- Have appropriate business methods available that cover the purposes of importation, scope and clients; expected products, approaches to customers’ information protection and service quality assurance.

>> CLICK HERE TO READ THIS ARTICLE IN VIETNAMESE