Cyberinformation security products and services in Vietnam

Cyberinformation security products and services in Vietnam (Internet image)

Regarding this issue, LawNet would like to answer as follows:

1. Cyberinformation security products and services in Vietnam

Pursuant to Article 41 of the Law on Cyberinformation Security 2015, cyberinformation security products and services include:

(1) Cyberinformation security services include:

- Cyberinformation security testing and evaluation services;

- Information confidentiality services without using civil cryptography;

- Civil cryptographic services;

- E-signature certification services;

- Cyberinformation security counseling services;

- Cyberinformation security supervision services;

- Cyberinformation security incident response services;

- Data recovery services;

- Cyber-attack prevention and combat services;

- Other cyberinformation security services.

(2) Cyberinformation security products include:

- Civil cryptographic products;

- Cyberinformation security testing and evaluation products;

- Cyberinformation security supervision products;

- Attack and hacking combat products;

- Other cyberinformation security products.

2. Conditions for grant of licenses for trading in cyberinformation security products and services in Vietnam

Specifically, Article 42 of the Law on Cyberinformation Security 2015 (amended in 2018) stipulates the conditions for grant of licenses for trading in cyberinformation security products and services as follows:

(1) An enterprise shall be granted a license for trading in cyberinformation security products and services, except those mentioned at Points a, b, c and d, Clause 1, and Point a, Clause 2, Article 41 of the Law on Cyberinformation Security 2015, when fully meeting the following conditions:

- Such trading complies with the national strategy, master plan or plan on cyberinformation security development;

- It has equipment and physical foundations suitable to the scale of provision of cyberinformation security products and services;

- It has managerial, administration and technical staff members meeting professional requirements on information security;

- It has a suitable business plan.

(2) An enterprise shall be granted a license for provision of cyberinformation security testing and evaluation services when fully meeting the following conditions:

- The conditions specified in (1);

- It is established and operates lawfully in the Vietnamese territory, except foreign- invested enterprises;

- Its at-law representative and managerial, administration and technical staff members are Vietnamese citizens permanently residing in Vietnam;

- It has a technical plan conformable with relevant standards or technical regulations;

- It has a customer information confidentiality plan in the course of service provision;

- Its managerial, administration and technical staff members possess information security testing and evaluation diplomas or certificates.

(3) An enterprise will be granted an information security service business license without using civil cryptography when it fully meets the following conditions:

The conditions specified in (1);

- It is established and operates lawfully in the Vietnamese territory, except foreign- invested enterprises;

- Its at-law representative and managerial, administration and technical staff members are Vietnamese citizens permanently residing in Vietnam;

- It has a technical plan conformable with relevant standards or technical regulations;

- It has a customer information confidentiality plan in the course of service provision;

- Its managerial, administration and technical staff members possess information confidentiality diplomas or certificates.

3. Dossiers of application for licenses for ứading in cyberinformation security products and services in Vietnam

According to Article 43 of the Law on Cyberinformation Security 2015, the dossiers of application for licenses for ứading in cyberinformation security products and services is as follows:

- An enterprise that applies for a license for trading in cyberinformation security products and services shall submit a dossier of application at the Ministry of Information and Communications.

- A dossier of application for a license for trading in cyberinformation security products and services shall be made in five sets, each comprising:

+ An application for a license for trading in cyberinformation security products and services, specifying types of cyberinformation security products and services to be traded;

+ A copy of the enterprise registration certificate, investment registration certificate or another paper of equivalent validity;

+ A written explanation of the technical equipment system compliant with law;

+ A business plan specifying the provision scope, users and standards and quality of products and services,

+ Copies of information security diplomas or certificates of managerial, administration and technical staff members.

- In addition to the papers and documents mentioned in Clause 2 of Article 43 of the Law on Cyberinformation Security 2015, a dossier of application for a license for provision of information security testing and evaluation services or information confidentiality services without using civil cryptography must comprise:

+ Judicial record cards of the enterprise’s at-law representative and managerial, administration and technical staff members;

+ A technical plan;

+ A customer information confidentiality plan in the course of service provision.

Ho Quoc Tuan

>> CLICK HERE TO READ THIS ARTICLE IN VIETNAMESE