Decision No. 349/2002/QD-NHNN of April 17th, 2002, on the issuance of the regulation on the setting up, issuance, management and use of secrecy code in the inter-bank electronic payment system. đã được thay thế bởi Circular No. 23/2010/TT-NHNN regulating on the management operation and use và được áp dụng kể từ ngày 01/01/2011.
Nội dung toàn văn Decision No. 349/2002/QD-NHNN of April 17th, 2002, on the issuance of the regulation on the setting up, issuance, management and use of secrecy code in the inter-bank electronic payment system.
THE STATE BANK | Socialist republic of Vietnam |
No.349/2002/QD-NHNN | Hanoi, 17 April 17th, 2002 |
DECISION
ON THE ISSUANCE OF THE REGULATION ON THE SETTING UP, ISSUANCE, MANAGEMENT AND USE OF SECRECY CODE IN THE INTER-BANK ELECTRONIC PAYMENT SYSTEM
THE GOVERNOR OF THE STATE BANK
- Pursuant to the Law on the State Bank of Vietnam No. 01/1997/QH10 dated 12 December, 1997;
- Pursuant to the Ordinance on the protection of the State secrets dated 28 December, 1997;
- Pursuant to the Decree No. 15/CP dated 2 March, 1993 of the Government providing for the assignment, authority and responsibility for the State management of the Ministries and ministerial-level agencies;
- Pursuant to the Decision No. 135/1999/QD-TTg dated 2 June, 1999 of the Prime Minister on the List of the State secrets in the banking area;
- Pursuant to the Decision No. 44/2002/QD-TTg dated 21 March, 2002 of the Prime Minister on the use of electronic vouchers as accounting vouchers for the accounting and payment of funds by payment service suppliers;
- Upon the proposal of the Director of the Banking Information Technology Department,
DECIDES
Article 1. To issue in conjunction with this Decision "the Regulation on the setting up, issuance, management and use of secrecy code in the inter-bank electronic payment system".
Article 2. This Decision shall be effective after 15 days from the date of signing.
Article 3. The Head of the Administration Department, the Director of the Banking Information Technology Department, Heads of units of the State Bank, General Manager of the State Bank branches in provinces and cities under the central Government's management, General Director (Directors) of payment service suppliers shall be responsible for the implementation of this Decision.
| FOR THE GOVERNOR OF THE STATE BANK |
REGULATION
ON THE SETTING UP, ISSUANCE, MANAGEMENT AND USE OF SECRECY CODE IN THE INTER-BANK ELECTRONIC PAYMENT SYSTEM
(issued in conjunction with the Decision No. 349/2002/QD-NHNN of April 17th, 2002 of the Governor of the State Bank of Vietnam)
I. GENERAL PROVISIONS
article 1. Secrecy code in the inter-bank electronic payment system (hereinafter referred to as secrecy code) is an application of information technology in order to ensure the secret and security of electronic database in the transaction and control of inter-bank electronic payment on the computer network.
Secrecy code includes 2 types:
1. Secrecy code for approval competence (referred to as approval secrecy code).
2. Secrecy code for the preparation of payment order and internal control (referred to as internal secrecy code).
Article 2. Secrecy code belongs to the List of the State secrets in the banking area, at the level "Top secret". Any person who supplies and installs computer software program for the setting up, issuance, management and use of secrecy code shall protect the State secrets in accordance with provisions stated in the Decision No. 135/1999/QD-TTg dated 2 June, 1999 of the Prime Minister on the List of the State secrets in the banking area.
Article 3. Secrecy code shall be granted to each individual for the implementation of his assignment under his competence in the preparation, control, approval of electronic vouchers in the inter-bank electronic payment system.
ii. setting up, issuance and management of secrecy code
Article 4. The competence for the issuance and management of secrecy code
1. The Director of the Banking Information Technology Department shall be responsible for the setting up, issuance and management of approval secrecy code.
2. Heads of members and member units shall be responsible for the setting up, issuance and management of internal secrecy code.
Article 5. Subjects to be granted secrecy code
1. In respect of approval secrecy code
a. The Directors, Deputy Directors who are responsible for Accounting, the Head of Payment Accounting Division or persons who are authorized to verify electronic vouchers at the Banking Operation Department, the State Bank branches participating in the inter-bank electronic payment.
b. The General Director (Director) or person who is authorised to verify electronic vouchers in the inter-bank electronic payment system at members and member units which are not in the State Bank system.
2. In respect of internal secrecy code
All individuals who are assigned to draw payment order or carry out the internal control
Article 6. The issuance and management of secrecy code
1. The issuance and management of secrecy code shall be performed in accordance with the informatic program that is installed by the State Bank in a special computer and located at the secrecy code issuing and managing unit. The operation of this informatic program shall be in compliance with provisions in the technical Process on the operation of the inter-bank electronic payment system guided by the Banking Information Technology Department.
2. The Director of the Information Technology Department or any person who is authorised by the Director of the Information Technology Department shall perform the procedure for the issuance of the approval secrecy code to individuals being subjects to be issued the code in accordance with the List requested by members and member units.
3. Heads of members and member units or any person who is authorized by Heads of members and member units shall perform the procedure for the issuance of the internal secrecy code to officers who are assigned to draw payment order and carry out internal control.
Article 7. The setting up of secrecy code shall be in compliance with following provisions:
1. Computers, printers and other technical equipments serving for the setting up of the secrecy code shall be installed in a safe place, strictly managed and specially used to secure good and safe condition of technique;
2. To strictly comply with the process on the setting up of secrecy code as provided for in the technical process on the operation of the inter-bank electronic payment system guided by the Banking Information Technology Department;
3. Secrecy code must be registered in the Book for monitoring secrecy codes, this monitoring book shall be directly kept by the Head of or a person authorized by the Head of the secrecy code issuing unit and preserved in accordance with the regime on secret documents. The monitoring book shall be stated fully with all elements relating to secrecy code such as: unit code, user code, user name, date of issue, expected date of expiry, effective date.
4. During the usage and preservation process, secrecy code shall be saved in floppy disc or CDROM. The management of these information carriers shall be in compliance with provisions stated in Article 9 of this Regulation.
5. The setting up and copy of the secrecy code shall not be in excess of the stipulated quantity of secrecy code.
iii. delivery and receipt, transport, preservation of secrecy code
article 8. The delivery and receipt, transport of secrecy code between the setting up, issuance, change shall be performed in accordance with following provisions:
1. Modes of delivery and receipt, transport of secrecy code:
- Delivery and receipt through the computer network in the secrecy form;
- Direct delivery and receipt;
- Delivery and receipt through secret official dispatch.
2. The delivery and receipt of secrecy code through the computer network in the secrecy form shall be performed in accordance with provisions in the technical Process on the operation of the inter-bank electronic payment system guided by the Banking Information Technology Department.
3. All cases of direct delivery and receipt of secrecy code between the setter, archivist, granted person and other subjects shall be registered in the book, signed between two parties at their office in accordance with provisions.
4. Upon delivery and receipt of secrecy code through the secret letter: The Banking Information Technology Department, members and member units must state in the book "Out-coming secrecy codes" for monitoring and reconciliation and make following procedures:
a. In case of delivery of secrecy code
- The preparation of the secrecy code note: State (pint) clearly number and symbol of secrecy code, name of receiver. The secrecy code note must be sealed stating the degree of secrecy, urgency in accordance with provisions on secret documents.
- The preparation of sending note: State clearly date, hour, name of receiver of the secrecy code note.
- The management of envelopes: The secrecy code note must be delivered in a separate envelope, separate from any conventional documents; envelopes must be made of tough, water resistant, non-transparent paper; envelope is folded through an oblique knot, glue must be sticky, difficult to open. The secrecy code note shall be contained in two envelopes for sending.
Inner envelope: shall contain only the secrecy code note; shall be tightly stuck and sealed up. Name of the receiver on the envelope shall be clearly stated and seal with the words "Top secret" and the words "to be opened only by the person whose name is stated on the envelope".
Outer envelope: shall contain the inner envelope and the sending note. Statements on the envelope shall be made as in case of conventional documents and sealed with the letter "B" in bold; the words "Top secret" is not to be put on the envelop.
The Banking Information Technology Department, members and member units shall be responsible for monitoring, verification and reconciliation with units or individuals that receive the code to avoid any loss and error.
b. In case of receipt of secrecy code note
The incoming secrecy code note shall be recorded in the book "Incoming top secret documents" by the confidential archivist for monitoring and immediately be reported to the Head of unit before transferring to the individual who is granted (given). Upon receipt of the secrecy code note, the receiver shall sign for confirmation on the note and transfer to the archivist for making procedure of the return of the note and send to the Information Technology Department right in the working day.
Article 9. The archive and preservation of secrecy code shall be performed in accordance with following provisions:
1. Secrecy code that has newly been set up, secrecy code that has been granted but not yet been used or is being used shall be recorded in the monitoring book, kept and preserved strictly by related units, individuals in accordance with provisions as for the case of top secret documents.
2. In case where secrecy code is not used or has not been used, it must be kept, preserved carefully in the trunk, cabinet locked solidly and located in the office where the administrative security and technical environmental conditions are ensured (temperature, humidity, etc).
iv. responsibilities of a person who issues the secrecy code
article 10. Responsibilities of the Banking Information Technology Department
Upon the receipt of a request for the suspension, change or a report on unsafe usage of secrecy code, the Director of the Banking Information Technology Department or an authorized person shall, depending on each case, carry out following works:
1. To use measures of informatic technique for:
a. Suspending the use and canceling approval secrecy code.
b. Re-granting a new approval secrecy code (if required)
2. To notify related units and individuals of any change, suspension or new issuance of secrecy code for their knowledge and implementation.
Article 11. Responsibilities of members and member units.
Upon receipt of a request for suspension, change or a report on unsafe usage of secrecy code, the Heads of members and member units or authorized persons shall, depending on each case, immediately carry out following works:
1. In respect of approval secrecy code
a. To use measures of informatic technique for:
- Suspending and revoking secrecy code.
b. To immediately notify the Banking Information Technology Department.
c. To cancel the use right of software of this controller at the unit and notify the Banking Information Technology Department in writing.
2. In respect of internal secrecy code
To use measures of infomatic technique for:
a. Suspending the use and canceling the use right of the inter-bank electronic payment software of the manager using secrecy code.
b. Canceling the old secrecy code, re-granting a new secrecy code.
v. responsibilities of secrecy code user
article 12. Secrecy code shall be used for the preparation, control, and approval of electronic vouchers in the inter-bank electronic payment system in accordance with provisions stated in the Regulation on the inter-bank electronic payment.
Article 13. Only individuals who are granted secrecy code shall be permitted to use the secrecy code in accordance with stipulated competence. To strictly forbid the revelation, copy, assignment or providing the use guidance of secrecy code to other person for using in any case.
Screen of computer, keyboard and equipments for the use of secrecy code shall be located, arranged in a hidden place to prevent others from seeing symbols of code and manipulations in the using process.
Article 14. Secrecy code user must absolutely comply with provisions on the use of secrecy code to ensure the accuracy, security and secrecy.
Article 15. In case of loss, exposition or suspicion of exposition of secrecy code, the person who is granted the secrecy code must immediately report to the Head of unit and secrecy code issuing unit for knowledge to take measures for solution or suspense of the use of old secrecy code and make procedure for re-granting new secrecy code.
vi. Suspense of usage, revocation and change of secrecy code
article 16. Secrecy code shall be suspended, cancelled and changed in following cases:
1. Secrecy code that has been notified to be lost, exposed or in suspicion of exposition;
2. Secrecy code that has errors due to technical elements.
3. Secrecy code that is expired to use (change in accordance with the term)
Article 17. Revocation of secrecy code
Secrecy code shall be revoked and cancelled in case where the person who is granted the secrecy code moves to another work or is forced to stop using the inter-bank electronic payment system.
Article 18. Procedure for the suspense of the use, cancellation, change and revocation of secrecy code; Provisions on the effectiveness and using period of secrecy code shall be performed in accordance with provisions stated in the technical Process on the operation of the inter-bank electronic payment system guided by the Banking Information Technology Department.
vii. Violation and dealing with violation
article 19. Violating behaviors.
1. Causing loss or exposition of secrecy code.
2. Looking for a way to decode, appropriate, purchase, reveal, copy and cancel secrecy code illegally.
3. Using secrecy code contrary to applicable provisions or abusing it to embezzle the State's property.
4. Abusing the protection of secrecy code to conceal violating behaviors of applicable laws.
5. Violating other provisions that are stipulated in this Regulation.
Article 20. Dealing with violations
Any violating behavior of the Regulation on the setting up, issuance, management and use of secrecy code in the inter-bank electronic payment system shall, depending on the nature, seriousness of violation, be subject to the administrative punishment or prosecuted for criminal liability and responsible for material compensation for occurring damages in accordance with provisions of applicable laws.
viii. implementing provisions
article 21. The Director of the Banking Information Technology Department shall be responsible for:
1. Managing the setting up, issuance, change and providing guidance of the use of approval secrecy code in the inter-bank electronic payment system.
2. Providing the guidance and examining the implementation of the Regulation on the setting up, issuance, use and management of secrecy code in the inter-bank electronic payment system.
Article 22. Heads of members and member units participating in the inter-bank electronic payment system shall be responsible for:
1. Managing the setting up, issuance, change and providing guidance on the use of internal secrecy code in the inter-bank electronic payment system.
2. Managing and supervising the use of secrecy code at their unit in accordance with provisions of this Regulation.
Article 23. The amendment, supplement of this Regulation shall be decided upon by the Governor of the State Bank of Vietnam.
