Circular 11/2012/tt-Nhnn: Rules Of Management And Use Of The Computer Network Of The State Bank Of Vietnam

Original Language Title: Thông tư 11/2012/TT-NHNN: Quy định quản lý và sử dụng mạng máy tính của Ngân hàng Nhà nước Việt Nam

Subscribe to a Global-Regulation Premium Membership Today!

Key Benefits:

Subscribe Now for only USD$20 per month, or Get a Day Pass for only USD$4.99.
THE STATE BANK OF VIETNAM
Number: 11 /2012/TT-NHNN
THE SOCIALIST REPUBLIC OF VIETNAM.
Independence-Freedom-Happiness
Hanoi, April 25, 2012

IT ' S SMART

Manage and use the computer network of the State Bank of Vietnam

________________________

The Digital Exchange Act. 51 /2005/QH11 November 29, 2005;

Digital Information Technology Base 67 /2006/QH11 June 29, 2006;

The Digital Telecommunication Law. 41/2009/QH12 November 23, 2009;

Vietnam State Bank Law School No. 46 /2010/QH12 June 16, 2010;

Base of Protocol 64 /2007/ND-CP April 10, 2007 of the Government on the Application of Information Technology in the operation of the State Agency;

Base of Protocol 96 /2008/NĐ-CP August 26, 2008 of the Government on Management, Provides, Using Internet Services and Electronic Information on the Internet;

Base of Protocol 97 /2008/NĐ-CP August 28, 2008 of the Government on Management, Providing, Using Internet Services and Electronic Information on the Internet;

At the suggestion of the Director of the Bureau of Technology.

The Governor of the State Bank of Vietnam issued a regulatory provision on the management and use of computer networking of the State Bank of Vietnam, Vietnam.

Chapter I

GENERAL REGULATION

What? 1. The tuning range and subject apply

1. This information regulates the management and use of the computer network of the State Bank of Vietnam (later known as the State Bank network).

2. This information applies to individuals, units of the State Bank of Vietnam (later known as State Bank); external organizations and third parties are allowed to use the State Bank network.

What? 2. Explain the word

In this message the words below are understood as follows:

1. The user is personally, the unit of the State Bank and the external organization that is allowed to use the State Bank network.

2. The data center is the data center of the State Bank, which includes the Main Data Center at the Bureau of Information Technology and the Center for the Reserve Data Center in Shanxi.

3. The area connecting the area is the site of the site of information technology equipment that connects the connection between the Data Center and the Provincial State Bank, the Central City. The regional connection center is located at the State Bank of Hanoi, Hai Phong, Đà Nẵng, Ho Chi Minh, and Poems.

4. The State Bank Local Network is the network system that connects the end-end devices within a geographic area of the State Bank.

5. Local network transmission infrastructure is an internal transmission cable system and network socket.

6. The network equipment includes switching devices, routing devices, security security devices, system software, and network governance.

7. Wireless Network is a network system that connects the terminal to a radio or ultra-short wave.

8. The State Bank wide network is a network system connected between the Data Center, the Regional Connection Center and the State Bank Local Network.

9. The broad network transmission infrastructure is the state Bank 's dedicated transmission line system and the state Bank' s State Bank transmission channels of telecom service providers.

10. The core class is the nuclear network of the network that has a mission to connect between the networks together.

11. The distribution network acts as a interface between the access and core network layers.

12. The access network is the network that serves the user connection with the systems.

13. IP address is a single address assigned to network connection devices used to identify and communicate via the Internet protocol.

14. IP telephone service is the audio transmission technology through the information network using the TCP/IP protocol suite.

15. Television conference service is the image television technology, audio through the information network using the TCP/IP protocol suite.

16. The designation name is the only name assigned to the network end-end devices.

17. Technical Officer is the trained person in information technology expertise in units of the State Bank.

18. The asset management unit is the State Bank unit that is tasked with the management of the asset management.

19. The unit using the property is the State Bank unit that is used by the Governor-General of the property.

20. The third party is allowed to use the State Bank network (later known as the third party) as organizations, individuals with expertise hired by the State Bank or co-operating in order to provide goods, technical services to the information technology system.

21. organizations outside the State Bank (later known as external organizations) include: credit organizations and other organizations that are not the third party to be allowed to use the State Bank network.

What? 3. State Banking Network Architecture

1. The State Bank Network covers the network of State Banking and the State Bank wide network.

2. State Bank Network Logic Architecture:

a) The State Bank local network architecture consists of the following main classes: core network class, distribution network class, access network class.

b) The State Bank wide network architecture includes network connections between the Data Center and Regional Connection Centers; The connections between the Regional Connection Center and the State Bank of the State Branch of the Province, the Central City of the Central; the Gate of the Exchange. It ' s connected to the State Bank with external organizations.

3. State banking physical architecture includes: site of network equipment, local network transmission infrastructure and wide network transmission infrastructure.

What? 4. Principles on construction, management and use of the State Bank network.

1. The State Bank Network must be designed, built to be highly available, secure, secure, and meet operational needs, the business of the State Bank.

2. The State Bank Network is managed to be unified centring in the Department of Information Technology and has a devolve, devolve to asset management units.

3. Users use only the State Bank network and the Internet network that caters to professional, professional activities.

4. The use and sharing of information on the State Bank network must comply with the regulatory security regulations of the State Bank and the provisions of the law.

5. Users who do not comply with the regulations at Article 24 This message will be suspended for services.

What? 5. State Bank Network Services Resources and Services

1. Network Resources:

a) Infrastructure, networking equipment, network management software, and network system configuration;

b) IP address system, domain name system, designation of devices.

2. Network services: data transfer services, voice services, television conference services, surveillance services, network governance and other increase services.

What? 6. Information Safety and Information Security

1. The State Bank Network must be equipped with a technical system for the management, network control, to detect, prevent unauthorized access and ensure the safety of the exchange data on the network environment.

2. Network connections between external organizations with the State Bank network must be controlled by network security systems.

3. The connected computers, resource use and the State Bank network service must be authenticated by the network access control security system, installation of computer antivirus software and malicious code, version updates, security breach patches, and other applications. A minimum of three months.

4. The "Secret" level electronic data that returns to the exchange on the State Bank network must be applied to secure security measures under the State Bank ' s own regulation.

Chapter II

SPECIFIC REGULATION

Item 1

STATE BANKING NETWORK

What? 7. New installation, upgrade and repair

1. For the new installation and upgrade of the local network transmission infrastructure: Asset management units set up the transmission infrastructure profile to the Technical Bureau of Appraisal Technology before the grant is approved.

2. For the new installation and upgrade of network equipment, the asset management units when there is a need to do the following sequence:

a) To the Office of Information Technology.

b) In the 10-day period of work since the date received the recommended text, the Bureau of Information Technology performs the status quo, the need for the use of the unit and the aggregate report.

c) For the next 20 working days, the Bureau of Information Technology completes the bill and plans for the Governor of the State Bank to approve.

d) The Bureau of Information Technology performs equivocal procedures after being approved.

3. Local network repairs are regular repair operations to ensure local network operations and do not change technical configuration, local network design at the unit. The cost of repairs made by regulation of the Bank of the State Bank's regular repair costs.

4. For local network transmission infrastructure repair:

a) The unit uses the property but is not the asset management unit when the need for repair needs is notified to the asset management unit.

b) The active asset management unit performs compliance with compliance compliance with the State Bank's financial management process and informs the Bureau of Technology for the Coordination of Engineering.

5. For the site repair of the network device when the error is released, the asset management unit informs the Bureau of Technology to coordinate the determination of the device status and processing as follows:

a) With the error equipment remaining in the warranty period or have been signed for maintenance, the Bureau of Information Technology leads the implementation of the repair and replacement of the device.

b) With the expiration of the warranty and no maintenance contract, the asset management unit performs compliance with compliance with the State Bank's financial management process and informs the Bureau of Technology for the Coordination of Engineering.

What? 8. Regulation of maintenance and processing of incidents

1. Regulation of maintenance:

a) The local network must be maintained periodically at a minimum of every 3 months to ensure stability and safety.

b) The implementation of maintenance is not disrupted and affects the business activity of the State Bank.

c) The maintenance process must be logged in to the state of operation before and after maintenance.

d) The Bureau of Information Technology builds network maintenance processes for units of the State Bank and is responsible for the maintenance of network equipment.

The asset management unit is responsible for the maintenance of the transmission and coordination infrastructure with the Bureau of Information Technology that maintains the maintenance of network equipment at the unit.

2. Regulation of incident processing:

a) The Bureau of Information Technology Building processes and guidelines handling the incident.

b) Upon the birth of the incident, the technical officer at the unit must log the diary and perform the incident according to the Information Technology Bureau's instructions. For the incidents that arise not in the document or not treatment must be notified to the Bureau of Information Technology to jointly coordinate the processing.

What? 9. Regulation of Administration and Use

1. New installation, upgrading or repair of the State Bank network must meet the requirements for the State Bank network architecture specified in this Article 3.

2. Asset management units must build, update and store the design documentation and map of the local network when installing new, upgraded or repaired.

3. The terminal devices like: workstations, printers, IP phones are only allowed to connect to the network area for users.

4. The Bureau of Information Technology regulates the issuing, using the unified IP address, the name of the name of equipment and control of devices connected to the State Bank's network.

Item 2

STATE BANKING WIDE

What? 10. New Installation and wide network renovation

1. Every year based on the need to use and exploit the data on the network system, the Bureau of Information Technology plans to install new and improve the network of the Governor-approved program.

2. After approval of the plan, the Bureau of Information Technology performs equivocal procedures under existing regulations.

What? 11. The regulation of extensive network repair

1. The extensive network repair is the frequent fixes that ensure the network system is continuous, safe and effective.

2. The Bureau of Information Technology is the first unit of the organization that performs the repair of the State Bank wide network of network equipment.

What? 12. Regulation of Administration and Operations Control

The Bureau of Technology is responsible:

1. Administration and control of the Network of State Bank;

2. Build, update and store design documentation and extensive network completion drawings as new installation, upgrade or repair;

3. Record daily activity and report the overall assessment of the 3:03 periodic network system.

What? 13. Regulation of maintenance and processing of incidents

1. Regulation of maintenance:

a) The wide network must be maintained periodically at a minimum of every 3 months to ensure stability and safety.

b) The implementation of maintenance is not disrupted and affects the business activity of the State Bank.

c) The maintenance process must be done in accordance with the script, write the log on the status of operations before and after the maintenance.

d) The Bureau of Information Technology Building Planning, the maintenance and notification method for the units to use coordination.

The unit is responsible for coordinating with the Bureau of Technology and noted maintenance results.

2. Regulation of incident processing:

a) The Bureau of Information Technology performs process construction and guidance processing guidelines.

b) Upon the birth of the incident, the technical staff must record the diary and perform the process of incident according to the process and guidance of the Information Technology Bureau.

Section 3

REGULATION CONNECTION BETWEEN STATE BANK

AND OUTSIDE ORGANIZATIONS.

What? 14. State Bank Network connection regulation

1. State Bank (Bureau of Information Technology) regulates and managed to unify the connected method and IP address range for the terminal pages of external organizations when connected to the State Bank network.

2. The external organizations when there is a need to connect the network with the State Bank must be agreed by the State Bank. The procedure for network connectivity with the State Bank is implemented under Article 16 of this.

3. The case of additional equipment, changes in the transmission of external organizations must submit to the publication, design documentation, configuration, and implementation of the implementation of the Bureau of Appraisal and Appropriation Technology Bureau prior to deployment.

What? 15. State Bank Network connection conditions

1. There is sufficient technical equipment to connect the network and ensure secure security of information on the line according to the current regulation of the State Bank.

2. Have a team of qualified technical staff, the ability to administer the connected terminal, network equipment of the organization.

What? 16. New connection procedure or changing network connection

1. For the General Assembly of the credit organizations, other organizations are not a credit organization when there is a new connection to the need to connect or change the network connection with the State Bank to send a Registration Profile according to Form 01 to the Bureau of Information Technology. In the 10-day period of work since the date of receiving valid files, the Bureau of Information Technology informs the results of the case processing.

2. For the branch of credit organizations, the people ' s credit fund when there is a new connection demand or changing network connection with the Provincial Branch State Bank, the Central City of the Central to submit a Registration Profile according to Form 01 to the Branch State Bank. Of course, the city is in the Central City of the same place.

a) During the 3-day period of work since the date of receiving valid records, the Bank of the State Branch of the Province, the Central City of China considers the validity of the case, the need for connection, and if approved, send a file to the Bureau of Information Technology to coordinate treatment. Yeah.

b) For a 10-day period of work since the date of receiving valid files, the Bureau of Technology considers and announces the results of the case processing of the Provincial State Bank, the Central City of Central.

c) During the 3-day period of work since the date of receiving the results announcement by the Bureau of Information Technology, the State Branch State Bank, the Central City of China announces the case processing results for the registration unit.

3. For the third party when there is a need to connect the State Bank network to send a Registration Profile by Form 03 to the Bureau of Information Technology. In the 10-day period of work since the date of receiving valid files, the Bureau of Information Technology informs the results of the case processing.

4. The network connection registration record is sent via the post office or directly filed at the State Bank headquarters as stipulated at paragraph 1.2 and 3 This.

5. In the 30-day period of the next working day since receiving notification of approval from the State Bank, external organizations actively carry out procedures and process techniques to complete the network connection with the State Bank.

What? 17. The procedure of cancelation

1. For the General Assembly of the credit organizations, organizations are not a credit organization when there is no need for a network connection with the State Bank to send a Network of Terminated Filing on Form 02 to the Information Technology Department. During the 5-day period of work since the date of receiving valid files, the Bureau of Technology informs the results of the case processing results.

2. For the branch of credit organizations, the human trust fund when there is no longer the need for network connectivity with the provincial branch state Bank, the Central City of China must send the Network of Terminated Filing on Form 02 to the Branch State Bank. Province, Central City on the site.

a) During the 5-day period of work since the date of receiving valid records, the State Bank of the State Branch of the Province, the Central City of the Central Committee sent records to the Bureau of Information Technology to coordinate processing.

b) During the 5-day period of work since the date of the receiving of valid records, the Bureau of Information Technology executed the procedure to destroy the network and announce the results of the case processing of the Provincial State Bank, the Central City.

c) During the 3-day period of work since the date received the results announcement by the Bureau of Information Technology, State Bank of the State Branch, the Central City of China announced the results of the case processing results.

3. For the third party when there is no need to connect the network to inform the Bureau of Technology to cancel the connection. During the 3-day period of work since the date of receiving valid files, the Bureau of Information Technology performs the destruction of the network connection and announces case processing results.

4. The filing of the proposed cancellation of the network connection was sent via the post office or submitted directly at the State Bank headquarters as stipulated at Clause 1, 2 and 3 This.

Section 4

INTERNET CONNECTION

What? 18. Internet connection management

1. Local banking computers that connect the Internet to the Internet must pass through the connection ports established by the Bureau of Information and Management Technologies.

2. The non-network computers of the State Bank network connect the Internet by the unit chief to use the decision assets and must comply with the security security regulations of the State Bank and the provisions of the law.

3. The case of locally owned units of the State Bank network has the need to connect directly to the Internet directly through the connection portal established by the Bureau of Public Information Technology and Management must be allowed by the Governor of the State Bank, the unit must be available. The solution protects and is responsible for ensuring the safety of the Bank of State.

What? 19. Internet connection conditions

1. The end-end devices that connect the Internet must install computer-backed anti-computer software, security software.

2. The users who use the connection through the Internet portal are administered by the Bureau of Information Technology to use the access account provided by the Bureau of Information Technology.

What? 20. Regulation of Internet connection monitoring and control

1. Between the State Bank network and the Internet must have a network security system that ensures security security for the State Bank network. It prohibits the use of Internet connection devices to connect directly to the State Bank network.

2. The Bureau of Information Technology is responsible for managing, controlling the devices of the State Bank network that connects the Internet.

3. The Bureau of Information Technology Management and grants the user ' s Internet access to Internet access. In the case of necessity, to ensure the safety of the State Bank network system, the Bureau of Information Technology has the right to actively suspend or revoking the Internet access account.

What? 21. The regulation of wireless network connectivity, mobile devices

1. The Bureau of Information Technology manages the operation of network devices that provide wireless connectivity and control of wireless network access to the State Bank network.

2. When there is a need to connect the State Bank ' s wireless network, the user must register by Form No. 04.

3. At the end of the wireless network connection registration time, the system automatically stops providing the service.

Section 5

RESPONSIBILITY IN MANAGEMENT AND USE

STATE BANKING NETWORK

What? 22. The responsibility of the Technology

1. is responsible for the management of the State Bank network engineering system.

2. Attend to the Governor of the State Bank for Strategic Strategy, Planning, Development of the State Bank Network and the implementation of the deployment after approval.

3. Manage the allocation and use of the State Bank network resource within the management hierarchy.

4. Watch, monitor the operation of the State Bank network system that ensures continuous, stable and secure operations.

5. Warning and guide the State Bank units of security loopholes and risk risks to the activities of the State Bank network.

6. Messages for the property management unit before 3 days of work when temporarily providing network services for repairs, upgrades or maintenance.

7. Guide, take on and handle new connection registration records, change connectivity and cancel the network connection to the main assembly of credit organizations (excluding the people's credit fund), other organizations that are not a credit organization, third parties.

8. The organization examines the network connectivity of external organizations, third party to the State Bank network.

What? 23. The responsibility of the asset management unit

1. The organization instructs and examines the use of local networks at the unit.

2. Guide, take on and process new connection registration records, change the connection and cancel the network connection to the people ' s credit fund, the branch of credit organizations on the site.

3. The organization examines the network connectivity of external organizations with the State Bank network via the connection port at the unit.

4. Coordinate with the Bureau of Information Technology in the management of network connectivity of external organizations on the site.

5. Division of technical cadres managing network equipment and coordination handling incidents of birth at the unit.

6. Make sure the conditions are needed for network equipment at the unit of safety and stability operations.

What? 24. The user's responsibility

1. Use resources, exploit information on the State Bank network and the Internet network within the scope of enabling and subject to oversight, control of the Bureau of Information Technology.

2. comply with the State Bank regulations and of the law on security security information, management of operations and the use of the State Bank network.

3. comply with the State Bank regulations and of the law on the connection, use, exploitation of the Internet.

4. Serious use of tools, software that damages the operation of the State Bank network system.

5. The case of the event of the incident, informed the technical staff at the asset management unit to be instructed and assisted in the recovery.

6. Coordinate with the engineering department in the handling and validation of the incident processing results.

What? 25. The responsibility of the external organization and the third party

1. Compliance the regulations on the connection of the State Bank network.

2. Secure security for terminal equipment, network equipment, and transmission lines connected to the State Bank network.

3. Choice of a provider of media services, bandwidth, cost of installation costs, cost of rent, and the cost of maintenance of the line maintenance to the State Bank.

Chapter III

THE ORGANIZATION.

What? 26.

1. This message has been in effect since 11 June 2012.

2. This information replaces the number Decision 39 /2006/QD-NHNN August 8, 2006 of the Governor of the State Bank of Vietnam enacted the Management Regulation and the use of the State Bank's internal computer network.

What? 27.

1. The Bureau of Information Technology is responsible for guidance, oversight and examination of this private practice.

2. Internal Audit is responsible for audits internal audit of this private practice against units of the State Bank.

3. The Inspector Agency, overseeing the bank with a responsibility to coordinate with the Bureau of Technology for examination of this private practice against external organizations involved in the connection, exploitation of the State Bank network.

4. Head of units of the State Bank, State Bank of the State Branch of the Province, the Central City of Central, the external institutions that connect to the State Bank network, third party within the functional range, its duty in charge of the competition. This is private.

KT. GOVERNOR.
Vice Governor.

(signed)

Nguyen Won.