Blog > Marketplace News > ShopeePay fined VND25 million for insufficient information security assessment
ShopeePay fined VND25 million for insufficient information security assessment
Mark 06 Nov 2024 11:57
The Inspection Department of the Ministry of Information and Communications of Vietnam recently issued a decision to fine ShopeePay 25 million VND for failing to evaluate the effectiveness of the management and technical measures of its information systems as required. On August 19, the Information Security Department of the Ministry of Information and Communications conducted an inspection on ShopeePay.
The inspection results showed that ShopeePay had basically complied with the Cyber Information Security Law and implemented a number of measures, including updating information security policies, formulating and implementing security plans, allocating funds for incident response, handling user personal information as required, and taking measures to prevent and combat malware.
However, ShopeePay failed to evaluate the effectiveness of the management and technical measures of its information systems as required. Specifically:
Failed to check the adequacy and appropriateness of information security regulations in accordance with the approved information security assurance plan;
Failed to evaluate compliance with information security assurance regulations and processes during the operation, utilization, termination or cancellation of information systems;
The design and configuration of information systems were not fully carried out in accordance with the approved plan to ensure information security.
Based on these violations, the Inspection Department of the Ministry of Information and Communications imposed a fine of VND 25 million on ShopeePay on October 30, 2024. The Ministry of Information and Communications recommends that enterprises pay attention to equipment configuration when investing in information system equipment and solutions, and apply the best technical solutions that are most suitable for their information systems.
The inspection results showed that ShopeePay had basically complied with the Cyber Information Security Law and implemented a number of measures, including updating information security policies, formulating and implementing security plans, allocating funds for incident response, handling user personal information as required, and taking measures to prevent and combat malware.
However, ShopeePay failed to evaluate the effectiveness of the management and technical measures of its information systems as required. Specifically:
Failed to check the adequacy and appropriateness of information security regulations in accordance with the approved information security assurance plan;
Failed to evaluate compliance with information security assurance regulations and processes during the operation, utilization, termination or cancellation of information systems;
The design and configuration of information systems were not fully carried out in accordance with the approved plan to ensure information security.
Based on these violations, the Inspection Department of the Ministry of Information and Communications imposed a fine of VND 25 million on ShopeePay on October 30, 2024. The Ministry of Information and Communications recommends that enterprises pay attention to equipment configuration when investing in information system equipment and solutions, and apply the best technical solutions that are most suitable for their information systems.
