Chương 3 Nghị định 64/2007/NĐ-CP: Hoạt động của cơ quan nhà nước trên môi trường mạng

Chapter III

ACTIVITIES OF STATE AGENCIES IN THE NETWORK ENVIRONMENT

SECTION 1. WORK PROCESSES

Article 33.- Standardization of work processes in state agencies

1. State agencies shall improve and standardize their work processes in conformity with administrative reform programs and, at the same time, bring into the fullest play the information technology application capacity in the following work processes:

a/ Internal operations and transactions with other state agencies;

b/Transactions with organizations or individuals, especially the provision of public administrative services.

2. State agencies shall apply quality management systems to their operations in accordance with prescribed standards.

Article 34.- Requirements for synchrony in work processes among state agencies

1. Common work processes shall be standardized and applied in relevant state agencies according to an appropriate roadmap.

2. State agencies shall apply information technology in order to raise the connectivity of work processes and improve work processes involving different state agencies in order to minimize the processing time.

SECTION 2. MANAGEMENT OF E-DOCUMENTS

Article 35.- Legal validity of e-documents

1. E-documents compliant with the law on e- transactions have legal validity like paper documents used in transactions among state agencies.

2. E-documents sent to state agencies do not need e-signatures, ifthey contain information on senders and ensure the truthfulness of their origin and the integrity of the documents.

Article 36.- Time of sending and receiving e- documents

1. The time of sending an e-document to a state agency is the time when that e-document enters an information system out of the control of the originator.

2. State agencies assigned by the Government shall build information systems capable of determining the time of sending and receiving e- documents. The time of receipt of an e-document is the time it enters a designated information system.

Article 37.- Notification of the receipt of e- documents

State agencies shall immediately and electronically notify senders of the receipt of e- documents right after certifying the validity of these documents.

Article 38.- Acceptance of e-documents and compilation of recorded files

1. E-documents sent to state agencies shall be duplicated and recorded in electronic storage systems.

2. The duplication or other receiving methods must ensure determination of the sending time and inspection of the integrity of e-documents.

3. E-documents ofstate agencies shall be put into recorded files so as to assure their accuracy, safety and accessibility.

Article 39.- Processing of e-documents

When necessary, state agencies may apply technical measures to e-documents so as to make these documents easy to read, store and classify, while keeping unchanged their contents.

Article 40.- Use of e-signsnires

1. State agencies shall use e-signatures to certify the ultimate e-documents.

2. E-signatures of state agencies must satisfy requirements prescribed by the law on e-transactions.

SECTION 3. ASSURANCE OF INFORMATION SAFETY IN THE NETWORK ENVIRONMENT

Article 41.- Principles on information safety assurance

1. Assuring information safety is a compulsory requirement in the process of designing, building, operating, upgrading or destroying technical infrastructure of state agencies.

2. Digital information classified as state secrets of state agencies shall be sorted, stored and protected in accordance with the law on protection of state Secrets

3. State agencies shall elaborate internal rules on information safety assurance; appoint staffs to take charge of information safety management; apply, guide, and regularly inspect the application of, measures to ensure that information systems in the network comply with standards and technical regulations on information safety.

4. Application of processes to assure data safety, including:

a/Back-up storage;

b/ Using codes to ensure data safety and confidentiality in storage and transactions in accordance with state regulations on coding;

c/ Strictly managing the displacement of information technology equipment and devices storing information listed as state secrets;

d/ Supervising the steps of data creation, processing and cancellation;

e/ Other data safety assurance processes.

5. Application of the process of managing technical infrastructure safety, covering:

a/ Protective solutions to prevent and early detect illegal access to computer networks or data-storing devices;

b/Applying certification technologies, the access right management mechanism and the operation- recording mechanism to manage and inspect access to networks;

c/ Strictly controlling the installation of new software on servers and terminals;

d/ Regularly monitoring the infection of harmful software and eliminating them from the systems;

e/ Other processes for assuring technical infrastructure safety.

6. Conditions for fulfillment ofinformation safety tasks

a/ Cadres, civil servants and employees shall grasp legal provisions and internal rules on information safety;

b/ Technicians in charge of information safety shall be recruited, trained and re-trained in professional operations relevant to their assigned tasks and be provided with appropriate working conditions;

c/ State agencies shall prioritize the use of their own technical staffs to assure information safety; when necessary, they may use services provided by capable information safety organizations accredited by the State;

d/ Technical infrastructure shall be periodically inspected, evaluated or tested in terms of information safety in accordance with prescribed standards and technical regulations.

Article 42.- Responsibilities to settle and overcome information safety-related incidents

1. Responsibilities of state agencies when their information infrastructure has information safety- related incidents:

a/ To apply all measure to remedy and minimize damage caused by the incidents, make reports to their direct superior agency;

b/Upon the occurrence ofserious incidents which the units themselves cannot remedy, to immediately report the incidents to competent state management agencies specified in Article 43 of this Decree;

c/ To create favorable conditions for functional agencies to participate in remedying the incidents and comply with their instructions;

d/ To folly, accurately and promptly supply necessary information to their direct superior agency;

e/ To make written reports on the incidents to the direct superior agency and the concerned state management agency.

2. Responsibilities of direct superior agencies:

a/Depending on the seriousness ofthe incidents, to guide or designate competent officials to guide and assist their units in remedying the incidents;

b/ To mobilize necessary means to remedy the incidents.

3. Responsibilities ofstate management agencies:

a/ Depending on the seriousness ofthe incidents, state management agencies" shall guide or mobilize various forces to remedy the incidents;

b/ To coordinate with ministries and ministerial- level agencies in investigating and overcoming incidents;

c/ To realize commitments in incident-related treaties to which Vietnam is a contracting party.

Article 43.- Coordination of activities of urgent rescue, fight against attacks and terrorism on the network

1. The Ministry of Post and Telematics shall perform the function of coordinating activities of computer rescue in Vietnam and act as Vietnam's focal point for international cooperation in preventing incidents and attacks in the network. Pursuant to international practice and regulations on information safety assurance, state management agencies shall provide for coordination of information safety activities to prevent, combat, respond to and remedy information safety-related incidents in the network environment.

2. The coordinating agency may request information safety units or sections in state agencies, information safety service-providing organizations,

Internet service-providing enterprises and network infrastructure service-providing organizations to participate in the prevention of attacking sources that cause incidents to the network.

3. The coordinating agency shall publish a list of attacking sources on the Internet, risks and origins of network incidents and, on that basis, coordinate urgent rescue forces to prevent and remedy incidents.

4. In case of emergency where serious incidents or network terrorism may occur, functional agencies may organize the prevention of attacking sources before receiving notices thereon and report later to the coordinating agency.

5. Agencies, organizations and individuals are obliged to supply information and create conditions for functional agencies to carry out study and investigation in order to quickly prevent incidents and remedy consequences caused by attacks or terrorism in the network environment.