The e-wallet of the e-commerce platform ShopeePay has just been fined VND25 million by the Inspectorate of the Ministry of Information and Communications for failing to evaluate the effectiveness of management and technical measures applied to protect the information system.
The Inspector of the Ministry of Information and Communications said that on August 19, the Department of Information Security - Ministry of Information and Communications inspected ShopeePay Company in order to assess ShopeePay Joint Stock Company's compliance with the law on network information security.
According to the Inspection Conclusion of the Department of Information Security, ShopeePay Joint Stock Company has basically complied with legal regulations on e-commerce security, and implemented a number of contents such as promulgating and updating policies and regulations on ensuring e-commerce security; build and deploy plans to ensure information security; arrange funds for incident response and ensure information security; process personal information of service users according to regulations; deploy monitoring and take measures to prevent and combat malware to protect information systems.
However, the Company has not yet implemented an assessment of the effectiveness of management and technical measures applied to the enterprise's information system as prescribed.
Specifically, the Company has not checked the completeness and suitability of the Information Security Regulations according to the approved information security plan; has not assessed compliance with the regulations and procedures in the Information Security Regulations during the operation, exploitation, termination or cancellation of the information system; the design of the information system, the establishment and configuration of the information system according to the approved information security plan.
For the above violation, the Inspectorate of the Ministry of Information and Communications has administratively fined ShopeePay Joint Stock Company 25 million VND.
To effectively and properly implement network information security assurance, the Ministry of Information and Communications recommends that when investing in equipment and solutions for information systems, organizations and businesses need to pay attention to equipment configuration and apply optimal technical solutions suitable for their information systems.
In addition, it is necessary to strengthen inspection and evaluation of the effectiveness of network information security measures according to approved plans to enhance the effectiveness of ensuring network information security of the system.
Source
Comment (0)