Circular 38/2013/tt-Bct: Regulation On Technological Solutions And Request

Original Language Title: Thông tư 38/2013/TT-BCT: Quy định về giải pháp công nghệ và yêu cầu

Subscribe to a Global-Regulation Premium Membership Today!

Key Benefits:

Subscribe Now for only USD$20 per month, or Get a Day Pass for only USD$4.99.
MINISTRY OF COMMERCE
Numbers: 38 /2013/TT-BCT
THE SOCIALIST REPUBLIC OF VIETNAM.
Independence-Freedom-Happiness
Hanoi, December 30, 2013

IT ' S SMART

The regulation of technological solutions and requirements

_____________

Base of Protocol 95 /2012/NĐ-CP November 12, 2012 the Government regulates the functions, duties, powers, and organizational structure of the Ministry of Commerce;

Base of Protocol 158 /2006/NĐ-CP December 28, 2006 of the Government regulates the Commercial Law of Trade on the Merchandise Purchase operation through the Department of Merchandise Transactions;

Base of Protocol 52 /2013/ND-CP May 16, 2013 of The Government of the Trade of Electronics;

The Minister of Labor Department of Commerce issued a regulation on technological solutions and technical requirements in the operation to purchase goods through the Department of Merchandise as follows.

Chapter I

COMMON RULES

What? 1. The tuning range and subject apply

1. This information regulates the technological solution and the technical requirement in the operation to purchase goods through the Department of Merchandise Transactions.

2. The applicable subject includes the Department of Merchandise Transactions in Vietnam, Member, Payment Center, Merchandise Delivery Center, and other organizations, other individuals involved in the sale of goods to the sale of goods through the Department of Merchandise Transactions in Vietnam.

What? 2. Explain the word

1. The information technology system that serves the sale of goods through the Department of Merchandise Transactions includes equipment for the infrastructure of information technology, application software, electronic exchange information, and transaction information.

2. Information technology infrastructure including servers, personal computers, printers, network devices, storage devices, information display devices, transmission systems, anti-lightning systems, storage systems, power storage systems, and other equipment catering to the operation. transaction.

3. The electronic information page on the transaction of goods through the Department of Merchandise Transactions is an electronic information page set up to cater to the provision of information concerning the activities of the Department of Merchandise Transactions.

4. Application software is the software that is developed and installed on the right environment to carry out the transaction and the business involved in the sale of goods through the Department of Merchandise Transactions.

5. The electronic transaction information table is the information table of the Department of Merchandise Transactions: the volume of greeting, the volume of greeting, the purchase price, the sale price, the joint volume, the joint price, the closing price the day before, the session opening price, change price in the day the price matches the opening price; expressed on the screen, electronic information pages, or other display devices of the Department of Transactions.

What? 3. General Request for Information technology Systems

1. The Department of Merchandise Transactions, members of the Department of Merchandise Transactions, Payment Center, Center for Merchandise Delivery must be equipped with the Information technology System that serves the sale of goods purchases through the Department of Merchandise Transactions meet the regulations at Private Information. Hey.

2. Information technology systems must be maintained and upgraded regularly, in time to correct technical errors, ensure that the system is ready to serve transactions on the Department of Transactions and provide information to customers.

3. Information technology systems must be designed to ensure safety, security of information.

4. The information technology system has to be designed to ensure separation capacity, detection, processing of the incident in time.

5. The Department of Merchandise Transactions must ensure the ability to connect, exchange data on the Ministry of Commerce when required.

6. The Department of Merchandise Transactions, a member of the Department of Merchandise Transactions must carry out the following regulations when the incident occurred on the Information and Information technology system after 24 (twenty-four) hours:

a) inform the members, customers on the state of the incident status of the Information technology system;

b) Storage, ensure the integrity of the entire database at the time of the end of the transaction;

c) The transaction will continue to do immediately after the incident of the information technology system being overcome;

e) Save the entire report in the form of paper and electronics of the process of understanding, processing the incident;

g) Report of the Ministry of Public Trade of Information Technology Systems and Improved Measures, corrects technical debuts.

7. In case of the incident the information technology system affects the interests of the customer, the Department of Merchandise Transactions is responsible under the rule of law.

What? 4. Request for Information technology Systems for the Department of Commodity Traded

1. The information technology system must be designed to ensure centralization of information, data related to transaction details, payment information, consumer communication information, customer, active membership on the Department of Transactions;

2. The Department of Merchandise Transactions must have a qualified technical staff team to manage, operate and monitor the information technology system including network system management, administration of operating systems, security systems security, database administration.

3. The Department of Merchandise Transactions must build an electronic information page with a defined address on the Internet to publish information under the current regulations and comply with the regulations at Section 3 Chapter II of this Information.

4. The Department of Merchandise Transactions must build a set of technical materials and operate the Information technology System at the Department of Merchandise Transactions, including categories:

a) A profile of the design and engineering theory of the system;

b) The self-checking document, the assessment of the unit or by the specialized agency with a test function that confirms the design of the system sufficient standards of safety for the operation;

c) The management process regulation uses network systems, backup backup, operating system operations, and ensuring safety, information security.

Chapter II

INFORMATION TECHNOLOGY SYSTEM REQUIREMENTS

Item 1

TECHNICAL REQUIREMENTS FOR INFORMATION TECHNOLOGY INFRASTRUCTURE

What? 5. General requirements for server systems and network infrastructure

1. The Department of Merchandise Transactions, business member of the Department of Merchandise Transactions, the Center for Payment, the Center for Merchandise Delivery must equip the server system for the Information technology system:

a) The server must have the configuration consistent with the requirements of the installed software on the server and the services that the server provides;

b) The application software must be maintained operating on the servers;

c) The server system must be set at the specified address on the territory of Vietnam.

2. The server system must ensure stable operation and there is a minimum of a backup server that is always in a state of readiness in the event of the main system of the incident.

3. The server system must have a backup backup solution for the data of the business applications, transaction data, customers on the Department of Merchandise Transactions. Backup backup devices must be dedicated.

4. The network system must have a minimum of two transmission lines of two different carriers, a major transmission line and a backup transmission line in the event of a major transmission line, the backup transmission line must be used in time, ensuring the information always. All the time.

5. Server systems and network infrastructure must be able to upgrade and expand the system.

What? 6. General requests for safety assurance, information security with information technology infrastructure

1. The Department of Merchandise Transactions, business member of the Department of Merchandise Transactions, the Payment Center, the Center for Merchandise Delivery must have a safety guarantee, security for the Information technology system; ensure integrity, security and availability. the information of the transaction information; ensure the information secret of the organization, the customer, the transaction on the Department of Transactions.

2. Access to the system must be devolve to each department, the individual uses to protect different layers of information. The servers must be installed, configured so that the system can save any intrusion.

3. The information technology system must have a security measure to manage user access. The system must be able to organize, lookup search for data.

4. Data backup on tape, optical discs, hard drives and other storage devices must be physically protected in security and safety conditions. Based on the specification of each type of storage device for proper resaving mode.

What? 7. Technical requirements on the basis of information technology infrastructure for the Department of Commodity Transactions

1. Use a firewall device to prevent direct attacks on the critical information of the system, control the information out into the system of the Department of Merchandise Transactions.

2. The device must be equipped with detection and prevent intrusion to prevent unauthorized connections to the key resources in the event of an intrusion that passes through the firewall.

3. Use anti-virus and anti-malware software on all servers, workstations and at the gates connected to open networks.

4. Make a split of the network system into different networks in accordance with the purpose of use, subject use, and security policy for each region.

5. Must have a backup backup to the periodic information technology infrastructure system, which ensures the recovery of data information within 24 (twenty-four) hours since the birth of the incident. Backup backup must be made daily.

6. Must equip, organize and use secure storage devices for the database and application software, ensure safety and operate according to the correct technical requirements.

Item 2

APPLICATION SOFTWARE REQUIREMENTS

What? 8. General Request for Application Software

1. Software application at the Department of Merchandise Transactions, member of the Department of Merchandise Transactions, Payment Center, the Commodity Exchange that must ensure compliance with the law regulations on the goods purchase market through the Department of Commodity Transactions and in accordance with this. active duty, requiring a career management on the Department of Merchandise Transactions.

2. The technology solution selected to build application software must meet the ability to expand the transaction of the Department of Commodity Transactions.

3. The application software must be tested closely before being included in both the official and the updates, the Department of Merchandise Transactions must be compiled for each test.

4. The Department of Merchandise Transactions, a member of the Department of Goods Transactions using application software must implement the requirements for software copyright by law.

What? 9. General requirements for the technical feature of application software

1. Must have the operation log function to save every transaction of goods, payment, delivery in the minimum transaction process in time 1 (one) year.

2. The commodity trading software must be able to control the access to business operations in the transaction, ensure the right process, counter-error.

3. Application software must have the operation log functions that serve the user's transactions, check the access user data, have edited, access time, retrieve.

4. The storage data for monitoring users includes user accounts and information access time into the system; accounts and time creating data, the end of data repair time, and data control time.

5. The application database of application software must be organized so that the software system is easily updated with information, aggregation, selection, processing, rapid and accurate transmission.

What? 10. General request for safety assurance, information security of the application software.

1. Application software must ensure that the ability to devolve according to the function to each user. Each user is clearly defined in terms of duty and authority. People who are not devolve are not able to access other people's work.

2. For application software that deals with Internet transactions must have access control mechanisms, user authentication, data security on the transmission line, ensure data integrity and anti-denial.

3. The password of the user when the storage must be encrypted. It prohibits the exchange of user passwords in the form of unencrypted text (clear text) in any case, except for the password used once. Printing, sending passwords to users in the system must be secure.

4. Application software must have backup backup functionality, recovery of the data, information transaction information, and other information within 24 (twenty-four) hours since the invention of the technical incident.

5. Before bringing the application software to the operation must ensure that the software was tested for detection, rectify the security holes and the birth errors.

What? 11. Application software requirements for the Department of Commodity Transactions

1. Application software on the system of the Department of Merchandise Transactions must be developed and operated independently, not using the software joint with the Exchange, membership, organization, other unit.

2. The application software of the Department of Merchandise Transactions must ensure the features of the transaction management, payment, contract oversight, delivery; membership information storage, customer; connection, transaction exchange with members of the Department of Goods and Transactions. Other business processes in which the Department of Transactions are allowed to implement by law.

3. Electronic joint command system must have a transaction authentication mechanism, return the transaction results for the user:

a) The transaction results must include information about the transaction time, transaction volume, transaction price, transaction dimension, transaction item, transaction customer code;

b) The exchange information must ensure the authentication of the sener, secure the data on the transmission line, complete the data and prevent it.

4. Application software must have a federated function, which displays information on the electronic transaction information table.

5. The application software prior to the use must have a clear theory of origin, technical feature, and a specific manual documentation that includes a system design analysis, user-requested documentation, use instructions, software testing editor.

6. The construction and introduction of application software solutions must be simultaneously with data processing, synchronized integration with hardware devices, communications networks, network security of the Department of Transactions.

What? 12. The application for application software to the business member of the Department of Commodity Transactions

1. The application membership of the business member on the Department of Merchandise Transactions must meet the transaction requirements under the provisions of the Department of Merchandise Transactions, which include:

a) Administrative management of the transaction of goods, control of deposit accounts, account of goods, payment transactions, information, customer lists;

b) Administration of transactions, a career in which members are allowed to operate on the Department of Merchandise Transactions.

2. The business member ' s application software on the Department of Merchandise Transactions must ensure the ability to trade, connect through with the Department of Merchandise Transactions.

3. For the self-developed member software for the customer to use, must ensure the requirements for safety, security of information to the customer and comply with the regulations required by the Department of the goods.

Section 3

ELECTRONIC INFORMATION PAGE REQUEST

What? 13. General Request for Electronic Information Page

1. The Department of Merchandise Transactions and a member of the Department of Merchandise Transactions must deploy the electronic information page using the national name of Vietnam ". vn".

2. The electronic information page built on the technology platform of commercial products must have the software rights of that product.

3. On the electronic information page must post the information to contact the Department of Merchandise Transactions, member of the Department of Merchandise Transactions.

4. The electronic information page must be stored on the server at the company or at the organization that provides Vietnam ' s website hosting services.

5. The electronic information page of the Department of Merchandise Transactions must provide, but do not limit the following information:

a) The trading price index on the total amount of transactions in each day, including the opening price, closing price, the highest price, the lowest price, and the rates matched to each of the goods traded through the Department of Merchandise transactions;

b) The results of the transaction in accordance with the method of joint command, the joint command content includes the type of goods, the number of goods matching the order sold with the purchase order and other content under the provisions of the Active Charter;

c) Other information is specified in the Operational Charter of the Department of Commodity Transactions.

What? 14. Request for safety and security with electronic information page.

1. Electronic information pages must be able to monitor and monitor content changes, control of the system.

2. The electronic information page system must regularly update patches for electronic information-based construction platform software including operating systems, database systems, firewalls.

3. Electronic information pages must be checked, maintained, and searched for a periodic security breach.

4. For electronic information pages that carry the goods transaction through the network, the online transaction content section must be separately separated and placed on a separate server at the Department of Transactions. The transaction, account, and password information must be encrypted, to ensure the customer's secret.

What? 15. Request for backup and recovery

1. Electronic information pages must be periodically circulating, daily, including software and database storage databases.

2. In the event of an incident, the electronic information page must be restored in no more than 24 (twenty-four) hours since the incident.

Section 4

MANAGEMENT SYSTEM, TRANSACTION MONITORING

What? 16. The management system, which oversees the transaction of the Department of the goods

1. The Ministry of Trade is responsible and actively building the management system, which oversees the transaction of the Department of Goods Trading. The minimum database system must include the following content:

a) Data on transaction results, payment, delivery of goods on the Department of Merchandise Transactions;

b) The data on objects within the scope of the management under the regulation of the law on the Department of Goods Transactions and the requirements of the Ministry of Commerce;

c) Data on the transaction account at the Customer ' s Department of Merchandise Transactions;

d) Data on the goods registered trading on the Department of Goods Exchange.

2. The storage data on the Ministry of Commerce ' s systems must be updated, aggregable, and stored scientific, basic, safe, as the basis for the Department of Commodity Transactions, businesses, organizations, and the competent authorities.

3. The Ministry of Commerce is responsible for testing periodically or breaking the Information Technology System's Information Technology System to evaluate the level of compliance with the laws of the business.

What? 17. Data exchange system, report by the Department of Commodity Transactions

1. The information technology system of the Department of Merchandise Transactions, a member of the Department of Merchandise Transactions must be designed to meet the information exchange operation, report at the request of the Ministry of Commerce.

2. The information technology system of the Department of Merchandise Transactions must be designed to exchange information with members of the Department of Goods, Client, joint command transactions, merchandise of registration on the Department and other information at the request of the Ministry of Commerce.

Chapter III

THE ORGANIZATION.

What? 18. The execution clause

1. This message has been in effect since 20 February 2014.

2. The Department of Merchandise Transactions, members of the Department of Goods Transactions and units, the relevant organization has been licensed and is in operation responsible for the complete responsibility of the Information technology system under instructions at this Smart in no more than 180 days. (one hundred and eighty) the day since the time of the text is in effect.

3. In the course of this practice, if there is an entangrium, the Department of Transactions or organizations, the individual is in time to reflect on the Ministry of Commerce for review, handling ./.

KT. MINISTER.
Chief.

(signed)

Needle Cross