Decree No. 64/2007/ND-CP of April 10, 2007, on information technology application in state agencies’ operations

THE GOVERNMENT
——-

SOCIALIST REPUBLIC OF VIET NAM
Independence – Freedom – Happiness
———-

No. 64/2007/ND-CP

Hanoi, April 10, 2007

DECREE

ON INFORMATION TECHNOLOGY APPLICATION IN STATE AGENCIES’ OPERATIONS

THE GOVERNMENT

Pursuant to the December 25, 2001 Law on Organization of the Government;
Pursuant to the June 29, 2006 Law on Information Technology;
Pursuant to the November 29, 2005 Law on E- Transactions;
At the proposal of the Minister of Post and Telematics,

DECREES:

Chapter I

GENERAL PROVISIONS

Article 1- Governing scope

This Decree provides for information technology application in state agencies’ operations.

Article 2 – Subjects of application

This Decree applies to state agencies, including ministries, ministerial-level agencies, government- attached agencies, People’s Committees at various levels, and non-business units funded with the state budget.

Article 3.- Interpretation of terms

In this Decree, the terms bellow are construed as follows:

1. Information technology application in state agencies’ operations means the use of information technology in operations of state agencies with a view to raising the quality and efficiency of internal operations of state agencies, coordination among state agencies and transactions between state agencies and organizations as well as individuals, stepping up administrative reforms and ensuring publicity and transparency.

2. Information safety covers managerial, professional and technical operations related to information systems aiming to protect and restore information systems, services and contents from incidental risks or risks caused by humans. The protection of information, property and humans in information systems aims to ensure that these systems properly perform their functions and serve proper subjects in a ready, accurate and reliable manner. Information safety implies information protection and confidentiality, data safety, computer safety and network safety.

3. Metadata means information describing the properties ofdata such as contents, formats, quality, conditions and other properties in order to facilitate the process of searching, accessing, managing and storing data.

4. Common-use solutions and products (hardware, software, digital information) means solutions and products created for application in different state agencies. Solutions and products are considered common-use ones under decisions of competent state agencies.

5. Personal information means information which is adequate to accurately identify the identity of an individual, covering at least one of the following information: full name, date ofbirth, profession, title, contact address, e-mail address, telephone number, ID number and passport number. Personal secrets include medical records, tax payment dossiers, social insurance card’s numbers, credit cards’ numbers and other personal secrets.

6. Public administrative services means services related to law enforcement activities provided not for profit purposes by state agencies (or authorized organizations or enterprises) to organizations and individuals in the form of legally valid papers in the domains under their respective management.

7. Technical infrastructure means a set of computer equipment (servers and terminals), peripheral devices, network-connecting devices, auxiliary devices, local-area networks and wide-area networks.

8. E-documents means documents in the form of data massage.

9. EPC bidding package means a bidding package covering all jobs of designing, supply of equipment and supplies, and construction and installation.

Article 4.- Information publicity and transparency in the network environment

1. State agencies shall publicly, transparently, promptly, fully and accurately supply in the network environment information defined in Clause 2, Article 28, ofthe Law on Information Technology, laws on corruption prevention and combat, thrift practice and waste combat as well as other provisions of law on information publicity and transparency.

2. The supply, exchange and share of information classified as state secrets, business secrets and personal secrets must comply with the relevant provisions of law.

Article 5.- Protection of personal information held by state agencies in the network environment

1. State agencies that collect, process and use personal information in the network environment shall comply with the provisions of Article 21 of the Law on Information Technology.

2. Measures for protecting personal information include notifying the use purposes of personal information; supervising the processing ofpersonal information; promulgating procedures for inspection, correction or cancellation of personal information; and other technical measures.

3. State agencies holding information classified as personal secrets shall protect such information and may only supply such information to or share such information with a competent third party in some specific cases specified by law.

Article 6.- Information digitization and data storage

1. Information created by ministries, ministerial- level agencies, government-attached agencies and People’s Committees ofprovinces and centrally run cities (hereinafter collectively referred to as provincial-level People’s Committees) must be in the digital form and stored in accordance with prescribed standards and technical regulations so as to assure safe and convenient information management, access or search.

2. Digital information must be periodically reproduced and stored according to regulations promulgated by competent state agencies defined in Article 49 of this Decree.

3. State agencies shall work out plans on the diitalization of information sources not vet in the digital form in the priority order of time and importance.

4. Ministries, ministerial-level agencies, government-attached agencies and provincial-level People’s Committees shall provide for the information digitalization and data storage responsibilities of their dependent units and organizations, depending on the practical situation of their respective branches and localities.

Article 7.- Share of digital information

1. State agencies shall promulgate regulations on the share of digital information in order to ensure synchrony and smoothness in the common use of information on work management, administration and coordination and other information among state agencies.

2. Regulations on the share of digital information among state agencies must abide by the following main principles:

a/ Satisfaction of the information safety requirements specified in Article 41 of this Decree;

b/ Consistency with regulations on building, management, exploitation, protection and maintenance ofnational databases and databases of ministries, ministerial-level agencies, government- attached agencies and provincial-level People’s Committees;

c/Non-collection ofdigital information supplied or shared by other state agencies, ifsuch information is accurate and reliable, unless otherwise provided for by law;

d/ Protection of personal secrets and Intellectual Property rights.

Article 8.- Enhancing the use of e-documents

1. Heads of state agencies at various levels shall direct the application of information technology to the handling of work and enhance the use of e- documents to incrementally replace paper documents in the management, administration and exchange of information.

2. Administrative forms necessary for the settlement of affairs of citizens and organizations shall be step by step standardized under the provisions ofArticle 19 ofthis Decree and published on websites of state agencies.

3. Unless otherwise provided for by law, local- area networks of state agencies must be connected to the Government’s information infrastructure to facilitate the sending, exchange and processing of administrative documents among themselves and with other agencies or organizations via the network environment.

4. State agencies shall elaborate and promulgate regulations on the use of local-area networks,

ensuring the efficient exploitation of e-transactions in the handling ofwork by cadres, civil servants and employees as well as information safety in accordance with Article 41 of this Decree; and train cadres, civil servants and employees in knowledge and skills ofapplying information technology to their work.

5. Databases of state agencies shall be fully updated or have links to legal documents and instructive documents ofsuperior authorities so that cadres, civil servants and employees can refer to information in the network environment in order to reduce the duplication ofpaper documents received from superior agencies for subsequent sending to subordinate agencies and organizations.

Article 9.- Assurance of efficiency and thrift

1. Information technology application must be associated with the raising of operation efficiency of state agencies and comply with the laws on investment and thrift practice and waste combat in investment projects on information technology application.

2. Information technology application projects shall be carried out in a coordinated manner in terms of investment contents, execution scope and time in order to avoid investment overlap. To encourage investment in common-use solutions and products.

3. Investors shall report on their information technology application projects to state management agencies in charge of information technology. The reported information shall be stored in national databases or databases of ministries, ministerial-level agencies, government-attached agencies or provincial-level People’s Committees, depending on the nature and scope of the projects. The reported information includes contents and results of information technology application projects which are underway or have been completed; common- use solutions and products; technologies and experience drawn from the project execution.

Chapter II

CONTENTS OF AND CONDITIONS FOR ASSURING INFORMATION TECHNOLOGY APPLICATION IN STATE AGENCIES’OPERATIONS

SECTION I. BUILDING OF INFORMATION INFRASTRUCTURE

Article 10.- Building ofinformation inlrastructure in service of state agencies

1. The Ministry of Post and Telematics shall assume the prime responsibility for, and coordinate with concerned agencies in, building special-use networks; and sum up estimated fundsfromthe state budget and other sources for investment in the building, exploitation, maintenance and upgrading of information infrastructure in service of state agencies.

2. Ministries, ministerial-level agencies, government-attached agencies and provincial-level People’s Committees shall organize the building, exploitation, maintenance and upgrading of information infrastructure within their respective branches or localities.

3. State agencies shall invest in the building, exploitation, maintenance and upgrading of their information infrastructure in accordance with prescribed standards and technical regulations.

Article 11.- Building of national databases

1. A national database means a collection of information in one or several socio-economic domains,-which is built, updated and maintained to meet the demand of economic sectors for information access and use and serve public interests.

2. The Ministry of Post and Telematics shall assume the prime responsibility for, and coordinate with concerned agencies in, elaborating and submitting a list of national databases to the Prime Minister for promulgation and defining the responsibilities ofstate agencies for building national databases under the provisions of Clause 3 of this Article.

3. State agencies assigned to assume the prime responsibility for building and maintaining national databases shall promulgate regulations on the building, management, exploitation, protection and maintenance of national databases.

Article 12.- Building of databases of ministries, ministerial-level agencies, government-attached agencies and provincial-level People’s Committees

1. A database of a ministry, ministerial-level agency, government-attached agency or provincial- level People’s Committee means a collection of information, which is built, updated and maintained to satisfy the demand of such agency or People’s Committee for information access and use and serve public interests

2. Funds for building and maintenance of databases of ministries, ministerial-level agencies, government-attached agencies and provincial-level People’s Committees shall be incorporated in state budget expenditure estimates of these branches or localities.

3. Ministries, ministerial-level agencies, government-attached agencies and provincial-level People’s Committees shall provide for lists of databases; build, update and maintain their databases; and promulgate regulations on database building, management, exploitation, protection and maintenance.

Article 13.- Principles ofbuilding, management, exploitation, protection and maintenance of databases

1. To comply with prescribed standards and technical regulations in order to ensure compatibility, smoothness and safety in the process of sharing and exchanging information among state agencies.

2. To make plans with clearly defined use purposes before creating or collecting new data. The process of creating or collecting data must meet the following requirements:

a/To ensure the relevance, accuracy, promptness and efficiency of created or collected data;

b/To minimize the re-collection of datafromthe same source;

c/ To make full use of existing data sources;

d/ To give priority to data that can be used for a long term;

e/ To give priority to data which can be used for different purposes.

3. To clearly specify conditions for data access and update and ensure convenient data management, access, update and search.

4. To apply appropriate levels of protection in accordance with information classification.

5. To clearly specify conditions for data maintenance, including modification and cancellation of data. To regularly assess conditions for data safety assurance.

6. Databases of ministries, ministerial-level agencies, government-attached agencies and provincial-level People’s Committees shall be built and organized in conformity with national databases.

Article 14.- Assurance of information access and use of public administrative services

1. Provincial-level People’s Committees shall adopt policies to encourage organizations and individuals to expand public Internet access points and, at the same time, guide methods of accessing information and using public administrative services in the network environment in accordance with law.

2. Information infrastructure of state agencies should respond to e-transactions conducted via common Internet access devices, unless otherwise provided for by law.

3. State agencies shall create favorable conditions for organizations and individuals to easily access information and use public administrative services in the network environment.

4. The application of technical solutions to support people with disabilities to easily access information and use public administrative services in the Internet is encouraged.

Article 15.- Assurance of technological compatibility in information systems of state agencies

The Ministry ofPost and Telematics shall assume the prime responsibility for formulating a standard design for the national information system, including the following principal activities:

1. Providing for the uniform application of popular international standards and open standards to network connection and data and information exchange and storage in information networks of state agencies.

2. Promulgating technical regulations on information technology application in state agencies; operations, including:

a/ Database, metadata;

b/ Formats of digital forms, texts, images and sounds;

c/ Websites of state agencies based oh Internet technology;

d/ Digital information in Vietnamese (fonts, administrative terminology and specialized terminologies).

3. Assuming the prime responsibility for, and coordinating with the Government Cipher Committee, the Ministry of Public Security and concerned agencies in, elaborating and promulgating technical regulations on assurance of safety and confidentiality of digital information and digital information systems in operations ofstate agencies.

4. Agencies authorized to provide public administrative services shall apply standards and technical regulations specified in Clauses 1,2 and 3 ofthis Article to interfaces between their information systems and information systems of state agencies.

Article 16.- Announcement of suspension of the supply of information and provision of services in the network environment

1. Except in force majeure circumstances, state agencies shall make a public announcement at least 07 working days before their suspension of the supply of information or the provision of services in the network environment for overcoming incidents or upgrading or extending the information infrastructure:

a/ Except inforce majeure circumstances, making

a public announcement in appropriate forms and take measures for remedying incidents right after the supply of information or provision of services in the network environment by state agencies is seriously affected or suspended due to errors occurring during the operation of the information systems;

b/ The announcement must clearly state the expected time ofresuming the supply of information or provision ofservices in the network environment.

2. State agencies shall prepare and implement plans on the use of back-up information infrastructure in order to continue supplying the most essential information or providing the most essential services at an appopriate level during the period of suspension ofthe supply ofinformation or provision of services in the network environment.

Article 17.- Connection of information infrastructure of state agencies to the Internet

1. State agencies shall connect their technical infrastructure to the Internet in order to supply information and provide public administrative services according to their functions and tasks.

2. Internet connection must ensure information safety according to Article 41 of this Decree and other provisions of law

SECTION 2. SUPPLY OF INFORMATION CONTENTS

Article 18.- Responsibilities for information supply and receipt in the network environment

1 State agencies shall supply in the network environment information specified in Article 4 of this Decree to meet lawful interests of citizens.

2. The supply of information shall abide by the principle of creating conditions for citizens to have quick and easy access to information and avoiding the repeated supply of the same information.

3. State agencies shall facilitate the following activities in the network environment:

a/ Receiving organizations’ and individuals’ comments, complaints, denunciations and requests for the supply of information;

b/ Storing, processing, updating and supplying information; giving replies to requests;

c/ Forwarding requests for the supply of information to relevant agencies, if these requests fall beyond their functions, tasks or powers.

4. State agencies, heads of state agencies, organizations and individuals exercise other rights and perform other obligations in accordance with the law on information supply.

Article 19.- Formulation of uniform e-forms

1. E-forms used in transactions between state agencies and organizations or individuals must comply with the provisions of law and meet the following requirements:

a/ They contain simple, comprehensive and non- overlapping information which is relevant to related work processes;

b/ Their formats conform with prescribed standards and technical regulations so as to ensure convenient download, display and print-out with popular electronic devices;

c/ The re-entry of existing information in the database is minimized.

2. The list of e-forms must be scientifically arranged, reasonably grouped and promptly updated so that organizations and individuals can easily and quickly find necessary forms in the websites ofthese agencies.

3. Each ministry, ministerial-level agency or government-attached agency may design e-forms suitable to their own needs on the basis of general principles defined in Clauses 1 and 2 ofthis Article.

A rticle 20.- Websites of state agencies

1. Ministries, ministerial-level agencies, government-attached agencies and provincial-level People’s Committees shall build, maintain, upgrade and update their websites.

2. Websites of state agencies must comply with Article 28 of the Law on Information Technology and meet the following requirements:

a/ Applying prescribed standards and technical regulations;

b/ Displaying information in a promptly manner;

c/ Having search tools which are easily used and able to provide proper results;

d/ Specifying the time limit for online existence of each type of information.

Article 21.- Lists ofpublic administrative services

Ministries, ministerial-level agencies, government- attached agencies and provincial-level People’s Committees shall:

1. Publicize a list of public administrative services and a roadmap for the provision of these services in the network environment.

2. Guide organizations and individuals to enter into transactions with state agencies while providing public administrative services in the network environment.

3. Carry out publicity and communication activities so as to attract people to enter into transactions with state agencies in the network environment.

SECTION 3. DEVELOPMENT AND USE OF INFORMATION TECHNOLOGY HUMAN RESOURCES

Article 22.- Policies on development of information technology human resources in state agencies

1. The State adopts policies to develop the scale and raise the quality of training of information technology human resources in state agencies.

2. The Ministry of Post and Telematics shall coordinate with concerned agencies in elaborating

a planning on development of information technology human resources in state agencies.

3. To create conditions for chief information technology officers and full-time information technology staffs to attend domestic and overseas training courses so as to raise their managerial and professional qualifications.

4. To create conditions for the training of cadres, civil servants and employees in the skills ofapplying information technology to their work.

Article 23.- Incentives for information technology human resources in state agencies

1. Full-time information technology staffs in state agencies are entitled to incentives in terms of their working conditions, including:

a/ incentives in using information infrastructure and equipment and facilities;

b/ Incentives in training to raise their information technology qualifications;

c/ Other incentives in accordance with law.

2. Cadres, civil servants and employees may get free access to the Internet at state agencies in which they are working.

3. State agencies are encouraged to promulgate regulations on income incentives for information technology human resources in their respective agencies; provide for criteria, responsibilities and interests of, and requirements on performance evaluation of cadres, civil servants and employees regarding application of information technology to their work.

Article 24.- Payroll of full-time information technology staffs

State agencies shall arrange sufficient full-time information technology staffs in their respective agencies according to their information technology application plans.

SECTION 4. INVESTMENT IN INFORMATION TECHNOLOGY APPLICATION

Article 25.- Elaboration of information technology application plans

1. Ministries, ministerial-level agencies, government-attached agencies and provincial-level People’s Committees shall elaborate five-year plans on information technology application in their respective agencies’ operations (hereinafter collectively referred to as five-year plans) for submission to the Prime Minister for approval or propose the Prime Minister to authorize competent agencies to approve these plans.

2. The Ministry ofPost and Telematics shall guide the elaboration and appraisal ofthe contents of five- year plans specified in Clause 3 ofthis Article before they are submitted to the Prime Minister for approval.

3. Five-year plans ofministries, ministerial-level agencies, government-attached agencies and provincial-level People’s Committees contain the following contents:

a/ General objectives and specific objectives;

b/ Present situation, contents, solutions and implementation roadmap;

c/ Investment contents as specified in Clause 2, Article 27 of this Decree;

d/ Projected funds;

e/ Conditions to ensure the plan implementation;

f/ Expected benefits.

4. The Ministry of Post and Telematics shall coordinate with the Ministry of Planning and Investment and the Ministry of Finance in guiding conditions and procedures for adjustment of objectives and contents of five-year plans during their implementation process. Adjustments to five- year plans of ministries, ministerial-level agencies, government-attached agencies and provincial-level People’s Committees are subject to approval of the Prime Minister.

5. Ministries, ministerial-level agencies, government-attached agencies and provincial-level People’s Committees shall, basing themselves on five-year plans approved by the Prime Minister, elaborate, and organize the implementation of, annual plans. The Ministry of Post and Telematics shall coordinate with the Ministry of Planning and Investment in guiding and synthesizing annual plans.

Article 26.- Priority allocation of budget capital for information technology application in state agencies’operations

1. Investment in information technology application in state agencies’ operations is development investment.

2. The Ministry of Planning and Investment and the Ministry ofFinance shall prioritize the allocation of budget capital for information technology application in state agencies’ operations.

3. Annually, competent state agencies shall allocate sufficient funds for information technology application as scheduled in approved plans.

Article 27.- Investment in information technology application in state agencies’operations

1. Funds for investment in information technology application in state agencies’ operations are allocated from the state budget (funds for development investment and regular expenditures) and other lawful sources.

2. Investment contents must comply with Clause 1, Article 63 of the Law on Information Technology, covering:

a/ Building, maintaining and upgrading technical infrastructure;

b/ Building, procuring, maintaining and upgrading software;

c/ Building, updating, maintaining and duplicating databases and management information systems;

d/ Integrating systems;

e/ Building, maintaining and upgrading technical and operational systems to assure information safety;

fl Building and maintaining websites;

g/ Providing and maintaining public administrative services in the network environment;

h/ Elaborating and supplementing regulations and rules on management, exploitation and maintenance of information systems;

i/ Training and re-training of cadres, public servants and employees in the skills of applying information technology to their work; and full-time information technology staffs;

j/ Other investments in information technology application in state agencies’ operations.

3. The Ministry ofFinance shall assume the prime responsibility for, and coordinate with the Ministry of Post and Telematics and concerned agencies in, setting limits of non-business expenditures for information technology application in state agencies.

Article 28.- Investment priority criteria for information technology application projects

Projects on information technology application in state agencies may enjoy investment priority if they satisfy at least one of the following criteria:

1. Making information technology universal, supplying information on or providing public administrative services.

2. Using a common information infrastructure for many state agencies.

3. Supporting administrative reform programs.

Article 29.- Regulations on investment in software projects

1. If the total investment level of an applied software project cannot be determined according to current regulations, it may be determined by the methods of sizing software and estimating costs of software according to international practice and databases specified in Clause 3, Article 9 of this Decree.

2. To encourage the execution ofapplied software projects in the form of EPC bidding package.

3. The Ministry of Post and Telematics shall assume the prime responsibility for, and coordinate with the Ministry of Planning and Investment and concerned ministries and branches in elaborating and submitting to the Prime Minister for promulgation a Regulation on management of investment in applied software projects funded with state budget capital; and promulgating techno-economic norms in software project consultancy and design.

Article 30 Encouragement of investment in infomation technology application

The State encourages investment from non-state budget sources in information technology application in state agencies’ operations and local administrations in rural, deep-lying, remote and mountainous areas, islands and difficulty-hit regions.

Article 31.- Intellectual Property rights to solutions, software and databases

Intellectual Property rights and development rights to solutions, software and databases in projects on information technology application in state agencies’ operations must comply with the law on intellectual property and be specified in contracts.

Article 32.- Assessment ofinformation technology application levels

1. Information technology-applying state agencies shall periodically assess the level of information technology application in their own operations.

2. The Ministry of Post and Telematics shall guide state agencies to assess their information technology application levels.

Chapter III

ACTIVITIES OF STATE AGENCIES IN THE NETWORK ENVIRONMENT

SECTION 1. WORK PROCESSES

Article 33.- Standardization of work processes in state agencies

1. State agencies shall improve and standardize their work processes in conformity with administrative reform programs and, at the same time, bring into the fullest play the information technology application capacity in the following work processes:

a/ Internal operations and transactions with other state agencies;

b/Transactions with organizations or individuals, especially the provision of public administrative services.

2. State agencies shall apply quality management systems to their operations in accordance with prescribed standards.

Article 34.- Requirements for synchrony in work processes among state agencies

1. Common work processes shall be standardized and applied in relevant state agencies according to an appropriate roadmap.

2. State agencies shall apply information technology in order to raise the connectivity of work processes and improve work processes involving different state agencies in order to minimize the processing time.

SECTION 2. MANAGEMENT OF E-DOCUMENTS

Article 35.- Legal validity of e-documents

1. E-documents compliant with the law on e- transactions have legal validity like paper documents used in transactions among state agencies.

2. E-documents sent to state agencies do not need e-signatures, ifthey contain information on senders and ensure the truthfulness of their origin and the integrity of the documents.

Article 36.- Time of sending and receiving e- documents

1. The time of sending an e-document to a state agency is the time when that e-document enters an information system out of the control of the originator.

2. State agencies assigned by the Government shall build information systems capable of determining the time of sending and receiving e- documents. The time of receipt of an e-document is the time it enters a designated information system.

Article 37.- Notification of the receipt of e- documents

State agencies shall immediately and electronically notify senders of the receipt of e- documents right after certifying the validity of these documents.

Article 38.- Acceptance of e-documents and compilation of recorded files

1. E-documents sent to state agencies shall be duplicated and recorded in electronic storage systems.

2. The duplication or other receiving methods must ensure determination of the sending time and inspection of the integrity of e-documents.

3. E-documents ofstate agencies shall be put into recorded files so as to assure their accuracy, safety and accessibility.

Article 39.- Processing of e-documents

When necessary, state agencies may apply technical measures to e-documents so as to make these documents easy to read, store and classify, while keeping unchanged their contents.

Article 40.- Use of e-signsnires

1. State agencies shall use e-signatures to certify the ultimate e-documents.

2. E-signatures of state agencies must satisfy requirements prescribed by the law on e-transactions.

SECTION 3. ASSURANCE OF INFORMATION SAFETY IN THE NETWORK ENVIRONMENT

Article 41.- Principles on information safety assurance

1. Assuring information safety is a compulsory requirement in the process of designing, building, operating, upgrading or destroying technical infrastructure of state agencies.

2. Digital information classified as state secrets of state agencies shall be sorted, stored and protected in accordance with the law on protection of state Secrets

3. State agencies shall elaborate internal rules on information safety assurance; appoint staffs to take charge of information safety management; apply, guide, and regularly inspect the application of, measures to ensure that information systems in the network comply with standards and technical regulations on information safety.

4. Application of processes to assure data safety, including:

a/Back-up storage;

b/ Using codes to ensure data safety and confidentiality in storage and transactions in accordance with state regulations on coding;

c/ Strictly managing the displacement of information technology equipment and devices storing information listed as state secrets;

d/ Supervising the steps of data creation, processing and cancellation;

e/ Other data safety assurance processes.

5. Application of the process of managing technical infrastructure safety, covering:

a/ Protective solutions to prevent and early detect illegal access to computer networks or data-storing devices;

b/Applying certification technologies, the access right management mechanism and the operation- recording mechanism to manage and inspect access to networks;

c/ Strictly controlling the installation of new software on servers and terminals;

d/ Regularly monitoring the infection of harmful software and eliminating them from the systems;

e/ Other processes for assuring technical infrastructure safety.

6. Conditions for fulfillment ofinformation safety tasks

a/ Cadres, civil servants and employees shall grasp legal provisions and internal rules on information safety;

b/ Technicians in charge of information safety shall be recruited, trained and re-trained in professional operations relevant to their assigned tasks and be provided with appropriate working conditions;

c/ State agencies shall prioritize the use of their own technical staffs to assure information safety; when necessary, they may use services provided by capable information safety organizations accredited by the State;

d/ Technical infrastructure shall be periodically inspected, evaluated or tested in terms of information safety in accordance with prescribed standards and technical regulations.

Article 42.- Responsibilities to settle and overcome information safety-related incidents

1. Responsibilities of state agencies when their information infrastructure has information safety- related incidents:

a/ To apply all measure to remedy and minimize damage caused by the incidents, make reports to their direct superior agency;

b/Upon the occurrence ofserious incidents which the units themselves cannot remedy, to immediately report the incidents to competent state management agencies specified in Article 43 of this Decree;

c/ To create favorable conditions for functional agencies to participate in remedying the incidents and comply with their instructions;

d/ To folly, accurately and promptly supply necessary information to their direct superior agency;

e/ To make written reports on the incidents to the direct superior agency and the concerned state management agency.

2. Responsibilities of direct superior agencies:

a/Depending on the seriousness ofthe incidents, to guide or designate competent officials to guide and assist their units in remedying the incidents;

b/ To mobilize necessary means to remedy the incidents.

3. Responsibilities ofstate management agencies:

a/ Depending on the seriousness ofthe incidents, state management agencies” shall guide or mobilize various forces to remedy the incidents;

b/ To coordinate with ministries and ministerial- level agencies in investigating and overcoming incidents;

c/ To realize commitments in incident-related treaties to which Vietnam is a contracting party.

Article 43.- Coordination of activities of urgent rescue, fight against attacks and terrorism on the network

1. The Ministry of Post and Telematics shall perform the function of coordinating activities of computer rescue in Vietnam and act as Vietnam’s focal point for international cooperation in preventing incidents and attacks in the network. Pursuant to international practice and regulations on information safety assurance, state management agencies shall provide for coordination of information safety activities to prevent, combat, respond to and remedy information safety-related incidents in the network environment.

2. The coordinating agency may request information safety units or sections in state agencies, information safety service-providing organizations,

Internet service-providing enterprises and network infrastructure service-providing organizations to participate in the prevention of attacking sources that cause incidents to the network.

3. The coordinating agency shall publish a list of attacking sources on the Internet, risks and origins of network incidents and, on that basis, coordinate urgent rescue forces to prevent and remedy incidents.

4. In case of emergency where serious incidents or network terrorism may occur, functional agencies may organize the prevention of attacking sources before receiving notices thereon and report later to the coordinating agency.

5. Agencies, organizations and individuals are obliged to supply information and create conditions for functional agencies to carry out study and investigation in order to quickly prevent incidents and remedy consequences caused by attacks or terrorism in the network environment.

Chapter IV

ORGANIZATION OF INFORMATION TECHNOLOGY APPLICATION IN STATE AGENCIES’ OPERATIONS

Article 44.- Responsibilities of heads of state agencies

1. To personally direct and take personal responsibility for information technology application in their respective domains, localities, organizations or agencies.

2. To direct the elaboration offive-yearplans and approve annual plans on information technology application in their respective domains, localities, organizations or agencies.

3. To decide on measures for effective implementation of information technology application plans.

4. To.decide on the organizational apparatus, personnel and operation of specialized information technology units in their organizations or agencies.

Article 45.- Systems of specialized information technology units in state agencies

1. Ministries, ministerial-level agencies and government-attached agencies shall designate one subordinate unit to be in charge of information technology in their branches.

2. State management agencies in charge of information technology in provinces and centrally run cities shall act as specialized information technology units in their respective localities.

3. Ministries, ministerial-level agencies, government-attached agencies and provincial-level People’s Committees shall specify the functions, tasks, organizational apparatus and operation of specialized information technology units in their respective branches or localities in accordance with Article 46 of this Decree.

Article 46.- Major functions and tasks of specialized information technology units

1. To propose, elaborate, and organize the implementation of, five-year and annual plans on information technology application.

2. To elaborate regulations and rules on information technology application activities in their respective branches or localities and submit them to heads of agencies for consideration and decision and organize these activities.

3. To collect, store and process information in service of their agencies’ leaders’ direction and administration work.

4. To manage, operate, and guide the use of, information infrastructure in service of direction, administration and professional work in their respective branches and localities; to assure technical and information safety.

5. To build and maintain the operation ofwebsites oftheir respective branches or localities; to organize and ensure technical issues for the provision of public administrative services.

Article 47.- Chiefinformation technology officers

1. Heads of specialized information technology units in state agencies shall hold the post of chief information technology officer and be responsible for organizing and administering information technology application activities.

2. Major tasks and powers of chief information technology officers

a/ To directly advise and assist their agencies’ leaders in formulating strategies, policies and plans on information technology application in their respective branches or localities;

b/To organize and administer the implementation of information technology application plans already approved;

c/ To direct the elaboration of regulations and guidance on technical and professional management in information technology application in conformity with prescribed technical standards and regulations; to propose, and direct the formulation of standards and technical regulations on information technology;

d/ To participate in directing coordination with other state agencies in formulating and organizing the implementation of inter-sectoral information technology application projects.

Article 48.- Responsibilities of the Ministry of Post and Telematics

1. To be answerable to the Government for managing and coordinating with concerned ministries and ministerial-level agencies in organizing information technology application in state agencies’ operations.

2. To submit to the Prime Minister for promulgation a national program on information technology application in state agencies’ operations.

3. To formulate professional criteria of ranks of information technology staffs.

4. To assume the prime responsibility for formulating a standard design for national information systems.

5. To coordinate with concerned agencies in guiding the formulation and effective implementation of information technology application projects in state agencies.

6. Other tasks provided for in this Decree and relevant law.

Article 49.- Responsibilities of the Ministry of Home Affairs

1. To assume the prime responsibility for, and coordinate with the Ministry ofPost and Telematics in, guiding the functions, tasks, powers and payroll of specialized information technology units in state agencies.

2. To formulate and promulgate criteria of the title of chief information technology officer and . guide ministries, ministerial-level agencies, government-attached agencies and provincial-level People’s Committees to uniformly apply these criteria.

3. To elaborate and promulgate regulations on the storage of digital information by state agencies.

Article 50.- Responsibilities of the Government Office

1. To assume the prime responsibility for, and coordinate with the Ministry of Home Affairs and concerned agencies in, providing for e-forms used for transactions among ministries, ministerial-level agencies and government-attached agencies.

2. To assume the prime responsibility for, and coordinate with the Ministry of Home Affairs and concerned agencies in, guiding the improvement, standardization and application of common work processes so as to ensure synchronous work processes among state agencies.

Article 51.- Responsibilities of the Government Cipher Committee

1. To assume the prime responsibility for elaborating, and proposing the promulgation of, legal documents on coding in information safety and confidentiality.

2. To elaborate, and propose the promulgation of, standards and technical regulations on coding in information safety and confidentiality.

3. To test, assess and certify coding products used in activities of state agencies.

4. To put to operation systems to protect coded state secrets.

Article 52.- Responsibilities of the Ministry of Public Security

The Ministry of Public Security shall ensure security in information technology application; investigate and handle crimes in the information technology domain.

Article 53.- Responsibilities of ministries, ministerial-level agencies, government-attached agencies and provincial-level People’s Committees Ministries, ministerial-level agencies, government- attached agencies and provincial-level People’s Committees shall:

1. Elaborate, and organize the implementation of, five-year and annual plans on information technology application in their operations.

2. Perform or request responsible agencies to perform defense and security tasks and other urgent tasks in accordance with law.

3. Evaluate the impact ofinformation technology on the fulfillment of their functions, tasks and powers, including:

a/ Public administrative services;

b/Labor productivity and efficiency;

c/ Renewal of organization and operation.

Article 54.- Coordination among state agencies

To encourage ministries, ministerial-level agencies, government-attached agencies and provincial-level People’s Committees to realize information technology application initiatives, programs and projects involving the coordination of two or more agencies, aiming at:

1. Enhancing compatibility between information infrastructures of state agencies.

2. Facilitating e-transactions among state agencies and between state agencies and organizations or individuals.

Chapter V

IMPLEMENTATION PROVISIONS

Article 55.- Implementation effect

This Decree takes effect 15 days after its publication in “CONG BAO.” Previous regulations contrary to this Decree are annulled.

Article 56.- Implementation guidance

1. The Ministry of Post and Telematics shall, within the ambit of its function and powers, guide the implementation of this Decree.

2. The Ministry of Defense and the Ministry of Public Security shall, pursuant to the Law on Information Technology and this Decree, work out appropriate regulations applicable to the defense and public security domain.

3. Ministers, heads of ministerial-level agencies and government-attached agencies, and presidents of provincial-level People’s Committees shall implement this Decree.

4. Agencies of the Party and the National Assembly, the State President Office, People’s Councils, Procuracies and People’s Courts at various levels, and other socio-political organizations which use the state budget for information technology application shall base themselves on this Decree to work out regulations in their agencies and organizations.

 

 

ON BEHALF OF THE GOVERNMENT
PRIME MINISTER

Nguyen Tan Dung

 

Scroll to top