Cyber information security product and service business license

Update day: June 11 , 2024

Cyber information security product and service business license

Cyber information security is the protection of information and information systems on the network from unauthorized access, use, disclosure, disruption, modification, or destruction to ensure the integrity, confidentiality, and availability of information. Cyber information security products are hardware and software that protect information and information systems, and cyber information security services are services that protect information and information systems. Enterprises are granted a License to operate in the field of cyber information security products and services when meeting the following conditions:

General conditions:

In accordance with the national strategy and plan for cybersecurity development, there will be separate plans for licensing in place at each point in time;

Enterprises with foreign elements, understood as having foreign investment capital, foreign legal representatives, or technical teams, will have certain limitations, this comes from cybersecurity concerns.

Specific conditions:

Personnel: The enterprise must ensure that it has a management and operation team that meets the professional requirements for information security. There must be a technical officer with primary responsibility who has a university degree in a related field or a certificate in information security, information technology, or electronics and telecommunications, with a number of personnel that meets the scale and requirements of the business plan (There must be a minimum of 02 engineers who have graduated from one of the following fields: electronics – telecommunications, information technology, mathematics, information security).

Infrastructure: The enterprise must have an appropriate business plan that includes the following: Purpose of import; scope and target audience; compliance with relevant standards and technical regulations for each type of product; and details of basic technical features of products and services.

A system of equipment and facilities is appropriate for the scale of the service provided and the business plan.

Technical solutions that are in accordance with the standards and technical regulations applicable to cybersecurity products and services.

Procedures

Process Detailled description
Step 1  

Enterprises applying for a Cyber Information Security Products and Services Business License must submit their application to the Ministry of Information and Communications in one of the following ways:

  • Submit directly to the document reception unit;
  • Submit by post;
  • Submit online on the Ministry of Information and Communications’ electronic portal.
Step 2  

After the data transfer is successful, the data transferor shall notify the Department of Cyber Security and High-Tech Crime Prevention under the Ministry of Public Security in writing about the data transfer and the contact details of the responsible organization or individual.

Step 3  

Within 40 days from the date of receiving a complete application, the Ministry of Information and Communications shall take the lead in coordinating with relevant ministries and sectors to appraise and grant a Business License for information security products and services, except for the following products and services:

  • Civil cryptography services;
  • Electronic signature certification services;
  • Civil cryptography products.

The time for reviewing initial and supplementary documents, explanations, and granting or issuing a notice of non-issuance of a license shall not exceed 15 working days from the date of receiving a valid application.

Reporting regime for enterprises trading in cybersecurity products and services
Enterprises that have been granted a license to trade in cybersecurity products and services are responsible for submitting reports upon request and annual periodic reports (before December 31st) on the business situation of cybersecurity products and services to the Ministry of Information and Communications in accordance with Form No. 05 in the Appendix issued with Decree No. 108/2016/ND-CP.
Cybersecurity products and services are products and services related to national security. Only qualified enterprises are granted licenses, and the Ministry of Information and Communications, and the Department of Information Security plan to grant licenses in each period.

LIST OF DOCUMENTS

The application for a Cyber Information Security Product and Service Business License consists of 5 sets (including 1 original set and 4 sets of valid copies), including:

  • Application for a Cyber Information Security Product and Service Business License, specifying the types of network information security products and services to be traded;
  • A certified copy of the Certificate of Business Registration, Certificate of Investment Registration, or other equivalent documents;
  • An explanatory statement of the technical equipment system to ensure compliance with legal regulations;
  • A business plan including the scope, targets for providing products and services, standards, and quality of products and services;
  • Technical plan in accordance with the applicable standards and technical regulations for cyber information security products and a customer information security plan during the provision of network information security products and services (applicable to service providers);
  • Criminal record of the legal representative and relevant management and executive personnel (applicable to service providers);
  • Copies of diplomas or certificates of expertise in information security of managing, executive, and technical personnel.

*Notes:

  • The original set of documents must have sufficient signatures and seals of the enterprise;
  • Documents prepared by the enterprise, if there are two or more pages of text, must be stamped on the edges of the adjoining pages;
  • Valid copies of the dossier do not require a confirmation or copy authentication stamp but must be stamped on the edges of the adjoining pages by the submitting enterprise

COMMITMENT TO SERVICES

On time

All that we do will be planned specifically in terms of time and content. You can control what we do, and the time to completion, and in all cases, we help you maintain the enterprise’s compliance with the deadlines with competent authorities and employees.

Exactly

We commit to the accuracy of the contents of consultation, established documents, and services we provide to customers. We aim to provide you with a safe and effective legal solution for your business operations.

Security

We establish a confidentiality commitment with you, so information about the enterprise, human resources, finance, etc., and other contents related to enterprises and investors will only be disclosed with your consent or in accordance with the laws of Vietnam.

SERVICE PERFORMANCE PROCESS

Assign

CDLAF assigns designated personnel responsible for ensuring information security, ensuring that only assigned individuals have the right to access information and handle client communication.

Collect information and prepare the service contents

Assigned personnel are responsible for collecting clients information, reviewing regulations and preparing service content.

Control the quality

The Board of Lawyers and Counsels reviews the service content prepared by the assigned personnel before it is sent to clients for their review.

Clients’ approval

Clients review and approve the service content prepared by CDLAF.  When requested, meetings are held to explain the prepared content.

Completion

Personnel responsible for service completion directly implement it at the competent authority (if required). They also monitor the progress, report the results, and hand them over to clients.

After-service support

Guide clients to perform necessary tasks related to the delivered results and provide updates on changes in legal regulations.

REASONS FOR CHOOSING CDLAF’S SERVICES

  • We provide you with effective and comprehensive legal solutions, help you save your money, maintain compliance in the enterprise, and simplify all legal issues when doing business in Vietnam;
  • As a law firm established in Vietnam, we have close relationships and knowledge of working methods, and policies of competent authorities, which facilitates you when operating in Vietnam;
  • CDLAF Lawyers have held many important positions in law firms, banks, financial enterprises, foreign enterprises. Therefore, our lawyers provide students with the legal regulations as well as the actual solutions and opinions of competent authorities, see more about human resources.
  • The system of forms about enterprise, labor, tax, etc. available and constantly updated will be provided as soon as customers request.

Contact Us

Are you confused? If you want to discuss your problem more specifically, let us help you, please fill in the information in the table below and send it to us. A free 45-minute consultation email or meeting will be arranged to help you better understand your problem solving problem.

    FAQ QUESTIONS: Cyber information security product and service business license

    How long is the work permit valid?
    In which cases will the Work Permit be revoked?
    What are the conditions for foreign workers to be allowed to work in Vietnam?
    In which cases are foreign investors considered technical workers?
    In which cases can foreign workers come to Vietnam to work as experts?

    Our partners

    Associations

    error: Content is protected !!