THE STATE BANK OF VIETNAM
-------
SOCIALIST REPUBLIC OF VIETNAM
Independence - Freedom - Happiness
---------------
No: 01/2011/TT-NHNN
Hanoi, February 21, 2011
 
CIRCULAR
PROVIDING FOR ENSURING SAFETY, KEEPING SECRETS THE INFORMATION TECHNOLOGY SYSTEM IN BANKING OPERATION
Pursuant to the Law on State Bank of Vietnam No.46/2010/QH12 dated 16/6/2010;
Pursuant to the Law on credit institutions No.47/2010/QH12 dated 16/6/2010;
Pursuant to the Law on Information Technology No.67/2006/QH11 dated 29/6/2006;
Pursuant to the Decree No.96/2008/ND-CP dated 26/8/2008 of the Government regulating functions, tasks, powers and organizational structure of the State Bank of Vietnam;
the State Bank of Vietnam provides for ensuring safety, keeping secrets the information technology system in banking operation as follows:
Chapter 1.
GENERAL PROVISIONS
Article 1. Scope of governing and subjects of application
1. This Circular provides for requirements of ensuring safety, keeping secrets the information technology system (IT) in banking operation.
2. This Circular applies to the State Bank of Vietnam; credit institutions; branches of foreign banks (hereinafter collectively called as units).
Article 2. Interpretation of terms
In this Circular, the below terms are construed as follows:
1.  Information technology system: means a structured set of hardware equipment, software, databases and network systems for one or more technical operations, operations of the banks.
2.  IT assets: means equipments, information under IT system of the units, including:
a) Physical assets: mean IT equipment, mass media and equipment for the operation of IT systems.
b) Information assets: mean data and documents relating to IT systems. Information assets are represented by paper documents or electronic data.
c) Software assets: include the applicable programs, system software, databases and development tools.
3. IT risk: means ability of happening loss when making activities related to IT systems. IT risk related to management, use of hardware, software, communications, interface systems, operating and people.
4. Risk management: means the coordinating activities aiming at determining and controlling IT risk which may happen.
5. Third parties: mean organizations and individuals having professional skill hired by or coordinate with units to provide goods, technical services for the IT system.
6. Network security systems: a set of firewall devices and equipment to control and detect illegal access, management software, monitoring and logging of network security status and other