1. New text summary report
  2. Policy analysis
  3. Legal Counselling
  4. Case law
  5. Forms and Templates
  6. New text catalog
Legal Counselling IN HANOI, VIETNAM

Vietnam: Requirements for use of third parties’ services

Recently, the State Bank of Vietnam has issued the Circular No. 09/2020/TT-NHNN prescribing information system security in banking operations.

TCTD khi sử dụng dịch vụ của bên thứ ba, Thông tư 09/2020/TT-NHNN

According to Article 33 of the Circular No. 09/2020/TT-NHNN of the State Bank of Vietnam, before using a third party’s services for information systems of level 3 or higher and information systems that process clients’ personal information, each institution shall:

1. Carry out an assessment of information technology risks and operating risks, including the following contents:

- Identify risks, analyze and estimate the extent of damage and threats to information security;

- Define the capacity to control operational procedures, provide continuous services for clients and provide information to regulatory authorities;

- Clearly define roles and responsibilities for assurance of service quality of relevant parties;

- Work out risk minimization methods and trouble preventing and solving methods;

- Review and amend risk management policies (if any).

2. If an institution uses cloud computing services, apart from the provisions in Clause 1 of this Article, it shall:

- Classify activities and professional operations expected to be performed on cloud computing based on assessment of impacts of the aforesaid activities and professional tasks on operations of the institution;

- Develop backup plans for components of information systems of level 3 or higher. Backup plans must be tested and assessed to determine whether they are available to replace activities and professional tasks performed on the cloud computing;

- Establish criteria for selection of third parties meeting the requirements in Article 34 hereof;

- Review, amend and apply information security methods of the institution, and limit access through cloud computing to the institution’s information systems.

3. In case a third party is hired to perform all administration tasks for an information system of level 3 or higher or an information system that processes clients’ personal information, the institution shall carry out risk assessment according to the provisions in Clause 1 of this Article, and send assessment reports to SBV (via the Information Technology Authority).

View more details at the Circular No. 09/2020/TT-NHNN of the State Bank of Vietnam, effective from January 01, 2021.

Thuy Tram

>> CLICK HERE TO READ THIS ARTICLE IN VIETNAMESE

87 lượt xem

  • - The legal regulations in this article are according to Vietnamese Law;
  • - This English translation is for reference purposes only and not a definitive translation of the original Vietnamese texts;
  • - Articles may be compiled from a variety of sources;
  • - Applicable Terms may have expired at the time you are reading;
  • - If you have any questions about the copyright of the article, please contact us via email banquyen@lawnet.vn


Related Content
SEARCH ARTICLE
Related Article
JUST UPDATED
New text summary report - Real estate - Policy analysis - Legal Counselling - Case law - Forms and Templates - New text catalog - New Text Notification - Highlights of the week - Finance - New policy in effect - Labor - Salary - Officials and civil servants - Land - Housing - Tax-free-fee - Custom - Enterprise - Investment - Administration - Insurance - Civil - Set of Laws - News about Case Law - Economy - Life - Health - Cultural - Commerce - Military - History - Strange story - Criminal - Traffic - Education - Other
  • Address: 19 Nguyen Gia Thieu, Vo Thi Sau Ward, District 3, Ho Chi Minh City
    Phone: (028) 7302 2286
    E-mail: info@lawnet.vn
Parent company: THU VIEN PHAP LUAT Ltd.
Editorial Director: Mr. Bui Tuong Vu - Tel. 028 3935 2079
P.702A , Centre Point, 106 Nguyen Van Troi, Ward 8, Phu Nhuan District, HCM City;