Overview
Ban Vien Corporation is a Trusted Technology Partner in Software Development & Embedded System development. As a reputable technology corporation, we recognize that it is critical for our sustainable business growth to implement the Information Security Management System (ISMS) that is designed to ensure adequate and appropriate security controls that maintain Confidentiality, Integrity and Availability of information assets. To address it, we have established the ISMS Policy that includes our basic policy on information security and are committed to making company-wide efforts to avoid any information security risks that may impact our business.
1.Â
Purpose
The ISMS is designed to ensure adequate and appropriate security controls customized to the needs of Ban Vien Corporation. This policy specifies the requirements for establishing, implementing, monitoring, reviewing, maintaining, and improving documented ISMS within the context of the overall Business requirements.
2.Â
Scope
The Scope of the ISMS covers all Ban Vien business activities and applies to all assets for the entire Ban Vien, which includes all active Ban Vien offices below:
Headquarters: Ban Vien Tower, 54-56-58 Street no.2, Van Phuc Residences, Hiep Binh Phuoc Ward, Thu Duc City, Ho Chi Minh City, Vietnam.
Tan Thuan Office: Floor 1, KOTITI Building, Road No19C, E-Office Park, Tan Thuan Export Processing Zone, Tan Thuan Dong Ward, District 7, Ho Chi Minh City, Vietnam.
Danang Branch Office: Floor 7, ACB Building, No 218, Bach Dang Street, Phuoc Ninh Ward, Hai Chau District, Danang City, Vietnam.
Danang Branch Office: Floor 3, Thanh Loi Building, No 3, Le Dinh Ly Street, Vinh Trung Ward, Thanh Khe District, Danang City, Vietnam.
Hue Branch Office: Floor 8, HCC Building, No 28, Ly Thuong Kiet Street, Vinh Ninh Ward, Hue City, Vietnam.
3.Â
Information security initiatives
3.1 ISO/IEC 27001:2013 Certification
BAN VIEN is committed to protecting its business from any information security risks. As part of this effort, we acquired ISO/IEC 27001:2013 certification for ISMS in December 2022. Having obtained this certification, we will endeavor to enhance our information security measures further, maintain, or augment our information security management, and earn additional trust from our customers.
3.2 Risk analysis and risk assessment
We detect, manage, and assess the information assets for threats and vulnerabilities. Based on the asset worth, threat, and vulnerabilities, the risk to them will be assessed. The implementation of sufficient controls is required when the risk value is high.
3.3 Enhancement of information security
We will develop and implement an ISMS to ensure adequate and appropriate security controls that uphold the confidentiality, integrity, and availability of information assets to stop information related to customers, vendors, management, etc., from being leaked, destroyed, or used illegally. Additionally, we offer all employees the necessary instruction and training to uphold and enhance the efficacy of the ISMS.
3.4 Business Continuity Management
We shall establish a contingency plan to secure business continuity, assuming a loss of critical premises caused by fire or lockdown due to Corona virus pandemic, network-related issues, or a large-scale infection disease, etc.
3.5 Evaluation and review of information security measures
We shall review the management and effectiveness of the ISMS on a regular basis for further improvement while making efforts to identify any incidents.