Internet service providers (ISPs) must update them. When do you update information about the incident response focal point when there are changes?

When do Internet service providers (ISPs) have to update information about incident response focal points when there are changes?

Pursuant to Clause 1, Article 6 of the Circular 20/2017/TT-BTTTT responsibilities and powers of network members:

Related service · P1

M&A, Equity Transfer and Project Transfer

If you are preparing an equity transfer, M&A transaction, project transfer or restructuring, ANT Legal can help review legal risks and transaction structure.

Website information is for general reference only and does not replace legal advice for a specific matter.

Responsibilities and powers of network members

1. Network members have the following responsibilities and powers:

a) Implement the responsibilities and powers specified in Decision No. 05/2017/QD-TTg ;

b) Appoint an incident response focal point with sufficient capacity, professional qualifications and professional skills to carry out coordinated incident response activities; Ensure smooth and continuous communication is maintained 24/7; Publish information about incident reception addresses on the Website/Electronic Information Portal; Provide and update information on incident response focal points, information security technical human resources, and incident response within the scope of management to the National Coordinating Agency; Update information about the Incident Response Focal Point, within 24 hours of any changes;

At the same time, according to the provisions of Point dd, Clause 1, Article 7, Decision 05/2017/QD-TTg of 2017 on the national cyber information security incident response network:

National cyber information security incident response network price

1. Members are obliged to participate in the national network information security incident response network (hereinafter referred to as the incident response network) including:

d) Enterprises providing telecommunications and Internet infrastructure services (ISP); Organizations and businesses providing data center services and leasing digital information storage space; national database management and operation unit; specialized unit in charge of information security and information technology of banking, financial, treasury, tax and customs organizations;

Thus, Internet service providers (ISPs) as members of the national network information security incident response network, must update information on the Incident Response Focal Point, within 24 hours when there is a change.

If an Internet service provider (ISP) updates information about the incident response focal point at the wrong time when there is a change, how much will be fined?

Pursuant to Clause 1, Article 78 of Decree 15/2020/ND-CP violating regulations on ensuring information security and responding to network information security incidents

Violating regulations on ensuring information security and responding to network information security incidents

1. Fine from 10,000,000 VND to 20,000,000 VND for one of the following acts:

a) Do not publish information about the incident receiving address on the website or portal;

b) Failure to declare records, provide or update information on incident response focal points, information security technical human resources, and incident response within the scope of management to the national coordinating agency;

c) Updating information about incident response focal points not on time when there are changes;

d) Violating the operating regulations of the national cyber information security incident response network or failing to comply with the coordination requirements of the coordinating agency;

d) Failure to report a network information security incident to the information system administrator, specialized incident response unit at the same level, or the National Coordinating Agency within the prescribed time from the time the incident is detected.

Thus, in case an Internet service provider (ISP) updates information about the incident response focal point at the wrong time when there is a change, it may be fined. fine from 10,000,000 VND to 20,000,000 VND.

What policies does the state have on network information security?

Comparing with the provisions in Article 5 of the Law on Cyber ​​Information Security 2015, the State has the following policies on cyber information security:

– Promote training and human resource development and build infrastructure and network information security techniques to meet the requirements of political stability, socio-economic development, ensuring national defense, national security, social order and safety.

– Encourage research, development, and application of technical and technological measures, export support, and market expansion for cyber information security products and services produced and provided by domestic organizations and individuals;

+ Create conditions for importing modern products and technologies that domestic organizations and individuals do not have the capacity to produce or supply.

– Ensure a healthy competitive environment in the business of network information security products and services;

+ Encourage and create conditions for organizations and individuals to participate in investing, researching, developing and providing network information security products and services.

– The State allocates funds to ensure the agency’s network information security State and network information security for important national information systems.

Practical points to review

For the topic “Internet service providers (ISPs) must update them. When do you update information about the incident response focal point when there are changes?”, readers should compare the legal rule with the actual documents, parties involved, timeline and evidence before choosing a course of action.

  • Identify the legal relationship, signing authority and documents creating rights or obligations.
  • Check deadlines, notices, payment records, approvals and evidence that may affect the legal position.
  • Assess whether negotiation, document correction, complaint, arbitration, court proceedings or another route is suitable.

Documents to prepare

  • Contracts, annexes, decisions, notices, emails, messages, payment records and handover/acceptance minutes where relevant.
  • Enterprise, asset, license or identity documents connected to the matter.
  • A short timeline of key events and the outcome expected from the review.

When to seek legal advice

If the matter has high value, strict deadlines, multiple parties, unclear evidence or potential dispute risk, consider discussing the file with ANT Legal before signing, responding or filing a claim.

Related service: ANT Legal services. You may also contact ANT Legal through the official website.

This content is for general reference only and does not replace legal advice for a specific file. A service relationship is formed only after scope and fees are agreed.

Discuss this matter with ANT Legal M&A, Equity Transfer and Project Transfer