EACH ACCOUNT GETTING ACCESS TO THE BANKING INFORMATION SYSTEM MUST BE GIVEN TO A SINGLE USER
On October 21, 2020, the State Bank of Vietnam issues the Circular No. 09/2020/TT-NHNN promulgating the security of information system in banking operations.
In accordance with this Circular, institutions shall provide regulations on access management applied to users, groups of user, equipment and instruments used for accessing to information systems satisfying professional requirements and information security requirements, ensuring basic contents such as: Each account getting access to the system must be given to a single user; in case one account is shared by different persons for access purpose, such common use must be approved by competent authorities and responsibilities of each person at each using time must be defined, etc.
Remarkably, the account of automatic connection application and service must be transferred under one user’s management and limit the assess rights in accordance with using purpose; that user is not allowed to use this account for other purpose, etc.
Besides, the State Bank defines that a third party providing the cloud computing service must be an enterprise. Concurrently, such third party shall commit itself not to replicating, altering, using or providing data of the institution using the service for another individual or institution. Notification of any violations against information security regulations applied to the service in use committed by staff members of the third party shall be sent to institution using such service.
This Circular takes effect on January 01, 2021.
