Vietnam State Securities Commission instructs securities firms and fund managers to strengthen cybersecurity for online trading systems

The Vietnam State Securities Commission issued written requests to securities companies, fund management companies and distributors of fund certificates to strengthen information system security supporting online securities trading, with the aim of maintaining safe, stable and uninterrupted market operations. Firms are asked to intensify testing, monitoring and assessment of online trading systems to identify risks and provide early warnings, and to develop and implement incident response and remediation plans for urgent situations. The requested measures also include periodic offline data backups, readiness for rapid system recovery, retaining and reviewing data-access logs to detect illegal access, stronger protection of information and personal data, and timely patching of devices, operating systems and software, including prioritising removal of end-of-life software and using tools such as vulnerability scanners for regular scans. The Commission also reminded firms to comply with Vietnam’s information security-by-level requirements and system owner responsibilities under current rules, including Government Decree 85/2016, Ministry of Information and Communications Circular 12/2022 and national standard TCVN 11930:2017, as well as legal requirements on personal data protection, network information security and cybersecurity.