Tiếng Việt
中文 (中国)Are telecommunications businesses required to designate specialized departments is legal content that readers often need to check carefully before implementing it in practice. This article has been reorganized by ANT Legal in an easy-to-understand way, helping individuals and businesses understand the main issues, common risks and appropriate solutions.
Are telecommunications businesses required to designate a specialized network incident response department (CERT)?
Pursuant to Article 43 of Decree 72/2013/ND-CP on response Network incident rescue:
Network incident rescue
3. Ministries, ministerial-level agencies, Government agencies, telecommunications businesses, Internet service providers, and organizations that manage and exploit important national information systems are responsible for establishing or designating a specialized network incident response department (CERT) to proactively deploy activities within their units and coordinate with the Vietnam Computer Emergency Response Center (VNCERT).
4. The Ministry of Information and Communications promulgates and organizes the implementation of regulations on coordination of network incident response.
Thus, telecommunications enterprises are responsible for establishing or appointing a specialized network incident response department (CERT) to proactively deploy activities within their units and coordinate with the Vietnam Computer Emergency Response Center (VNCERT).
Or in other words, telecommunications businesses can choose between:
Establishing a specialized network incident response department (CERT); or
Designate a specialized network incident response department (CERT).
In particular, network incident response is an activity aimed at handling and overcoming incidents that cause information insecurity on the network.
Network incident response is carried out according to the following principles:
Fast, accurate, timely, effective;
Comply with Coordination regulations of the Ministry of Information and Communications;
Coordination between domestic and international organizations and businesses.
How much will be fined if a telecommunications enterprise does not establish or appoint a specialized unit to respond to network information security incidents?
Pursuant to Clause 3, Article 78 of Decree 15/2020/ND-CP violating regulations on ensuring information security and responding to network information security incidents:
Violating regulations on ensuring information security and responding to network information security incidents
1. Fine from 10,000,000 VND to 20,000,000 VND for one of the following acts:
…
3. Fine from 30,000,000 VND to 40,000,000 VND for one of the following acts:
a) Failure to summarize and report to the National Coordinating Agency on incident developments when requested;
b) Failure to establish or designate a specialized unit to respond to network information security incidents or failure to establish an incident response team;
c) Failure to record or receive notification or failure to report network information security incidents according to proper procedures;
d) Failure to develop an incident response plan to ensure network information security;
d) Providing insufficient information while the problem has not been completely resolved;
e) Failure to synthesize and prepare periodic reports every 06 months or 01 year;
g) Incomplete implementation of incident response coordination requirements of the National Coordinating Agency.
Thus, in case a telecommunications enterprise does not establish or appoint a specialized unit to respond to network information security incidents, it may be fined from 30,000,000 VND to 40,000,000 VND.
What policies does the state have on cyber information security?
Comparing with the provisions in Article 5 of the Law on Cyber Information Security 2015, the State has the following policies on cyber information security:
Promoting training, human resource development and building network information security infrastructure and techniques to meet the requirements of political stability, socio-economic development, ensuring national defense, national security, social order and safety.
Encourage research, development, and application of technical and technological measures, export support, and market expansion for cyber information security products and services produced and provided by domestic organizations and individuals;
Create conditions for importing modern products and technologies that domestic organizations and individuals do not have the capacity to produce or supply.
Ensuring a healthy competitive environment in the business of cyber information security products and services;
Encourage and create conditions for organizations and individuals to invest, research, develop and provide cyber information security products and services.
The State allocates funds to ensure network information security of state agencies and network information security for important national information systems.
In particular, according to the provisions of Clause 1, Article 3 of the Law on Cyber Information Security 2015 Cyber information security is the protection of information and information systems on the network from unauthorized access, use, disclosure, interruption, modification or destruction to ensure the integrity, security and availability of information.
Note on Applying Current Legal Regulations
This article belongs to the Business & M&A group and is presented for reference purposes, helping readers understand the legal issue at an overview level before preparing a dossier or carrying out a transaction.
Legal regulations may vary depending on the timing, locality, type of dossier and specific circumstances. If you need to determine the exact legal basis applicable to your case, you should contact ANT Legal’s lawyers at 0966.475.966 for review and advice before proceeding.
Common Legal Risks to Note
- Applying legal instruments that have been amended, supplemented or replaced.
- Preparing an incomplete set of documents, materials or necessary evidence.
- Misunderstanding the conditions, procedure, timeline or competent authority.
- Signing, submitting a dossier or carrying out a transaction before fully assessing legal risks.
How Can ANT Legal Support You?
ANT Legal can review the specific circumstances, examine the dossier, identify the applicable legal basis, advise on an appropriate handling plan and represent clients in working with individuals, organizations or competent authorities where necessary.
For prompt advice, you may contact a lawyer at 0966.475.966.
Related Articles
- Do businesses have the right to sign business contracts before registering their business?
- Does a joint stock company have to post program recommendations and contents of the General Meeting of Shareholders that have not been rejected on its website?
- When there is a change in the content of the Certificate of Business Eligibility, how long does a credit rating enterprise need to carry out adjustment procedures?
- For violations of submitting information declarations according to the Global Minimum Tax Regulations, are tax administrative violations sanctioned during the transition period?
- Are asset auction enterprises required? Can a micro-enterprise be established and operate in the form of a partnership?
