INFORMATION SYSTEM LOGS MUST BE STORED FOR AT LEAST 12 MONTHS
This noticeable content is prescribed by the Government in the Decree No. 53/2022/ND-CP dated August 15, 2022, detailing a number of articles of the Law on Cyber Security.
Accordingly, a dossier of request for including an information system in the List of information systems of national security importance comprises: A written request for including information systems in the List of information systems of national security importance; Document providing the list of all information systems of agencies and organizations and attached supporting documents.
Besides, managers of information systems of national security importance shall, based on regulations on protection of cyber security, state secrets, work secrets, technical regulations and standards on cyber security, and relevant professional technical standards, formulate regulations, processes and plans for protection of cyber security for information systems of national security importance under their management.
Noticeably, system logs serving the investigation and handling of violations against the law on cyber security must be stored for at least 12 months. Prescribed data shall be stored from the time on which the enterprise receives the request for data storage to the time the request ends; the minimum storage duration is 24 months.
This Decree takes effect from October 01, 2022.
