Thông tư 11/2012/TT-NHNN

CIRCULAR

PROVIDING FOR MANAGEMENT AND USE OF THE STATE BANK OF VIETNAM'S COMPUTER NETWORK

Pursuant to the Law on E-transactions No. 51/2005/QH11 dated November 29, 2005;

Pursuant to the Law on information technology No. 67/2006/QH11 dated June 29, 2006;

Pursuant to the Law on telecommunication No. 41/2009/QH12 dated November 23, 2009;

Pursuant to the Law on the State bank of Vietnam No. 46/2010/QH12 dated June 16, 2010;

Pursuant to the Government’s Decree No. 64/2007/ND-CP dated April 10, 2007, on application of information technology in activities of state agencies; 

Pursuant to the Government’s Decree No. 96/2008/ND-CP dated August 26, 2008, defining the functions, tasks, powers and organizational structure of the state bank of Vietnam;

Pursuant to the Government’s Decree No. 97/2008/ND-CP dated August 28, 2008, on the management, provision and use of internet services and electronic information on the internet;

At the request of Director of the Information Technology Department;

The Governor of the State bank of Vietnam promulgates the Circular provides for the management and use of the State bank of Vietnam’s computer network,

Chapter 1.

GENERAL PROVISIONS

Article 1. Scope of regulation and subjects of application

1. This Circular provides for the management and use of the State bank of Vietnam’s computer network (hereinafter referred to as the state bank’s network).

2. This Circular applies to individuals and units under the State bank of Vietnam (hereinafter referred to as the State bank); outside organizations and third party allowed using the state bank’s network.

Article 2. Interpretation of terms

In this Circular the following terms are construed as follows:

1. Users include individuals and units under the State bank and outside organizations allowed using the state bank’s network.

2. Data center means data center of the State bank, including a main data center at the Information Technology Department and a reserve data center at Son Tay.

3. Regional connection center means location to place Technology information equipment to do intermediate task of connecting between data center and State bank’s branches in provinces and central-affiliated cities. Regional connection center is located in the State bank’s branches in Hanoi, Hai Phong, Da Nang, Hochiminh and Can Tho cities.

4. Local area network of the State bank means a network system connecting terminal devices in scope of a geography area of the State bank.

5. Transmission Infrastructure of local area network means system of internal transmission cables and drives for network connection.

6. Network equipment includes switches, routers, security equipment, software in system and network administrator.

7. Wireless network means system of network connecting terminal devices through radio waves or ultra short waves.

8. Wide area network of the State bank means a network system connecting between data center, regional connection center and local area networks of the State bank.

9. Transmission infrastructure of wide area network means system of special-use lines of the State bank and transmission channels hired from providers of telecommunication services by the State bank.

10. Core network layer means kernel network layer with task of connection among network layers with each other.

11. Distribution network layer plays a role as an interface among network layers having access to the core network layer.

12. The accessing network layer means network layer serving for connection of users with systems.

13. IP address means a sole address which is assigned to devices connected with network used for identification and communication through Internet protocol.

14. IP telephone service means technology of transmitting sound through information network which uses the TCP/IP protocol.  

15. Video conferencing service means technology of transmitting images, sound through information network which uses the TCP/IP protocol. 

16. Identification name means a sole name assigned to terminal devices connected network.

17. Technical officer means person who is trained in information technology and works in units under the State bank

18. Unit managing assets means unit under the State bank which is assigned task of asset management by the Governor.

19. Unit using assets means unit under the State bank which is assigned the right to use assets by the Governor.

20. The third party allowed using the State bank’s network (hereinafter referred to as the third party) includes organizations and individuals with specialized skills that are hired by or cooperated with the State bank in supplying technical goods and services for system of information technology.

21. Organizations outside the State bank (hereinafter referred to as the outside organizations) include:  credit institutions and other organizations other than the third party which are allowed using the state bank’s network.

Article 3. Architecture of the State bank’s network

1. The State bank’s network includes local area network of the State bank and wide area network of the State bank. 

2. The logic architecture of the State bank’s network:

a) The architecture of the State bank’s local area network includes the following main layers:  Core network layer, distribution network layer, access network layer.

b) Architecture of State bank’s wide area network includes network connections between data center and regional connection centers; connections between the regional connection centers and the State bank’s branches in provinces and central-affiliated cities; communication port which connects between the State bank with outside organizations.

3. Physical architecture of the State bank’s network includes: Network equipment, transmission infrastructure of local area network and transmission infrastructure of wide area network.

Article 4. Principles on building, managing and using the state bank’s network

1. The State bank’s network must be designed, built with high availability, assurance of safety, confidentiality and satisfy professional operation demand of the State bank.

2. The State bank’s network is managed in concentrated and unified way at the Information Technology Department and has assignment, decentralization to units managing assets.

3. Users are entitled to use the State bank’s network and internet network to serve for specialized and professional activities.

4. The use and share of information on the State bank’s network must comply with regulations on safety and confidentiality of information of the State bank and law.

5. The users fail to comply with Article 24 of this Circular shall be temporarily stop provision of service.

Article 5. Resources and services of the State bank’s network

1. Network resources include:

a) Transmission infrastructure, network equipment, software of network administrator and configuration of network system;

b) System of IP addresses, system of domains, identification names of equipment.

2. Network services: Service of transmitting data, dialogue service, video conferencing service, service of supervision and network administrator, and other added services.  

Article 6. Regulations on information safety and confidentiality

1. The State bank’s network must be equipped technical system for network management and control, aim to detect, prevent the illegal access and ensure safety for data exchanged on the network environment. 

2. Network connections between outside organizations with the State bank’s network must be controlled by network security systems.

3. Computers which connect, use resources and services of the State bank’s network must be certified by the security system which control accesses into network, be installed software to prevent against computer virus and toxic codes, periodically be updated the versions, security hole patches on a basis of 03 months once minimally.

4. E-data at confidential or higher level must be applied the safety and confidential measures when exchange on network in accordance with separate regulations of the State bank.

Chapter 2.

SPECIFIC PROVISIONS

SECTION 1. LOCAL AREA NETWORK OF THE STATE BANK

Article 7. Regulations on installing newly, upgrading and repairing

1. For installing newly and upgrading the transmission infrastructure of local area network: Units managing assets may make a design dossier of transmission infrastructure and send it to the Information Technology Department for appraisal on the technical side before submitting to competent authorities for approval.

2. When units managing assets have demand for installing newly and upgrading the network equipment, they may implement according to the following process:

a) Sending a written request to the Information Technology Department.

b) Within 10 working days after receiving a written request, the Information Technology Department shall conduct survey on the field, the use demand of unit and make a summary report.

c) Within 20 next working days, the Information Technology Department shall finish estimate and plan to submit them to the Governor of the State bank for the approval.

d) The Information Technology Department implements procedures for equipping after the approval.

3. Repair of local area network is regular repair operation aiming to ensure operation of the local area network and not change technical configuration, design of local area network at unit. Cost for repair shall comply with regulations on cost for regular repair of the State bank.

4. For repair of transmission infrastructure of local area network:

a) Units using assets but not units managing assets, when they have demand for repair, they must notify units managing assets.  

b) Units managing assets shall proactively conduct repair in accordance with regulations on financial management of the State bank and notify the Information Technology Department for the technical cooperation.

5. For repair of network equipment in case of arising error, units managing assets shall notify the Information Technology Department to coordinate in determining conditions of equipment and handle as follows:

a) For error equipment which still remains warrant time or has been signed maintenance contract, the Information Technology Department shall act as focal agency in repair and replacement of equipment.

b) For equipment expired the warrant time, and has no maintenance contract, units managing assets shall conduct repair in accordance with regulations on financial management of the State bank and notify the Information Technology Department for the technical cooperation.

Article 8. Regulations on maintenance and handling of incidents

1. Regulations on maintenance:

a) Local area network must be maintained on a basis of 03 months once minimally to ensure it operates stably and safely.

b) The maintenance must be conducted without interruption or impact to professional activities of the State bank.

c) Maintenance must be record in diary on operational status before and after the maintenance.

d) The Information Technology Department shall formulate a process of network maintenance for units under the State bank and take responsibility for maintaining network equipment.

dd) Units managing assets shall maintain for transmission infrastructure and coordination with the Information Technology Department in maintaining network equipment at units.

2. Regulations on handling of incidents:

a) The Information Technology Department shall formulate process and guide handling of incidents.

b) When arising incidents, technical officers at units must record in diary and handle incidents in accordance with instruction documents of the Information Technology Department. For the arising incident which is not stated in documents or handling of incident is failed, it must be informed to the Information Technology Department so as to coordinate in handling.

Article 9. Regulations on administration and use

1. Activities such as installing newly, upgrading or repairing local area network of the State bank must meet requirements on network architecture of the State bank as prescribed in Article 3 of this Circular.

2. Units managing assets must set up, update and store documents of design and as-built drawings of local area network when install newly, upgrade or repair.

3. Terminal devices such as: workstations, printers, IP telephones are only allowed connecting into the network area for users.

4. The Information Technology Department shall provide for the unified allocation and use of IP address, identification names of equipment and control of equipment which connects into the local area network of the State bank.

SECTION 2. WIDE AREA NETWORK OF THE STATE BANK

Article 10. Installing newly and renovating the wide area network

1. Annually, basing on the demand of using and exploiting data on the network system, the Information Technology Department shall make plan to install newly and renovate the wide area network and submit to the Governor for the approval.

2. After approving the plan, the Information Technology Department shall implement procedures for equipping in accordance with current regulations.

Article 11. Regulations on repairing wide area network

1. Repair of wide area network means regular repairs to ensure the network system to operate continuously, safely and effectively.

2. The Information Technology Department shall be focal unit in repairing equipment of wide area network of the state bank.

Article 12. Regulations on administration and control of activities

The Information Technology Department shall:

1. Conduct concentrated administration and control over wide area network of the state bank;

2. Formulate, update and store documents of design and as-built drawings of wide area network when install newly, upgrade or repair;

3. Record daily activities in diary and make report on overall assessment of network system on a basis of 03 months once.

Article 13. Regulations on maintenance and handling of incidents

1. Regulations on maintenance:

a) Wide area network must be maintained on a basis of 03 months once minimally to ensure it operates stably and safely.

b) The maintenance must be conducted without interruption or impact to professional activities of the State bank.

c) Maintenance must be conducted in accordance with screenplay, record in diary on operational status before and after the maintenance.

d) The Information Technology Department shall formulate plans on maintenance and inform to the using units to coordinate in implementation.

dd) The using units shall coordinate with the Information Technology Department and record the maintenance results.

2. Regulations on handling of incidents:

a) The Information Technology Department shall formulate process and guide handling of incidents.

b) When arising incidents, technical officers must record in diary and handle incidents in accordance with the process and guide of the Information Technology Department.

SECTION 3. REGULATIONS ON CONNECTION BETWEEN THE STATE BANK AND OUTSIDE ORGANIZATIONS 

Article 14. Regulations on connection to the State bank’s network

1. The State bank (Information Technology Department) shall provide for and conduct the unified management on method of connection and IP address range for terminal devices of outside organizations when they connect to network of the State bank.

2. The outside organizations which wish to connect to the State bank’s network must be agreed by the State bank.  Procedures for connecting to the State bank’s network shall comply with Article 16 of this Circular.

3. In case of supplementing equipment, changing lines, the outside organizations must send official dispatch, documents of design, configuration and plan of implementation to the Information Technology Department for appraisal and approval before carrying out.

Article 15. Conditions for connection to the State bank’s network

1. Having full technical equipment for connection to network and ensuring safe and confidential information on lines in accordance with current regulations of the State bank.

2. Having a contingent of technical officers with qualification and ability for administration of the connected terminal devices, network equipment of organizations.

Article 16. Procedures for connecting newly or changing network connection

1. For the head offices of credit institutions, organizations other than credit institutions, when they wish to connect newly or change network connection with the State bank, they must send dossier of register according to the set form No. 01 to the Information Technology Department. Within 10 working days after receiving a full and valid dossier, the Information Technology Department shall inform about result of handling dossier.

2. For branches of credit institutions, People’s Credit Funds, when they wish to connect newly or change network connection to the State bank’s branches in provinces and central-affiliated cities, they may send a register dossier according to the set form No. 01 to the State bank’s branches in provinces and central-affiliated cities in the same localities.

a) Within 03 working days, after receiving full and valid dossier, the State bank’s branches in provinces and central-affiliated cities shall consider the rationality of dossier, demand of connection and in case of acceptance, they shall send dossiers to the Information Technology Department to coordinate in handling.

a) Within 10 working days, after receiving full and valid dossier, the Information Technology Department shall consider and inform about results of handling dossier to the State bank’s branches in provinces and central-affiliated cities.

c) Within 03 working days, after receiving notice about result from the Information Technology Department, the State bank’s branches in provinces and central-affiliated cities shall inform about result of handling dossier to the applicants.

3. For the third party, when it wishes to connect to the State bank’s network, it must send a dossier of register according to the set form No.03 to the Information Technology Department.  Within 10 working days after receiving a full and valid dossier, the Information Technology Department shall inform about result of handling dossier.

4. Dossier of register for network connection may be sent through post office or directly submitted at head office of the State bank as prescribed in Clauses 1, 2 and 3 of this Article. 

5. Within 30 next working days, after receiving notice on acceptance for connection from the State bank, the outside organization may proactively conduct procedures technical treatment to finish the connection to the State bank’s network. 

Article 17. Procedures for canceling the network connection

1. For the head offices of credit institutions, organizations other than credit institutions, when they no longer wish to connect to the State bank’s network, they must send dossier of cancelling network connection according to the set form No. 02 to the Information Technology Department. Within 05 working days after receiving a full and valid dossier, the Information Technology Department shall inform about result of handling dossier.

2. For branches of credit institutions, People’s Credit Funds, when they no longer wish to connect newly or change network connection to the State bank’s branches in provinces and central-affiliated cities, they must send a dossier of cancelling the network connection according to the set form No. 02 to the State bank’s branches in provinces and central-affiliated cities in the same localities.

a) Within 05 working days, after receiving full and valid dossier, the State bank’s branches in provinces and central-affiliated cities shall send dossiers to the Information Technology Department to coordinate in handling.

b) Within 05 working days, after receiving full and valid dossier, the Information Technology Department shall conduct procedures for cancelling the network connection and inform about results of handling dossier to the State bank’s branches in provinces and central-affiliated cities.

c) Within 03 working days, after receiving notice about result from the Information Technology Department, the State bank’s branches in provinces and central-affiliated cities shall inform about result of handling dossier to the applicants.

3. For the third party, when it no longer wishes to connect to the network, it must notify the Information Technology Department for cancelling connection. Within 3 working days, after receiving full and valid dossier, the Information Technology Department shall conduct procedures for cancelling the network connection and inform about results of handling dossier.

4. Dossier of request for cancelling the network connection may be sent through post office or directly submitted at the State bank as prescribed in Clauses 1, 2 and 3 of this Article.

SECTION 4. INTERNET CONNECTION

Article 18. Management of internet connection

1. When computers of the state bank’s local area network connect internet, they must pass through connection ports which are set up and managed by the Information Technology Department.

2. When computers not belonging to the State bank’s local area network connect internet, they must be decided by heads of units using assets and must comply with regulations on safety and confidentiality of information of the State bank and law.

3. In case where units having computers belonging to the State bank’s local area network wish to connect directly internet without passing through the connection ports which are set up and managed by the Information Technology Department, they must have permission of the Governor of State bank, and units must have the protection solutions and must be liable for ensuring the safety of the State bank’s network.  

Article 19. Conditions for internet connection

1. Terminal devices connecting internet must be installed antivirus software, security software.

2. Users connect through the internet ports managed by the Information Technology Department must use accounts for access which are issued by the Information Technology Department.

Article 20. Regulations on supervision and control of internet connection

1. Between the State bank’s network and internet must have a network security system which ensures safety and confidentiality for the State bank’s network.   Strictly prohibiting use of the connecting-internet devices to connect directly to the State bank’s network.

2. The Information Technology Department shall manage, control equipment of the State bank’s network which connect to internet.

3. The Information Technology Department shall manage and allocate accounts for access into internet of users. In necessary cases, to ensure safety for the network system of the State bank, the Information Technology Department is entitled to take the initiative in temporarily stopping or revoking accounts having access into internet.

Article 21. Regulations on connecting to wireless network, movable equipment 

1. The Information Technology Department shall manage activities of network equipment which provides for service of wireless connection and control equipment having access to the State bank’s network through wireless network.

2. When users wish to connect the wireless network of the State bank, they must have application for register according to the set form No.4.

3. When ending duration of register for wireless connection, the system will automatically stop provision of service.

SECTION 5. RESPONSIBILITY IN MANAGEMENT AND USE OF THE STATE BANK’S NETWORK

Article 22. Responsibility of the Information Technology Department

1. To be responsible for technical management of the state bank’s network system.

2. To advise the Governor of State bank about strategy, master plan, plan involving development of the State bank’s network and organize implementation after the approval.

3. To manage the allocation and use of resources of the state bank’s network within its decentralized management scope.

4. To monitor, supervise activities of the State bank’s network system to ensure activities to occur continuously, stably and safely.

5. To warn and guide units of the State bank about holes in confidentiality and risks to activities of the State bank’s network.  

6. To inform to units managing assets within 03 working days before temporarily stopping provision of network service for repair, upgrading or maintenance.

7. To guide, receive and handle dossiers of register for new connection, changing connection and cancelling network connection for head offices of credit institutions (except for People’s Credit Funds), organizations other than credit institutions, the third party.

8. To check the network connections of outside organizations, the third party to the State bank’s network.

Article 23. Responsibility of units managing assets

1. To guide and check the use of local area networks at units

2. To guide, receive and handle dossiers of register for new connection, changing connection and cancelling network connection for People’s Credit Funds, branches of credit institutions in their localities.

3. To check the network connections of outside organizations to the State bank’s network which are conducted through the connection ports at units.

4. To coordinate with the Information Technology Department in managing the network connections of outside organizations in their localities.

5. To assign technical officers to manage network equipment and coordinate in handling of incidents arising at units.

6. To ensure necessary conditions for network equipment at units to operate safely and stably.

Article 24. Responsibility of the users

1. To use resources, exploit information on the State bank’s network and internet within the allowed scope and suffer supervision and control of the Information Technology Department.

2. To abide by regulations of the State bank and law on safety and confidentiality of information, management, operation and use of the State bank’s network.

3. To abide by regulations of the State bank and law on internet connection, use and exploitation.

4. To strictly prohibit use of instruments, software cause damage to operation of the State bank’s network system.

5. In case of arising incidents, to notify technical officers at units managing assets so as to be guided and supported for remedy.

6. To coordinate with technical division in handling and certifying result of handling incidents.

Article 25. Responsibility of the outside organizations and the third party

1. To abide by regulations on connection to the State bank’s network.

2. To ensure safety and confidentiality for terminal devices, network equipment and transmission lines connect to the State bank's network.

3. To select providers of transmission services, bandwidth, pay costs for connection, installment, cost for subscriber and cost for repair and maintenance of transmission lines connected to the State bank. 

Chapter 3.

ORGANIZATION OF IMPLEMENTATION

Article 26. Effect

1. This Circular takes effect on June 11, 2012.

2. This Circular replaces the Decision No. 39/2006/QD-NHNN dated August 08, 2006, of the Governor of the State bank of Vietnam promulgating the Regulation on management and use of the State bank’s internal computer network.

Article 27. Provisions of implementation

1. The Information Technology Department shall guide, supervise and examine implementation of this Circular.

2. The Internal Audit Department shall conduct internal audit involving implementation of this Circular for units under the State bank.  

3. The Banking inspection and supervision agency shall coordinate with the Information Technology Department in examining implementation of this Circular by the outside organizations joining in connection to and exploitation of the State bank’s network.

4. Heads of units under the State bank, the State bank’s branches in provinces and central-affiliated cities, the outside organizations connecting to the State bank’s network, the third party, within their functions and tasks, shall implement this Circular.

ANNEX I

ON THE FORMS USED IN ADMINISTRATIVE PROCEDURES
(Enclosed with the Circular No. 11/2012/TT-NHNN dated April 25, 2012, of the State bank)

Form 1- Request for new connection, change of network connection to the State bank of Vietnam

Form 2- Request for cancelling the network connection to the State bank of Vietnam

Form 3- Request for the network connection to the State bank of Vietnam

Form 4- Request for wireless connection

Form No. 01

REQUEST FOR NEW CONNECTION, CHANGE OF NETWORK CONNECTION TO THE STATE BANK OF VIETNAM

Respectfully to: ⁽¹⁾ ......................................................................................

A. General Information

Unit code ⁽²⁾:                        Unit name:

Address:

Telephone:                          Facsimile:

The focal contact (name of officer, email address, telephone number):

B. Request

We have researched and agreed with regulations on connection to the State bank of Vietnam’s network specified in Circular  ____/2012/TT-NHNN, we hereby suggest to be [connected newly / changed network connection] to the State bank of Vietnam with the following detailed information:

1. Address of connection point (credit institutions):

2. Type: [Head office/branch]

3. Official connection:

a. Method of connection: [Metro net\Leased-line\Mega Wan\ Other]

b. Bandwidth for connection ::_________(Kbps/Mbps)

c. The provider of service: [VNPT\FTP Telecom\ Viettel\Other]

4. Reserve connection:

a. Method of connection: [Metro net\Leased-line\Mega Wan\ Other]

b. Bandwidth for connection ::_________(Kbps/Mbps)

c. The provider of service: [VNPT\FTP Telecom\ Viettel\Other]

5. (Tentative) connection time:

6. Purpose of use: [payment/report/other]

Notes:

- (1): according to Article 16 of the Circular 11/2012/TT-NHNN

- (2): according to the Decision No. 23/2007/QD-NHNN dated June 05, 2007, of the Governor of SBV.

Form No. 02

REQUEST FOR CANCELLING THE NETWORK CONNECTION TO THE STATE BANK OF VIETNAM

Respectfully to: ⁽¹⁾.........................................................

A. General Information

Unit code ⁽²⁾:            Unit name:

Address:

Telephone:             Facsimile:

The focal contact (name of officer, email address, telephone number):

B. Request

We have researched and agreed with regulations on cancelling the connection to the State bank of Vietnam’s network specified in Circular ____/2012/TT-NHNN; we hereby suggest to be cancelled the network connection to the State bank of Vietnam with the following detailed information:

1. Address of connection point (credit institutions):

2. Type: [Head office/branch]

3. Official connection:

a. Method of connection: [Metro net\Leased-line\Mega Wan\ Other]

b. Bandwidth for connection ::_________(Kbps/Mbps)

c. The provider of service: [VNPT\FTP Telecom\ Viettel\Other]

4. Reserve connection:

a. Method of connection: [Metro net\Leased-line\Mega Wan\ Other]

b. Bandwidth for connection ::_________(Kbps/Mbps)

c. The provider of service: [VNPT\FTP Telecom\ Viettel\Other]

5. Reason of cancelling the connection:

6. (Tentative) time of request for cancelling the connection:

Notes:

- (1): according to Article 17 of the Circular 11/2012/TT-NHNN

- (2): according to the Decision No. 23/2007/QD-NHNN dated June 05, 2007, of the Governor of SBV.

Form No. 03

REQUEST FOR THE NETWORK CONNECTION TO THE STATE BANK OF VIETNAM

Respectfully to: The Information Technology Department – SBV

A. General Information

Unit name:

Address:

Telephone:                         Facsimile:

The focal contact (name of officer, email address, telephone number):

B. Request

We request for the network connection to the State bank of Vietnam with the following detailed information:

1. Method of connection: [LAN/Internet]

2. Purpose of connection: (clearly stating the purpose of network connection to the SBV)

3. Connection point: (clearly and fully sating the Technology and Information system/ the destination professional operation system at SBV which need to be connected) 

4. Connection duration:

- From: ____h___ date____/____/____

- To: ____h___ date____/____/____

5. Specific technical requirements:

- List of IP address of server, ports which need to be opened.

- Other technical requirements (if any).

We hereby commit to abide by regulations of the State bank of Vietnam involving safe connection and use the network connection for proper purpose.

Form No. 04

REQUEST FOR WIRELESS CONNECTION

Respectfully to: ...........................................

A. General Information

Full name:

ID card/ Passport number:…………………date of issue: ___/___/____         Place of issue __________

Working unit:

Information for contact:

- Email address:

- Telephone number:

B. Request

I hereby request to be connected and used the wireless service of the State bank of Vietnam with the following detailed information:

1. Purpose of use:

2. Connection duration:

- From: ____h___ date____/____/____

- To: ____h___ date____/____/____

I hereby commit to abide by regulations of the State bank involving the safe network connection and use for proper purpose.