On the evening of December 1, 2016, at Sheraton Saigon Hotel, 88 Dong Khoi, District 1, HCMC, Saigon – Hanoi Commercial Joint-Stock Bank (SHB) was honorably awarded “Best Information Security Bank 2016” under Vietnam Outstanding Banking Awards 2016, an annual event held by International Data Group (IDG).
Vietnam Oustanding Banking Awards not only looked for and honored oustanding banks but also was a chance for the banks to review their operation over the past year and draw lessons for the coming years. At voting and scoring round, SHB was 1 in 2 winners of Best Information Security Bank 2016 among dozens of candidates, including state-owned banks, commercial joint-stock banks, 100% foreign invested banks and joint-venture banks. This award is an apparent recognition and objective evaluation of a prestigious worldwide organization on SHB’s compliance and concentration on safe information technology application, especially in the current context of intentional network attacks to organizations in general and financial institutions in particular.
Ms. Đặng Tố Loan – SHB Deputy General Director (on the left)
receives Best Information Security Bank 2016 award
SHB Security Center was established in 2013 given the bank’s early awareness of the importance of safe IT application. The Center acts as a specialized unit which ensures information technology safety and security for the Bank. The Center has developed a variety of security measures as well as applied international security standards to enforce the internal IT security system. At the same time, it periodically reviews system security, regularly updates international information security trends and applies those trends in an effective and timely manner.
In the past year, SHB has not only complied with SBV information safety and security regulations, but also successfully applied 2 important international security standards, i.e. ISO/ IEC27001:2013 and PCI DSS V3.0.
ISO 27001 has been directly applied to build SHB’s Information Safety Management System (ISMS). The ISMS was evaluated and certified full compliance with ISO/ IEC27001:2013 by TUV NORD for the first time in the end of 2015 and the second time (re-evaluation) in July 2016. Accordingly, all operation, management, development and support activities of the IT system are strictly complied with procedures and regularly maintained, periodically evaluated and continuously improved to timely resolve information safety risks.
PCI DSS 3.0 is a strict standard set in International cardholder data protection. Any organizations which accept international card payment are required to meet this standard in the coming time by International card organizations and State Bank of Vietnam. However, PCI DSS compliance has been shown challenging with lots of failures of various Vietnam banks for years. Therefore, SHB has given their best efforts in applying PCI DSS. Consequently, over 16 months of implementation, SHB has reinforced not only the payment card system but also the whole IT system of the Bank while fully meeting 6 requirement groups of PCI DSS, including: Build and maintain a secure network and systems; Protect cardholder data; Maintain a vulnerability management program; Implement strong access control measures; Regularly monitor and test networks; Maintain an information security Policy. Accordingly, SHB was officially certified full compliance of PCI DSS V3.0 in January 2016 by ControlCase, a reputable evaluation organization.
Following the application of international security standards on banking information technology, SHB has invested in IT solutions in a comprehensive, systematic and strategic manner in order to ensure the safety and effectiveness. The applied security technologies include firewall systems (for networks, servers, applications, database, etc.), Intrusion detection and prevention system (IDPS), Previleged identity management system (PIM), Security information and event management system (SIEM), Multi-factor strong authentication system, Anti-money laundering system, and 3-D secure system.
Information technology application and information security to ensure safe and effective investment is critical in a fast-changing globalized economy. During its course of development, SHB has made constant innovation in the direction of modernization. The attention and reinforcement of information technology safety shows SHB’s top priority on customer’s financial safety and benefit.
With a secured, state-of-the-art technology platform and strict operation procedures, SHB has offered useful products and services to customers, especially e-banking ones such as automatic billing, e-topup, bill payment, interbank transfer, etc. which are preferred by a majority of customers for its convenience and time saving.