Hãng kiểm toán hàng đầu Việt Nam Hãng kiểm toán hàng đầu Việt Nam

Các công ty thực hiện bất kỳ loại giao dịch thanh toán nào qua thẻ tín dụng, thẻ ghi nợ hoặc thẻ khác, dù trực tuyến, ngoại tuyến hay thông qua bất kỳ kênh nào khác, đều có nguy cơ xảy ra tội phạm mạng, đặc biệt nếu họ không có chứng nhận và tuân thủ PCI DSS. Những kẻ tấn công độc hại luôn nhắm mục tiêu những thông tin bí mật và nhạy cảm cao (CHD/SAD) như vậy để đánh cắp và lừa đảo trực tiếp. Nếu công ty của bạn là một phần của hệ sinh thái Thanh toán với tư cách là Người bán, Nhà xử lý hoặc cung cấp bất kỳ dịch vụ nào cho các công ty này cũng có thể trở thành nạn nhân của các loại tấn công mạng này. Để giảm thiểu những rủi ro này, Hội đồng Tiêu chuẩn Bảo mật (SSC) của Ngành Thẻ Thanh toán (PCI) đã xây dựng nhiều biện pháp kiểm soát đối với một số tiêu chuẩn bảo mật để bảo vệ các công ty và người tiêu dùng. Đọc thêm về Tiêu chuẩn PCI SSC.

Một trong những tiêu chuẩn bảo mật được đánh giá rất cao đó là PCI DSS. Tiêu chuẩn bảo mật dữ liệu ngành thẻ thanh toán (PCI DSS) là tiêu chuẩn toàn cầu được chấp nhận rộng rãi được khuyến nghị bởi các thương hiệu Thẻ lớn như Visa, Mastercard, JCB, American Express, Discovery. Tiêu chuẩn PCI DSS bao gồm bộ chính sách và thủ tục nhằm tối ưu hóa tính bảo mật của các giao dịch thẻ tín dụng, thẻ ghi nợ và tiền mặt cũng như bảo vệ chủ thẻ khỏi việc lạm dụng thông tin cá nhân của họ.

PCI DSS áp dụng cho tất cả các thực thể liên quan đến giao dịch thẻ thanh toán — bao gồm người bán, người xử lý, người thanh toán, người phát hành và nhà cung cấp dịch vụ cũng như tất cả các thực thể khác lưu trữ, xử lý hoặc truyền dữ liệu chủ thẻ (CHD) và/hoặc dữ liệu xác thực nhạy cảm (SAD).

Hầu hết tất cả các thương hiệu thẻ thanh toán đều thực thi Tuân thủ PCI DSS ở mức tối thiểu hàng năm theo các Cấp độ được xác định bởi các chương trình bảo mật khác nhau. Tổ chức cần triển khai 12 yêu cầu cốt lõi trải rộng trên 6 Mục tiêu kiểm soát từ Tiêu chuẩn PCI DSS để đảm bảo Môi trường dữ liệu chủ thẻ của họ được bảo mật. Đọc thêm về Yêu cầu PCI DSS 4.0 Core 12.

Người bán và Nhà cung cấp dịch vụ có thể báo cáo việc tuân thủ PCI DSS của họ bằng cách Điền vào Bảng câu hỏi tự đánh giá (SAQ) hiện hành hoặc Đánh giá tại chỗ bởi Người đánh giá bảo mật đủ tiêu chuẩn theo Cấp độ của họ. Đọc blog của chúng tôi 'Tìm hiểu các cấp độ khác nhau của người bán và nhà cung cấp dịch vụ.

PCI DSS 4.0 là phiên bản mới nhất được Hội đồng PCI giới thiệu vào ngày 31 tháng 3 năm 2022. Tất cả các đơn vị sẽ có thời gian hai năm để chuyển đổi từ 3.2.1 sang 4.0, tức là vào tháng 3 năm 2024 nếu họ đã được chứng nhận PCI DSS 3.2.1.

Những gì chúng tôi cung cấp: Chìa khóa để triển khai các biện pháp kiểm soát bảo mật mạnh mẽ nằm ở việc xác định phạm vi phù hợp, nhận ra sự khác biệt giữa tuân thủ và bảo mật cũng như duy trì sự tuân thủ sau khi triển khai kiểm soát thành công.

- Hiểu biết về doanh nghiệp: Đánh giá quy trình và môi trường kinh doanh để hiểu các yếu tố trong phạm vi.

- Hoàn thiện phạm vi: Hoàn thiện các yếu tố phạm vi và chuẩn bị tài liệu yêu cầu.

- Đánh giá sự sẵn sàng: Xác định những thách thức tiềm ẩn có thể phát sinh trong quá trình thực hiện yêu cầu.

- Đánh giá rủi ro: Xác định và phân tích các rủi ro trong tình hình bảo mật thông tin.

- Đánh giá luồng dữ liệu: Tiến hành phân tích hệ thống kỹ lưỡng để đánh giá luồng dữ liệu và các rò rỉ có thể xảy ra.

- Hỗ trợ tài liệu: Hỗ trợ bạn với danh sách chính sách và thủ tục để giúp bạn xác thực hoặc thu thập bằng chứng.

- Hỗ trợ khắc phục: Hỗ trợ bạn bằng cách đề xuất các giải pháp cho những thách thức về tuân thủ.

- Đào tạo nâng cao nhận thức: Tiến hành các buổi nâng cao nhận thức cho nhóm của bạn và nhân sự tham gia.

- Quét và kiểm tra: Xác định các lỗ hổng nghiêm trọng trong hệ thống của bạn bằng phương pháp thử nghiệm mạnh mẽ.

- Đánh giá bằng chứng: Xem xét các bằng chứng được thu thập để đánh giá mức độ hoàn thiện của chúng, phù hợp với việc tuân thủ.

- Đánh giá lần cuối và chứng nhận: Sau khi đánh giá thành công, chúng tôi sẽ giúp bạn chứng thực sự tuân thủ với nhóm kiểm toán của chúng tôi..

- Hỗ trợ tuân thủ liên tục: Hỗ trợ bạn duy trì sự tuân thủ bằng cách cung cấp các hướng dẫn.

Câu hỏi thường gặp

Danh sách kiểm tra tuân thủ PCI là gì??

Danh sách kiểm tra tuân thủ PCI là công cụ giúp các tổ chức đảm bảo rằng họ đang đáp ứng các yêu cầu của Tiêu chuẩn bảo mật dữ liệu ngành thẻ thanh toán (PCI DSS). Danh sách kiểm tra thường bao gồm danh sách các yêu cầu và phương pháp hay nhất mà doanh nghiệp phải tuân theo để đạt được sự tuân thủ.

Tuân thủ PCI là gì??

Tuân thủ PCI đề cập đến tập hợp các yêu cầu mà doanh nghiệp và tổ chức phải đáp ứng để đảm bảo xử lý an toàn thông tin thẻ tín dụng. Tiêu chuẩn bảo mật dữ liệu ngành thẻ thanh toán (PCI DSS) là một bộ tiêu chuẩn bảo mật được thiết lập bởi các công ty thẻ tín dụng lớn để giúp bảo vệ chống gian lận thẻ tín dụng và vi phạm dữ liệu.

Sự khác biệt giữa CHD và SAD là gì??

Dữ liệu tài khoản được tổ chức thành hai nhóm dữ liệu. 1) Dữ liệu chủ thẻ (CHD) 2) Dữ liệu xác thực nhạy cảm (SAD). CHD bao gồm các thành phần Dữ liệu như Số tài khoản chính (PAN), Tên chủ thẻ, Mã dịch vụ và Ngày hết hạn. CHD rất hữu ích để xác định Chủ thẻ, trong đó SAD Bao gồm các thành phần dữ liệu như Dữ liệu theo dõi, CVV, CVC, CAV, CID, Khối PIN / PIN. SAD được sử dụng để ủy quyền cho chủ thẻ thực hiện các giao dịch.

Nếu tôi đang sử dụng bên thứ ba để xử lý thanh toán hoặc nền tảng thương mại điện tử, tôi có còn cần lo lắng về việc tuân thủ PCI không?

Có, ngay cả khi một số quy trình thanh toán có thể làm giảm nguy cơ vi phạm của bạn hoặc phạm vi tuân thủ PCI, doanh nghiệp không thể bỏ qua quy trình đó.

PCI DSS áp dụng cho ai?

Tiêu chuẩn PCI DSS có thể được áp dụng cho bất kỳ tổ chức nào chấp nhận, truyền tải hoặc lưu trữ bất kỳ dữ liệu nào của chủ thẻ bất kể quy mô hoặc số lượng giao dịch.

Nếu tôi chỉ chấp nhận thẻ tín dụng qua điện thoại, PCI DSS có còn áp dụng cho tôi không?

Có. Mọi quá trình xử lý, lưu trữ hoặc truyền dữ liệu chủ thẻ thanh toán cần phải được thực hiện trong môi trường Tuân thủ PCI.

Kiểm thử bảo mật ứng dụng di động được thực hiện để xác định các lỗ hổng trong ứng dụng di động. Trong những năm gần đây, người ta đã nhận thấy sự gia tăng đột biến trong việc sử dụng công nghệ di động và được coi là đang tăng lên. Với những quy mô thích ứng này, chúng tôi đã chứng kiến sự cố gia tăng về bảo mật di động. Tội phạm mạng đang phát triển các chương trình chính xác và chính xác hơn để tận dụng bề mặt tấn công di động rất khả thi nếu không có triển vọng bảo mật phù hợp.

Do đó, các đánh giá như bảo mật ứng dụng di động giúp các nhà phát triển khắc phục các lỗ hổng trên cả nền tảng Android và iOS, được phát hiện trong quá trình này, đồng thời nâng cao tính bảo mật tổng thể của ứng dụng web. Bảo mật ứng dụng di động được thực hiện theo OWASP Mobile TOP 10, giúp xác định nhiều vấn đề không được giám sát liên quan đến phía máy khách, phía máy chủ, hệ thống tệp, phần cứng và mạng di động, v.v., có thể trở thành lỗ hổng, gây ra tác động tiềm tàng đến tổ chức. Việc đánh giá thường xuyên như vậy sẽ giúp bảo vệ ứng dụng khỏi mọi truy cập trái phép có thể gây ảnh hưởng đến tổ chức cả về danh tiếng và tài nguyên.

Để tìm ra lỗ hổng của ứng dụng web, kiểm tra bảo mật ứng dụng web là một thủ tục thiết yếu. Với sự thích ứng ngày càng tăng của các công nghệ web trên một số lĩnh vực, các ứng dụng web đã trở thành một bề mặt tấn công rất khả thi nếu không có triển vọng bảo mật không được điều chỉnh. Do đó, các đánh giá như bảo mật ứng dụng web giúp các nhà phát triển khắc phục các lỗ hổng được tìm thấy trong quá trình và từ đó nâng cao tính bảo mật tổng thể của ứng dụng web.

Kiểm tra bảo mật ứng dụng web theo danh sách Top 10 của OWASP, giúp xác định nhiều vấn đề không được giám sát liên quan đến lập trình, truy cập tệp và cấu hình, v.v. có thể trở thành lỗ hổng, gây ra tác động tiềm tàng cho tổ chức. Việc đánh giá thường xuyên như vậy sẽ giúp bảo vệ ứng dụng khỏi mọi truy cập trái phép có thể gây ảnh hưởng đến tổ chức cả về danh tiếng và tài nguyên.

Phương pháp luận:

- Thu thập thông tin: Sau khi xác định phạm vi, chúng tôi liệt kê các hệ thống có phạm vi để thu thập thông tin về các lỗ hổng tiềm ẩn.

- Phân tích và khai thác lỗ hổng: Xác định các rủi ro bảo mật có thể dễ bị tổn thương và cố gắng khai thác để có quyền truy cập vào các tài sản tiềm năng bổ sung.

- Đánh giá hậu khai thác: Đánh giá giá trị của điểm xâm nhập vào máy để xác định việc khai thác tiếp theo.

- Báo cáo ban đầu:Chia sẻ mô tả rủi ro chi tiết về mọi lỗ hổng được báo cáo cùng với POC và mức độ nghiêm trọng tùy thuộc vào rủi ro và tác động kinh doanh tiềm ẩn.

- Đánh giá xác nhận: Ứng dụng và dịch vụ Web được kiểm tra lại để xác thực bản sửa lỗi đã áp dụng sau khi khắc phục các quan sát đã xác định.

- Báo cáo cuối cùng: Dựa trên kết quả kiểm tra của đánh giá xác nhận, báo cáo Đạt/Không đạt sẽ được đưa ra.

Câu hỏi thường gặp

Tiêu chuẩn được tuân theo để kiểm tra ứng dụng web là gì?

OWASP Top 10, SANS 25, NIST, PCI và tất cả các khung bảo mật ngành hiện hành là các tiêu chuẩn thông thường được tuân theo cho VAPT của các ứng dụng web.

Thực hành quét tốt nhất là gì?

Thực hành quét tốt nhất bao gồm thực hiện tất cả các lần quét và quét lại trong vòng 30 ngày. Ngoài ra, các tổ chức nên triển khai tất cả các bản vá lỗ hổng có mức độ nghiêm trọng nghiêm trọng và cao trong 15 ngày. Nếu các tổ chức không thể khắc phục bất kỳ lỗ hổng nào trong vòng 30 ngày thì lỗ hổng cụ thể đó sẽ được báo cáo để có thể áp dụng các biện pháp kiểm soát thay thế nhằm giảm thiểu rủi ro và tổ chức có thể tiến hành đánh giá phát hiện cụ thể trong lần quét tiếp theo.

Báo cáo kiểm tra bảo mật ứng dụng web bao gồm những gì?

Báo cáo xác định mục tiêu và mô tả rủi ro chi tiết cho mọi lỗ hổng được báo cáo.
● Các lỗ hổng được xác định bằng Bằng chứng khái niệm (POC) được thu thập trong khi thực hiện đánh giá bảo mật.
● Tất cả các lỗ hổng được báo cáo trong báo cáo đều được phân loại thành các mức độ nghiêm trọng như 'Nghiêm trọng', 'Cao', 'Trung bình', 'Thấp' và 'Thông tin' theo điểm Hệ thống chấm điểm lỗ hổng bảo mật chung (CVSS), tùy thuộc vào rủi ro và tác động kinh doanh tiềm ẩn mà nó có thể gây ra do việc khai thác lỗ hổng.
● Các khuyến nghị nhằm giảm thiểu và đóng cửa các lỗ hổng đã xác định một cách hiệu quả được chỉ định và đề cập trong báo cáo.

Kiểm tra bảo mật ứng dụng web mất bao nhiêu thời gian?

Phải mất 4-5 ngày để hoàn thành bài kiểm tra ứng dụng web (có thể thay đổi tùy thuộc vào mức độ phức tạp của ứng dụng) và 1-2 ngày để báo cáo.

Các công cụ khác nhau được sử dụng để kiểm tra ứng dụng web là gì?

Để thử nghiệm ứng dụng web, nhiều công cụ thương mại và nguồn mở khác nhau được sử dụng.

Các loại phương pháp đánh giá bảo mật để kiểm tra ứng dụng web là gì?

Trong phân tích lỗ hổng bảo mật của một ứng dụng web, 'điểm vào' của ứng dụng có thể dễ bị tấn công và hiển thị điểm yếu của ứng dụng sẽ được xác định. Hai loại phương pháp đánh giá bảo mật ứng dụng web là:
a. Kiểm tra tự động: Kiểm tra tự động được thực hiện bằng cách sử dụng trình quét lỗ hổng ứng dụng web thương mại và tự động để xác định và phát hiện các lỗ hổng bảo mật trong ứng dụng.
b. Kiểm tra thủ công: Nhóm Hoạt động bảo mật tiến hành Kiểm tra thủ công vì những lý do sau.

   ● Để xác định các lỗ hổng tiềm ẩn được phát hiện trong Kiểm tra tự động nhằm xác nhận lỗ hổng đã xác định.
   ● Để xác định các lỗ hổng có thể không được xác định trong Kiểm tra tự động.
   ● Để khai thác các lỗ hổng có thể không được khai thác bằng máy quét ứng dụng web tự động.

Kiểm tra bảo mật ứng dụng máy khách dày là để xác định các lỗ hổng và khai thác các lỗ hổng đã xác định trong các ứng dụng máy khách dày được cài đặt trên hệ thống phía máy khách, đồng thời tăng cường bảo mật tổng thể của ứng dụng để ngăn chặn mọi truy cập trái phép có thể gây ảnh hưởng đến tổ chức.

Quy trình kiểm tra bao gồm cả quá trình xử lý cục bộ và phía máy chủ. Bề mặt tấn công của một ứng dụng client dày là rất đáng kể. Kiểm tra bảo mật được tiến hành để xác định các sự cố ở cấp độ lập trình, sự cố truy cập tệp, sự cố cấu hình, v.v. trong ứng dụng có thể trở thành lỗ hổng và gây ra tác động tiềm tàng đối với tổ chức hoặc doanh nghiệp.

Phương pháp luận:

- Thu thập thông tin: Sau khi xác định phạm vi, chúng tôi liệt kê các hệ thống có phạm vi để thu thập thông tin về các lỗ hổng tiềm ẩn.

- Phân tích và khai thác lỗ hổng: Xác định các rủi ro bảo mật có thể dễ bị tổn thương và cố gắng khai thác để có quyền truy cập vào các tài sản tiềm năng bổ sung.

- Đánh giá hậu khai thác: Đánh giá giá trị của điểm xâm nhập vào máy để xác định việc khai thác tiếp theo.

- Báo cáo ban đầu:Chia sẻ mô tả rủi ro chi tiết về mọi lỗ hổng được báo cáo cùng với POC và mức độ nghiêm trọng tùy thuộc vào rủi ro và tác động kinh doanh tiềm ẩn.

- Đánh giá xác nhận: Các thành phần và ứng dụng Máy khách Dày được kiểm tra lại để xác thực bản sửa lỗi đã áp dụng sau khi khắc phục các quan sát đã xác định.

- Báo cáo cuối cùng: Dựa trên kết quả kiểm tra của đánh giá xác nhận, báo cáo Đạt/Không đạt sẽ được đưa ra.

Câu hỏi thường gặp

Cần bao nhiêu thời gian để thực hiện kiểm thử ứng dụng khách dày?

Thời gian gần đúng cần thiết cho Thử nghiệm ứng dụng khách dày là 7 ngày và 1 ngày để báo cáo.

Tiêu chuẩn được tuân theo để thử nghiệm ứng dụng khách dày là gì?

OWASP Top 10, CWE/SANS 25 NIST, PCI và tất cả các khung bảo mật tiêu chuẩn ngành hiện hành là các tài liệu tiêu chuẩn thông thường được tuân theo để Kiểm tra ứng dụng máy khách dày.

Sản phẩm cuối cùng sau khi đánh giá hoàn tất là gì?

Một báo cáo chi tiết sẽ được cung cấp nêu rõ phạm vi của môi trường đã được thử nghiệm, phương pháp được sử dụng và giải thích chi tiết về các lỗ hổng được phát hiện cùng với Bằng chứng về Khái niệm (POC). Báo cáo cũng sẽ bao gồm các đề xuất minh họa chi tiết và khả thi để khắc phục lỗ hổng bảo mật.

Bạn cũng vá các lỗ hổng đã được xác định phải không?

Không, chúng tôi sẽ tiến hành đánh giá và chia sẻ báo cáo về lỗ hổng để các nhóm tương ứng có thể tiến hành khắc phục.

Bạn nên tiến hành thử nghiệm ứng dụng khách dày bao lâu một lần?

Tần suất Kiểm tra ứng dụng máy khách dày được xác định theo tiêu chuẩn bảo mật ngành hiện hành cho một tổ chức. Nó cũng phụ thuộc vào kết quả Đánh giá rủi ro. Tuy nhiên, theo thông lệ tốt nhất trong ngành, nên thực hiện những đánh giá này ít nhất mỗi năm một lần hoặc khi môi trường thay đổi.

Cách tiếp cận của bạn để thực hiện thử nghiệm ứng dụng khách dày là gì? Các công cụ liên quan là gì?

Kiểm tra ứng dụng khách dày thường được thực hiện bằng cách sử dụng kết hợp các kỹ thuật và công nghệ thủ công và tự động để xác định các lỗ hổng trên ứng dụng.

Thuật ngữ "VAPT" (đánh giá lỗ hổng và kiểm tra thâm nhập) đề cập đến quá trình xác định các lỗ hổng bảo mật và các hoạt động khai thác tiềm ẩn mà người dùng trái phép có thể sử dụng để tác động đến môi trường của tổ chức mục tiêu, đánh cắp dữ liệu tài chính hoặc nhạy cảm hoặc kiểm soát tài khoản người dùng. Lỗ hổng có thể được định nghĩa là lỗi trong mã hoặc lỗ hổng trong thiết kế phần mềm có thể bị khai thác để gây hại hoặc tạo lỗ hổng trong quy trình bảo mật hoặc điểm yếu trong kiểm soát nội bộ mà khi khai thác sẽ dẫn đến vi phạm bảo mật. Đánh giá bảo mật có thể được thực hiện trên các hệ thống nội bộ hoặc có thể truy cập công khai đối với các hệ thống vật lý của môi trường cũng như sử dụng các nhà cung cấp dịch vụ đám mây khác nhau. Việc đánh giá các thành phần hệ thống giúp hiểu được tình hình an ninh và hiệu quả của việc bảo vệ an ninh của tổ chức. Báo cáo đầy đủ thu được bao gồm phát hiện quan trọng có thể giúp các tổ chức tránh được một sự cố bảo mật khác.

Tầm quan trọng của dịch vụ kiểm tra VAPT trong các tổ chức:
Việc tiến hành kiểm tra bảo mật định kỳ có thể là công cụ giúp phát hiện các lỗ hổng cơ bản trong cấu hình bảo mật trang web của bạn. Việc sử dụng dịch vụ VAPT được pháp luật quy định trong một số lĩnh vực để đảm bảo tuân thủ các quy định hiện hành. Ví dụ: PCI DSS yêu cầu các chuyên gia bảo mật được chứng nhận tiến hành các thử nghiệm thâm nhập cả bên trong và bên ngoài. Các dịch vụ Đánh giá lỗ hổng và Kiểm tra thâm nhập (VAPT) rất cần thiết cho các tổ chức vì chúng:

- Xác định các lỗ hổng và điểm yếu về bảo mật, từ đó hỗ trợ giảm thiểu rủi ro và ưu tiên các nỗ lực bảo mật.
- Đánh giá hiệu quả của các biện pháp an ninh hiện tại.
- Đảm bảo tuân thủ các quy định về CNTT, bảo vệ dữ liệu nhạy cảm và danh tiếng.
- Cải thiện khả năng ứng phó sự cố và cung cấp sự đảm bảo của bên thứ ba.
- Cung cấp một lợi thế cạnh tranh.
- Giúp doanh nghiệp thích ứng với bối cảnh mối đe dọa ngày càng gia tăng.
- Tiết kiệm chi phí và đảm bảo hoạt động kinh doanh liên tục.

Dịch vụ xét nghiệm VAPT bao gồm những gì?
VAPT cung cấp cho các tổ chức một bản đánh giá ứng dụng đầy đủ hơn bất kỳ bài kiểm tra đơn lẻ nào. VAPT cung cấp cho công ty một bức tranh đầy đủ hơn về các rủi ro ứng dụng của mình, giúp công ty bảo vệ thông tin và hệ thống của mình khỏi các cuộc tấn công có hại. Hầu hết các lỗ hổng trong phần mềm nội bộ và bên thứ ba đều có thể được vá. Trong khi nhà cung cấp VAPT tìm và phân loại các lỗ hổng, nhóm bảo mật CNTT có thể tập trung vào các vấn đề quan trọng. Dịch vụ VAPT của chúng tôi bao gồm nhưng không giới hạn ở:

- Kiểm tra bảo mật ứng dụng web và thiết bị di động: Kiểm tra bảo mật ứng dụng phát hiện các lỗ hổng ứng dụng, bao gồm các dịch vụ ứng dụng trực tuyến và di động, đồng thời giảm rủi ro khi tuân thủ quy định.
- Kiểm tra bảo mật API: Kiểm tra bảo mật API là một quá trình nhằm tìm kiếm, phân loại và khai thác các lỗ hổng có thể có bên trong Giao diện lập trình ứng dụng (API) và Dịch vụ web.
- Kiểm tra bảo mật ứng dụng thiết bị đầu cuối POS: Mục tiêu của Kiểm tra bảo mật ứng dụng thiết bị đầu cuối POS là xác định các lỗ hổng bảo mật tiềm ẩn hoặc hiện có có thể gây nguy hiểm cho tính toàn vẹn của hệ thống và cho phép các cá nhân hoặc hệ thống trái phép truy cập vào thông tin nhạy cảm được lưu trữ trên thiết bị.
- Kiểm tra thâm nhập phân đoạn mạng PCI: Mục tiêu chính của việc tiến hành kiểm tra thâm nhập phân đoạn mạng cho PCI-DSS là đánh giá và xác minh tính hiệu quả của các biện pháp kiểm soát lưu lượng mạng được triển khai giữa các phân đoạn riêng biệt, cụ thể là các phân đoạn kết nối mạng ngoài phạm vi với mạng trong phạm vi lưu trữ thông tin nhạy cảm.
- Đánh giá bảo mật mạng và máy chủ: Về cốt lõi, đánh giá bảo mật mạng tìm cách xác định các lỗ hổng bảo mật và đưa ra các đề xuất cải tiến. Thông qua phân tích toàn diện về bảo mật mạng, bạn có thể xác minh rằng tổ chức của mình đã sẵn sàng đối mặt với các mối đe dọa mạng tiềm ẩn và giảm nguy cơ vi phạm an ninh mạng.

Các loại đánh giá lỗ hổng và kiểm tra thâm nhập:
Hãy nhớ rằng chi phí VAPT thay đổi tùy thuộc vào loại kiểm toán bảo mật mà công ty thực hiện. Sau đây là một số hạng mục dịch vụ VAPT điển hình được các doanh nghiệp hiện nay cung cấp.

- Các dịch vụ VAPT dựa trên phương pháp tiếp cận: Thử nghiệm hộp đen, hộp trắng và hộp xám là các danh mục khác mà các dịch vụ VAPT dựa trên phương pháp tiếp cận có thể được tách riêng.
- Dịch vụ VAPT dựa trên phương pháp: Pentest này bao gồm nhiều đánh giá và kiểm tra khác nhau. Các chuyên gia VAPT xác định các lỗ hổng bảo mật CNTT của doanh nghiệp. Dựa trên các lỗ hổng, tổ chức sẽ thực hiện các hành động khắc phục.

Tại sao chọn chúng tôi cho Dịch vụ xét nghiệm VATT?
Chúng tôi không chỉ là nhà cung cấp dịch vụ Đánh giá lỗ hổng và Kiểm tra thâm nhập (VAPT), trọng tâm của chúng tôi là cung cấp toàn bộ dịch vụ Quản lý rủi ro cho khách hàng của mình. Chúng tôi đóng vai trò là đồng minh của bạn trong thế giới phòng thủ mạng. Tổ chức của chúng tôi cung cấp nhiều lựa chọn toàn diện về dịch vụ đánh giá bảo mật và hướng dẫn để tăng cường đội ngũ bảo mật của bạn cũng như giám sát liên tục các rủi ro bảo mật trong thời gian thực.

Kiến thức và Kinh nghiệm: Đội ngũ của chúng tôi bao gồm các chuyên gia có trình độ với các chứng chỉ ngành như CISSP, CISA, PCI QSA, PA QSA, PCI-SSF QSA, Người đánh giá 3DS, OSCP, ISO/IEC 27001 LA, ISO/IEC 27701 LA, COBIT, CEH, CHFI, và những người khác. Các chuyên gia có kỹ năng xác định các điểm yếu và phát triển các giải pháp bảo mật mạnh mẽ để giữ an toàn cho tài sản kỹ thuật số và tuân thủ các quy định của doanh nghiệp.
Phương pháp tiếp cận phù hợp và giải pháp tùy chỉnh: Chúng tôi nhận thấy rằng mỗi doanh nghiệp đều có các yêu cầu bảo mật khác nhau. Cho dù bạn làm trong lĩnh vực chăm sóc sức khỏe hay ngân hàng, các dịch vụ VAPT của chúng tôi sẽ được điều chỉnh phù hợp với nhu cầu và cơ sở hạ tầng riêng của bạn.
Bảo mật chủ động: Chúng tôi cung cấp lời khuyên và giải pháp an ninh mạng chủ động để bảo vệ cơ sở hạ tầng kỹ thuật số của bạn ngoài việc phát hiện các lỗ hổng. Chiến lược của chúng tôi tập trung vào việc hỗ trợ các doanh nghiệp củng cố khả năng phòng thủ của họ.
Giảm thiểu rủi ro: Các dịch vụ VAPT của chúng tôi giúp bạn tuân thủ luật pháp, bảo vệ danh tiếng của mình và giảm thiểu khả năng vi phạm an ninh.
Phương pháp tiếp cận lấy khách hàng làm trung tâm: Ưu tiên hàng đầu của chúng tôi là giao tiếp hiệu quả, làm việc nhóm và sự hài lòng của bạn. Cách tiếp cận lấy khách hàng làm trung tâm của chúng tôi đảm bảo rằng bạn luôn được cập nhật thông tin và tham gia trong suốt quá trình đánh giá. Báo cáo của chúng tôi rất dễ đọc và dễ hiểu, đồng thời bao gồm thông tin chi tiết về các lỗ hổng mà chúng tôi tìm thấy, mức độ nghiêm trọng cũng như cách khắc phục chúng.

Các dịch vụ của chúng tôi bao gồm đánh giá kỹ lưỡng và giám sát liên tục nhằm xác định các điểm yếu và lỗ hổng tồn tại từ trước. Chúng tôi hoạt động như thám tử mạng, phát hiện các lỗ hổng bên trong cơ sở hạ tầng có khả năng tạo điều kiện cho một cuộc tấn công mạng và sau đó đề xuất các chiến lược để giảm thiểu những rủi ro này một cách hiệu quả.

Phương pháp đánh giá VAPT

- Thu thập thông tin: Mọi đánh giá VAPT đều bắt đầu bằng nghiên cứu môi trường mục tiêu. Xác định tất cả các hệ thống, ứng dụng, cấu trúc liên kết mạng và các biện pháp bảo mật là một phần của quá trình đánh giá. OSINT, quét và phỏng vấn các bên liên quan có thể thu thập thông tin.

- Phân tích và khai thác lỗ hổng: Nhóm VAPT sẽ phân tích môi trường xung quanh mục tiêu để tìm lỗ hổng sau khi tích lũy số liệu thống kê. Các công cụ như máy quét tự động, phê bình mã của con người và thử nghiệm thâm nhập có thể đạt được điều này. VAPT sẽ khai thác các lỗ hổng để có quyền truy cập vào môi trường mục tiêu và kiểm tra kết quả của một cuộc tấn công thành công.

- Hậu khai thác: Nếu lỗ hổng bị khai thác, VAPT sẽ là bù đắp cho quyền truy cập bị xâm phạm. Xác định các tài nguyên có sẵn cho hệ thống bị nhiễm và một cuộc tấn công thành công sẽ ảnh hưởng đến doanh nghiệp như thế nào.

- Báo cáo ban đầu: Sau khi hoàn thành đánh giá VAPT, nhóm VAPT sẽ đưa ra báo cáo sơ bộ nêu rõ kết quả đánh giá. Ngoài việc nêu chi tiết bất kỳ thiếu sót nào đã được xác định, bài viết này cũng sẽ bao gồm bằng chứng về khái niệm (POC) liên quan của mã nguồn chi phối việc triển khai nó nhằm xác minh bất kỳ điểm yếu nào về mức độ phức tạp và tác động tiềm ẩn của dự án. Đánh giá rủi ro sẽ được tiến hành để đưa vào báo cáo.

- Đánh giá xác nhận: Nhóm VAPT sẽ thực hiện đánh giá xác nhận khi tổ chức đã khắc phục các lỗ hổng được nêu trong báo cáo đầu tiên. Các hệ thống và thành phần nhạy cảm phải được kiểm tra lại để đảm bảo chúng không còn dễ bị tấn công nữa.

- Báo cáo cuối cùng: Dựa trên kết quả đánh giá xác nhận, nhóm VAPT sẽ tạo báo cáo cuối cùng cho biết tổ chức có vượt qua đánh giá VAPT hay không. Báo cáo cũng sẽ bao gồm mọi khuyến nghị để cải thiện bảo mật hơn nữa.

Câu hỏi thường gặp

Lợi ích của việc đánh giá lỗ hổng và kiểm tra thâm nhập (VAPT) là gì?

VAPT là các dịch vụ an ninh mạng quan trọng giúp các tổ chức xác định các điểm yếu và lỗ hổng bảo mật tiềm ẩn trong cơ sở hạ tầng, mạng và ứng dụng CNTT của họ. Một số lợi ích chính của VAPT bao gồm Xác định các lỗ hổng, Giảm thiểu rủi ro bảo mật, Yêu cầu tuân thủ, Giảm tác động của các sự cố bảo mật và Cải thiện niềm tin của các bên liên quan. Nhìn chung, các dịch vụ VAPT rất quan trọng trong việc cải thiện tình trạng bảo mật của các tổ chức, giảm rủi ro bảo mật và đảm bảo tuân thủ các tiêu chuẩn quy định và khung tuân thủ.

Chúng tôi hỗ trợ VAPT như thế nào trong các sản phẩm bảo mật của mình?

Chúng tôi cung cấp các dịch vụ VAPT bằng cách sử dụng đội ngũ chuyên gia an ninh mạng có tay nghề cao và giàu kinh nghiệm, những người sử dụng các công cụ và kỹ thuật mới nhất để xác định các lỗ hổng và điểm yếu trong cơ sở hạ tầng, mạng và ứng dụng CNTT của tổ chức. Đồng thời, chúng tôi tuân theo các tiêu chuẩn và thông lệ tốt nhất trong ngành để đảm bảo rằng các dịch vụ VAPT của mình là toàn diện, chính xác và hiệu quả trong việc cải thiện tình trạng bảo mật của khách hàng.

Các yêu cầu để bắt đầu quét lỗ hổng hoặc kiểm tra thâm nhập trên máy chủ, ứng dụng, v.v. của tôi là gì?

Nhóm của chúng tôi sẽ chia sẻ các tài liệu cần thiết đề cập đến tất cả các yêu cầu quét như kết nối, danh sách trắng IP, thông tin xác thực người dùng để truy cập ứng dụng, v.v. Bạn sẽ cần điền vào các tài liệu này theo đánh giá hiện hành và chia sẻ các tài liệu đã điền với nhóm bắt đầu thử nghiệm.

Liệu có bất kỳ thời gian ngừng hoạt động nào của hệ thống hoặc bất kỳ tác động nào đến máy chủ của tôi khi quét lỗ hổng bảo mật hoặc kiểm tra thâm nhập được khởi chạy không?

Các thử nghiệm của chúng tôi luôn có tính chất không xâm phạm. Tuy nhiên, tại thời điểm thực hiện các đánh giá này, lưu lượng mạng có thể được tạo ra ở mức tối thiểu. Khách hàng luôn có thể chọn xem họ muốn bắt đầu quét trong giờ làm việc hay ngoài giờ làm việc.

Bạn nên tiến hành đánh giá lỗ hổng bảo mật hoặc kiểm tra thâm nhập cho toàn bộ cơ sở hạ tầng bao gồm máy chủ, ứng dụng, v.v. bao lâu một lần?

Tần suất Đánh giá lỗ hổng hoặc Kiểm tra thâm nhập được xác định theo tiêu chuẩn bảo mật ngành hiện hành cho một tổ chức. Nó cũng phụ thuộc vào kết quả Đánh giá rủi ro. Tuy nhiên, theo thông lệ tốt nhất trong ngành, nên thực hiện những đánh giá này ít nhất mỗi năm một lần hoặc khi môi trường thay đổi.

Cách tiếp cận của bạn để thực hiện các bài kiểm tra thâm nhập và đánh giá lỗ hổng cho máy chủ, ứng dụng, v.v. là gì? Các công cụ liên quan là gì?

Đánh giá lỗ hổng và/hoặc kiểm tra thâm nhập thường được thực hiện bằng cách sử dụng kết hợp các kỹ thuật và công nghệ thủ công và tự động để xác định lỗ hổng trên máy chủ, điểm cuối, ứng dụng web, mạng không dây, thiết bị mạng và thiết bị di động (tùy thuộc vào phạm vi và mục tiêu của sự tham gia).

Do you have the capabilities needed to hunt for and rapidly contain sophisticated cyber threats across your IT estate? Legacy systems such as firewalls, endpoint security methods and other tools such as SIEMs and sandboxes are becoming insufficient to counter the speed and sophistication of attacks. There is an urgent need to build a successful cyber defence function that assists with incident detection, incident response and investigation, attack surface management, digital brand protection, platform engineering and cyber intelligence and threat hunting services on a 24x7 basis.

With us, Managed Security Services are tailor-made security services for organisations that wish to achieve and maintain a security posture that helps them effectively detect and respond to cybersecurity threats on an ongoing basis. Managed Security Services operate 24x7 as an extended arm of your security teams, providing you with cyber security management, detection and response capabilities and effective risk and compliance management with minimal initial investment.

Your Challenges:

• - How do you effectively detect and respond to cybersecurity threats on an ongoing basis?
• - A sudden shift to remote working and the need to quickly implement new IT solutions has increased opportunistic threat and workplace disruption has increased the cyber risk profile?
• - Are you missing contextual insight into specific threats targeting systems and courses of action on a real time basis?
• - Transform your Security Operations with integrated monitor, detect and response- threat intelligence and threat hunting capabilities.

How can we help you?:

• - Managed Threat Detection & Response Services to detect, manage and respond to security incidents by leveraging our 24x7x365 Managed Cyber Defence (MCD) and Active Threat Monitoring Services.
• - Dark Web & Brand Monitoring Services -Platform/Services to monitor and detect advanced threats on deep, dark web and closed/hacker forums.
• - Security & Network Device Management- Services to manage the security implementation, operations and maintenance of network and security devices.
• - Security Orchestration Automation and Response- Platform/Services for triaging automation, response orchestration and automation.
• - Compromise Assessment - Analyse your network and hosts for advanced threats, malware, indicators of compromises and potentially unwanted activities utilising our extensive knowledge of advanced attackers’ tactics, tools and techniques.

Key benefits:

• - Stop threats before they damage the targeted system.
• - Reduce the time between detection and response to seconds or minutes.
• - Access to the information needed for response and investigation activities.
• - Identify data at risk from external or insider threats.
• - Leverage Threat Intelligence and IR experience in real-time.

Our certified security assessors, proactively conduct end to end assessment of your organization as per the best practices methodology, providing a concise report for the following areas of expertise:

- Vulnerability assessment and penetration testing.
- Thick client Application Security testing.
- Web Application Security Testing.
- Mobile Application Security Testing.
- API Security Testing.
- POS Terminal Software Security.
- Source Code Review.
- Data Discovery Scan.
- Configuration Audits.
- PCI Network Segmentation Penetration Testing.

The Society for Worldwide Interbank Financial Telecommunications (SWIFT) has put forth a security framework under its Customer Security Program i.e. SWIFT CSP for all of its users to address the growing needs of security and transparency as a community to combat the increase in cyber fraud.

The SWIFT CSP program aims at detection and prevention of fraudulent activity by means of a set of mandatory security controls defined under SWIFT Customer Service Control Framework (CSCF) and community wide information sharing initiative. The framework defines a set Objectives, Principles and Controls, revised and reviewed annually. Any organization that makes use of the Society for Worldwide Interbank Financial Telecommunication (SWIFT) interbank messaging network needs to comply with the new cybersecurity standards - as well as a related "assurance framework”. The organization that requires to be SWIFT qualified needs to undergo the following steps:

1. - Self-assessment as per the SWIFT Customer Security Controls Framework (CSCF): Annual assessment of the local environment against 23 mandatory and 9 advisory controls as per best practices.
2. - Self-attestation as per the SWIFT Customer Security Controls Policy: Each user is required to submit a self-attestation of their compliance against the controls defined based on the assessment results before the annual deadline.
3. - CSCF v2022 to CSCF v2023.

Furthermore, to enhance the overall integrity of attestations across all customers, all submitted attestations for CSCF v2023 must be supported by an Independent assessment – either internally, by a second or third line of defence (e.g. risk,compliance or internal audit), or externally, by a third-party.

All SWIFT Customers are required to perform an “Independent Assessment” as per the requirement of their annual self-attestation. As an approved SWIFT Assessment Provider, QRC will help you validate successful alignment of controls with the SWIFT CSP guidelines and work alongside your internal audit function. Our extensive SWIFT CSP expertise will ensure that all your requirements are met ahead of SWIFT’s required independent assessment.

Audit Approach: We follow a well-documented approach to work alongside our clients aiding them in attaining their compliance goals. This require a Well-documented execution plan along with defined milestones.

- Business Understanding: Evaluating business process and environment to understand the in-scope elements.

- Assessment Scope Finalization: Detailed questionnaire is shared with your teams to aid in the scope definition, planning and preparation of the audit and objectives.

- Initial/Readiness Assessment: As per the SWIFT CSCF framework, we will conduct an initial assessment to identify and analyze the risks in the information security posture.

- Validate SWIFT Architecture: Assist organizations to identify and validate SWIFT architecture, zones and the components as per the assessment requirement.

- Control Validation: Perform Mandatory & Advisory Control Validation to understand the control applicability as per the environment.

- Data Flow Assessment: Conducting thorough systems analysis to evaluate data flow and possible leakages.

- Documentation Support: Avail templates to ease out the documentation process during the assessment process.

- Remediation Support: Theo As per the assessment QRC will provide remediation support for complying with the SWIFT Cybersecurity framework.

- Scans and Testing: Identify critical vulnerabilities in your system with a robust testing approach.

- Evidence Review: Review of the evidence collected to assess their maturity, in line with the compliance.

- Concise Reporting: We document a comprehensive report detailing all findings covered in the assessment cycle as per the SWIFT template.

Frequently Asked Questions

What Is The SWIFT CSP?

SWIFT's customer security programme (CSP) aims to prevent and detect fraudulent activity through a set of mandatory security controls, community-wide information sharing initiatives and enhanced security features on their products.

When Is The Deadline For SWIFT CSP Compliance?

SWIFT CSP requires one to submit a self-attestation on an annual basis by 31 December. An independent assessment is required alongside a customers attestations from 31 December 2020 onwards.

What Form Does The SWIFT Required Independent Assessment Need To Take?

There are two forms in which a SWIFT customer can gain an independent assessment:
- An internal assessment: The internal audit needs to be carried out as per the internal audit function of the customer and independent from the function submitting the attestation.
- An external assessment: An external audit can be carried out by a audit firm, an assessment against the CSP controls.

What Are The SWIFT CSCF V2020 Controls?

SWIFT’s CSCF V2020 comprises 3 Objectives, 8 Principles & 31 Controls (21 Mandatory & 10 Optional). SWIFT mandatory controls focussed on securing your environment, knowing and limiting access.

What If You Attest Non-Compliance For SWIFT?

SWIFT reports all cases of non-compliance and where members have not verified to local regulators.

What If I Suspect My Organisation Has Been Targeted Or Breached?

In any circumstances, it is necessary to share all relevant information and let SWIFT know there is a problem as soon as possible, in order to protect other organisations in the network.

The GDPR Compliance, also known as the General Data Protection Regulation 2016/679, is a legal framework for consumer confidence that establishes rules for the gathering and use of personal data from residents of the European Union (EU) and the European Economic Area (EEA).

The records need to show what, where, how, and why data is processed. This new EU Regulation significantly enhances the protection of the personal data of EU citizens and increases the accountability of organisations who collect or process personal data of EU citizens. It also builts many requirements for data privacy and security, and adds harsher penalties for violations. If any organization suffers a breach of information assets related to EU citizens, the entity would be charged deftly and would need to notify the local data protection authority immediately.

GDPR Assessment Approach: We follow a well-documented approach to work alongside our clients aiding them in attaining their compliance goals. This require a Well-documented execution plan along with defined milestones.

- Business Understanding: Evaluating business process and environment to understand the in-scope elements.

- GDPR Scope Finalization: Finalize the scope elements and prepare the requirement documentation.

- GDPR Readiness Assessment: Identify the potential challenges that might arise in requirement implementation.

- GDPR Risk Assessment: Identifying and analysing the risks in the information security posture.

- Data Flow Assessment: Conducting thorough systems analysis to evaluate data flow and possible leakages.

- GDPR Documentation Support: Assist you with list of policy and procedure to help you in validation or evidence collection.

- Remediation Support: Support you by recommending solutions to compliance challenges.

- GDPR Awareness Training: Conduct awareness sessions for your Team and personnel involved in the scope.

- Scans and Testing: Identify critical vulnerabilities in your system with a robust testing approach.

- Evidence Review: Review of the evidence collected to assess their maturity, in line with the compliance.

- Final Assessment and Attestation: Post successful assessment, we get you attested for compliance with our audit team.

- Continuous Compliance Support: Support you in maintaining compliance by providing guidelines.

Frequently Asked Questions

How To Report Data Breaches As Per GDPR?

If an organization becomes aware of a personal data breach, they must report it to the ICO within 72 hours. If the threshold is not met, the organization must provide a valid reason for the delay.

What Is GDPR?

GDPR stands for the General Data Protection Regulation. It involves the protection of personal data and the rights of individuals. Its main aim is to ease the flow of personal data and increase privacy and rights for EU residents across all member states.

What Is The Data Protection Impact Assessment In GDPR?

One of the characteristics of GDPR is increased accountability. There is a requirement under GDPR for businesses to undertake data protection impact assessments when putting any processes in place that use new technology that is likely to result in a high risk to data subjects.

How Is A GDPR Gap Analysis Performed?

GDPR gap analysis is a process of identifying areas and systems within your organisation which may be at risk of a breach and need ‘tightening up’. Being one of the most important steps on your journey towards compliance, not to mention a complex and time-consuming process for the uninitiated,it's advisable to go with a data protection expert.

To Whom Does GDPR Apply?

GDPR applies to any organization, whether or not it is based in the EU, that processes the personal data of EU citizens. GDPR applies to these businesses even if the goods or services that they offer are free.

What Happens If You Don’t Comply With GDPR?

Entities that do not comply with GDPR requirements may be fined up to $20mm or 4% of their worldwide turnover (revenue), whichever is greater. This would also be subject to lawsuits by affected data subjects.

HIPAA compliance is a fundamental aspect of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), a federal law mainly focused on protecting sensitive patient health information from being disclosed without the patient's consent or knowledge. The law provides baseline privacy and security standards for the medical information of US citizens.

The standard is applicable to covered entities and their business associates like health care clearinghouses, employer sponsored health plans, health insurers, and medical service providers that engage in certain transactions that involve digital transmission of patient health information (PHI).

HIPAA Regulation divided into Security Rule, Privacy Rule, Transactions and Code Sets (TCS) Rule, Unique Identifiers Rule, Breach Notification Rule, Omnibus Final Rule. HIPAA Security Rule requires implementation of 1) Administrative, 2) Physical, and 3) Technical safeguards. In Addition, it imposes other organizational requirements and a need to document processes analogous to the HIPAA Privacy Rule.

Office of Civil Rights (OCR), explains the failure to provide a “specific risk analysis methodology” is due to Covered Entities and Business Associates being of different sizes, capabilities and complexity. As per OCR, the key objectives of a HIPAA risk assessment are:

+ Identify the PHI that your organization creates, receives, stores and transmits including PHI shared with consultants, vendors and Business Associates.

+ Identify the human, natural and environmental threats to the integrity of PHI human threats including those which are both intentional and unintentional.

+ Assess what measures are in place to protect against threats to the integrity of PHI, and the likelihood of a “reasonably anticipated” breach occurring.

+ Determine the potential impact of a PHI breach and assign each potential occurrence a risk level based on the average of the assigned likelihood and impact levels.

+ Document the findings and implement measures, procedures and policies where necessary to tick the boxes on the HIPAA compliance checklist and ensure HIPAA compliance.

+ HIPAA risk assessment, the rationale for the measures, procedures and policies subsequently implemented, and all policy documents must be kept for a minimum of six years.

HIPAA Assessment Approach: We follow a well-documented approach to work alongside our clients aiding them in attaining their compliance goals. This require a Well-documented execution plan along with defined milestones.

- Business Understanding: Evaluating business process and environment to understand the in-scope elements.

- HIPAA Scope Finalization: Finalize the scope elements and prepare the requirement documentation.

- HIPAA Readiness Assessment: Identify the potential challenges that might arise during requirement implementation.

- HIPAA Risk Assessment: Identifying and analysing the risks in the information security posture.

- HIPAA Data Flow Assessment: Conducting thorough systems analysis to evaluate data flow and possible leakages.

- HIPAA Documentation Support: Assist you with list of policy and procedure to help you in validation or evidence collection.

- HIPAA Remediation Support: Support you by recommending solutions to compliance challenges.

- HIPAA Awareness Training: Conduct awareness sessions for your Team and personnel involved in the scope.

- Data and Asset Classification: Identify critical vulnerabilities in your system with a robust testing approach.

- HIPAA Evidence Review: Review of the evidence collected to assess their maturity, in line with the compliance.

- Final Assessment and Attestation: Post successful assessment, we get you attested for compliance with our audit team.

- Continuous Compliance Support: Support you in maintaining compliance by providing guidelines.

Frequently Asked Questions

How Do You Maintain HIPAA Compliance?

Maintaining compliance with the Health Insurance Portability and Accountability Act (HIPAA) is essential for any organization that handles protected health information (PHI). Some steps that organizations can take to maintain HIPAA compliance include Conducting regular risk assessments, Implementing technical and administrative safeguards, Maintaining physical security, Conducting regular employee training, Conducting regular audits and monitoring and Maintain documentation.

What Are The Penalties For HIPAA Non-Compliance?

Fines can be up to $250,000 for violations or imprisonment up to 10 years for knowing abuse or misuse of individual health information.

What Is Protected Health Information (PHI)?

Information collected from an individual by a covered entity that relates to the past, present or future health or condition of an individual and that either identifies the individual or there is basis to believe that the information can be used to identify, locate, or contact the individual...and thus must be protected. PHI is a subset of PII.

What Businesses Must Comply With HIPAA Laws?

Any healthcare entity that electronically processes, stores, transmits, or receives medical records, claims or remittances.

What’s The Difference Between The HIPAA Security And Privacy Rules?

HIPAA Privacy Rule addresses appropriate PHI use and disclosure practices by healthcare organizations. The same rules, regulations and policies that regulate Privacy do not necessarily extend to the Security Rule. The HIPAA Security Rule revolves around safeguarding the systems that house or transmit PHI.

Who Is Responsible For HIPAA?

Every individual (office manager, doctor, etc.) is held responsible for health information they should, can, or do access. Individuals and companies can independently face criminal charges for mishandling PHI.

In 2018, according to the most recent report by Harvard Business Review, roughly $1.3 trillion was spent on digital transformation. In the last couple of years, the numbers increased even more, mainly because companies needed to adjust to a new way of life accelerated by Covid. It is important to note that digital transformation is not just an issue of capital expenditure but also of defining plans and the technology needed, implementing them, and resolving the accompanying problems and possibilities.

Innovation and disruption are the two cornerstones of digital change in the sector. Companies must pay close attention to the ever-changing environment of their industry and ensure they have the required personnel and technology to execute new business models, retain current talent and keep the business running successfully.

Digital transformation: What is it?

A digital transformation is the upgrade of current processes or the introduction of new methods of business operations using digital technology that enhances the customer experience and results in improved conversion rates for the organization. In this new digital age, digital transformation typically involves reinventing corporate processes.

Process, technology, data, and organizational change are the four primary aspects of digital transformation. Comparatively, the three primary components of digital transformation are rebuilding operations, customer relationships, and processes.

What is a Digital Transformation Framework?

Digital transformation frameworks cannot be generic; they must be adapted to each organization's particular challenges and needs.

Let's examine some of the characteristics of publicly accessible digital transformation frameworks.

Case Study: Customer experience is the core of McKinsey's digital strategy

McKinsey developed a DX framework called 4Ds. It emphasizes the importance of keeping the end goal in mind at every step: to increase customer value. An organization that is digital-first places customer experience as its focal point. Likewise, it emphasizes the importance of interconnecting all the stages and not falling short.

Source: McKinsey&Company The 4Ds of Digital Tranformation

McKinsey states, “Even though this approach seems self-evident, most companies struggle with implementation. Many invest heavily in the "Discover" stage, but later on, when "change exhaustion" sets in, the effort and budget diminish. To minimize this risk, it's important to concentrate on quick wins that generate momentum and save money that can be reinvested in future transformations.

Business Digital Transformation Trends: What's Next?

To remain competitive, businesses should focus on upcoming trends such as cloud computing, artificial intelligence and machine learning, predictive analytics, and blockchain adoption. With these increasingly accessible tools and solutions, businesses can ensure their success by remaining at the forefront of digital advancements. For example, the adoption of VPNs is one of the most prominent trends we've seen this past year and it seems to remain an essential tool, especially for companies operating based on a hybrid work model. A VPN service like Surfshark allows companies to securely connect a multitude of devices over an internet connection, improving accessibility to company resources from remote locations. 

In 2023 and beyond, organizations will need to strengthen their digital operations. The following are some of the most prominent trends in digital transformation:

• Effective usage of Machine Learning and Artificial Intelligence (AI) should be encouraged (ML)
• A rise in digital partnerships, mergers, and acquisitions
• Increasing public cloud and data cloud security
• Enhanced success metrics for digital transformation and more

Many businesses have already begun to automate and simplify their business operations, as a new kind of consumer necessitates a new company strategy. 

The Importance of Digital Transformation for a Business

Now, let's examine the five fundamental reasons why digital transformation in the company is crucial:

Rapid evolution of digital technologies

Technology evolves rapidly. Every firm must adapt to this ever-changing business climate and adopt new technologies. The methods and techniques that were effective in the past are unlikely to be effective now.

All six layers must be aligned for a business to succeed in the digital age: process, platform, people, product, marketing, and customer experience. The company will collapse if even one of these is not cared for properly.

Shifting Client Expectations

Customers' expectations are increasing, and businesses are working hard to meet them. Today, it is easier than ever before for customers to research all available options to fulfill their requirements. Therefore, each organization must put more effort into retaining its consumers by having an active online presence, a fully functional online storefront, providing a variety of payment options, and so on.

Maintaining an edge over the Competition

A revolution in technology and capabilities that did not exist even five years ago has given businesses the potential to take the lead. If they adapt to this change, they will avoid falling behind the competition. A firm that does not embrace digital changes will be replaced by a new one.

Make Informed Decisions, Faster

Businesses may benefit from big data by placing data and analytics at the heart of their digital transformation strategies. Due to the Internet of Things, organizations have more access to data quantities than ever. With the right mix of analytical tools, this data may be converted into valuable business insights, enabling you to make smarter, more expedient choices. The greater the influence and integration of analytical tools, the more deeply they are ingrained in business processes.

Digital transformation — The future

Digitalization is reinventing firms and helping seize unique competitive advantages, yet businesses are reluctant to shift their present business models when the time comes. In recent years, digital transformation has become something of a catchphrase among many senior executives. 79% of corporate strategists, according to a Gartner report, claim to be digitalizing their firms to generate new income streams. However, the transformation has been gradual so far, and fewer than half of organizations that claim to have converted place digital efforts at the center of their strategies.

We live in a digital, global, and hyper-connected society, characterized by a shift at the social and technical level, where the introduction of new market participants, off-site mobility, and constant communication significantly impact us. Today, digital transformation is vital; businesses must leave their comfort zone, reinvent themselves, and compete in a technologically advanced environment.

In an age of disruption and transformation, risk continues to be top of mind for many organizations, particularly as they look to use their data and information in new ways to generate insights that support strategic decision making. To stay ahead and turn these risks into opportunities to better manage and protect their valuable data and information assets, ISO 27001 certification is a powerful way for organizations to build trust in their information security management system (ISMS).

This international standard uses a risk-based approach to minimizing threats to your information and communication technology assets and offers a framework for other IT requirements you may have in place. By following this path to preserving the confidentiality, integrity and availability of your business information, your customers, employees and other stakeholders can have peace of mind that your information security program covers security controls over people, processes and technology and is embedded in your business practices, goals and objectives. Together with partners, we’ve developed a new approach to certification that lets you extract maximum value from the process. Our digital platform and streamlined methodology provide:

- One source of truth through a single location for the collection, analysis and presentation of data.

- A plan focused on key objectives and relevant risks.

- Real-time transparency, coordination and accountability over the progress and status of corrective actions.

- Opportunities for discussions about remediation, continuous improvement and business performance, in the context of your broader business goals.

Our team has extensive expertise in both evaluating and implementing information security management systems. Our certification work is conducted according to the ISO 17021-1 and ISO 27006 standards for certification of management systems, a standardized approach used by all accredited certification bodies. Through our broad expertise in technology control frameworks and third-party assurance standards, we can help you integrate your ISO 27001 controls into existing structures to create synergies in control performance and testing. The steps are as follows:

Foundational Analysis - Gap analysis, risk assessment, documentation: Our gap analysis approach will assess your organization’s current information security state against global leading practices and your intended future state. We offer a customized risk assessment service to help you identify and understand the risks most relevant to your business. Detailed outcomes are documented in the form of a risk treatment plan and a statement of applicability that conform to ISO 27001. We can also help with drafting and reviewing new and existing documentation.

Internal Audit - Value-added internal audit services: Conducting internal audits to identify non-conformance with your ISMS framework and any non-compliance with legal, regulatory and/or contractual requirements is key to a successful information security plan. We offer a comprehensive, value-added internal audit service that helps highlight any management system issues and gives recommendations for improvement.

Readiness assessment - Information readiness assessment for formal accredited certification: The readiness assessment helps you understand how your organization would perform against the formal ISO 27001 accredited certification audits. It evaluates how your organization is performing against the standard and verifies your ISMS maturity.

Certification Audit - Journey towards ISO 27001 certification: We offer certification and maintenance assessment services aligned with the ISO 17021 management system auditing standard so that your organization can be ISO 27001 certified.

ISO 27001 Certification Process: We provide hassle free and cost-effective ISMS Certification services with defined milestones. As an independent certification body, we follow these major steps as a part of our certification process:

- Application Process: Assist clients to fill in the Client Information Form and give you the best quote on the basis of information shared.

- Stage 1 Audit: Audit the client's management system documentation, collect necessary information regarding the scope of the management system and determine the preparedness for the stage 2 audit.

- Stage 2 Audit: Evaluate the implementation, including effectiveness, of the management system for the Stage 2 Audit. Gather the information and evidence about conformity to all requirements of the applicable management system standard.

- Annual Surveillance: Verifying the implementation of the management system, reconfirming continued compliance to the applicable standard and other normative documents.

- Recertification Audit: Verify overall continuing effectiveness of the organization's management system in entirety.

- Transfer Audits: Assist you in a smooth transfer process from your existing certification and complete the certification cycle.

- Multi-sites Audit: Specialized in handling multisite audits.

- Certification: We issue certificates and you can share your success with the world.

Frequently Asked Questions

Does The Entire Organisation Need To Apply ISO 27001?

No. It is feasible to limit the scope of implementation to just one area of the organisation, which is sensible for larger businesses that operate across several cities and/or international borders. It is preferable to implement the standard across the board for small businesses with fewer locations where they conduct business.

What Distinguishes ISO 27002 From ISO 27001?

The primary distinction between ISO 27001 and ISO 27002 is that the latter is intended to be used as a guide when choosing security controls during the implementation of an information security management system based on ISO 27001. Another significant distinction is that corporations can obtain ISO 27001 certification but not ISO 27002 certification.

Who Needs To Be Certified To ISO 27001?

The ISO 27001 framework was created to safeguard an organization's sensitive data. Therefore, ISO 27001 Certification is beneficial for every organisation that handles sensitive data, whether it is for profit or non-profit, small business, government, or private sector. ISO27001 is the global standard for information security management. The certification attests to the effectiveness of security measures and verifies the implementation of all policies. It provides a strategy that companies can apply to safeguard their data management.

What Are The Services That QRC Provides For Getting Certified For ISO 27001?

We provides audit and certification services for ISO 27001.

Can Only IT Companies Get Certified For ISO 27001?

Any organization, both IT and non-IT that handles a huge amount of information and seeks to protect sensitive data can get certified for ISO 27001. Banks, Visa Offices, Chartered Accountant firms, and other industries that are vital to protecting its sensitive data from unauthorized disclosure, falsification, misuse, disclosure, modification – can get certified to ISO 27001.

Will The Amount Of Documentation Necessary For ISO-27001 Slow Down My Everyday Operations?

ISO-27001 does require a fair amount of documentation of the ISMS itself and evidence that the ISMS is operating effectively. The additional work effort to produce and maintain the documentation is more than offset by the time saved by reductions in security incidents and third-party audits.

How do you validate your organization’s cybersecurity efforts? In April 2017, the AICPA saw a need in the marketplace that it could fill: a way for organizations to assess their cybersecurity risk management programs. The result? SOC for Cybersecurity was created. A SOC for Cybersecurity examination is how a CPA reports on an organization’s cybersecurity risk management program and verifies the effectiveness of internal controls to meet cybersecurity objectives, with the intention of giving stakeholders perspective and confidence in an organization’s cybersecurity risk management program.

As new cyber threats emerge each day, Information Security Auditors feel a greater responsibility to protect the clients from cyber-attacks and remain up-to-date on cyber trends to help you meet cybersecurity objectives.

Our audit delivery tool streamlines the audit process and helps reduce the complexity of compliance efforts, and gives our clients the ability to combine multiple audit frameworks into one audit. Connect with us today to learn about the time it takes to complete a SOC for Cybersecurity audit and understand the cost of receiving a SOC for Cybersecurity report.

How much does a SOC for Cybersecurity audit cost?

Pricing for a SOC for Cybersecurity audit depends on scoping factors, including business applications, technology platforms, physical locations, third parties, and audit frequency. Pricing will also vary based on the report type you choose, inclusion of a gap analysis, or inclusion of additional remediation time.

How long does a SOC for Cybersecurity audit take to complete?

The average SOC for Cybersecurity audit is completed in 12 weeks. The engagement begins with scoping procedures, then moves into an onsite visit, evidence review, report writing, and concludes with the delivery of a SOC for Cybersecurity report. This timeline is extended when a gap analysis must be performed or when remediation takes longer than expected.

What do I receive when my SOC for Cybersecurity audit is complete?

A SOC for Cybersecurity audit culminates in a report. The components and formatting of SOC for Cybersecurity reports delivered by ours are based on guidelines provided by the AICPA and and written by our team. A SOC for Cybersecurity report is a general use report that describes an organization’s cybersecurity risk management program and verifies the effectiveness of its controls, which can help stakeholders make informed decisions and can address vendor or supply chain risk management practices.

How long is a SOC for Cybersecurity report valid?

The opinion stated in a SOC for Cybersecurity report is valid for twelve months following the date the report was issued.

Who is involved in a SOC for Cybersecurity audit?

In every SOC for Cybersecurity engagement, our Information Security Auditors are required by the AICPA to maintain communication with management and those charged with governance from the service organization. Other team members involved in the audit could come from anywhere in your organization, ranging from human resources to development to compliance officers – anyone with the appropriate responsibilities for and knowledge of the matters concerned in the audit.

How do you validate the security of your organization’s services? A SOC 2 audit evaluates controls that directly relate to the AICPA’s Trust Services Criteria. This means that a SOC 2 audit report focuses on a service organization’s internal controls as they relate to security, availability, processing integrity, confidentiality, and privacy of a system. The result? A SOC 2 report validating the organization’s commitment to delivering high quality, secure services to clients.

SOC 2 audits are one of our specialties and we deliver SOC 2 reports to the customers. Information Security Auditors are senior-level experts, holding certifications like CISSP, CISA, and CRISC, to help you maintain SOC 2 compliance.

Our audit delivery tool streamlines the audit process, helps reduce the complexity of compliance efforts, and gives our clients the ability to combine multiple audit frameworks into one audit. Connect with us today to learn about the time it takes to complete a SOC 2 audit and understand the cost of receiving a SOC 2 report.

How much does a SOC 2 audit cost?

Pricing for a SOC 2 audit depends on scoping factors, including business applications, technology platforms, physical locations, third parties, audit frequency, and the Trust Services Criteria to be included in the audit. Pricing will also vary based on the report type you choose, inclusion of a gap analysis, or inclusion of additional remediation time.

What is the SOC 2 audit process?

The SOC 2 audit typically consists of the following:

• - Gap analysis
• - Scoping exercises
• - Onsite visit
• - Evidence gathering period
• - A SOC 2 report

The SOC 2 audit process must be facilitated by licensed CPA firms.

How long does a SOC 2 audit take to complete?

The average SOC 2 audit, using AASC’s process, is completed in 12 weeks. The engagement begins with scoping procedures, then moves into an onsite visit, evidence review, report writing, and concludes with the delivery of a SOC 2 report. This timeline is extended when a gap analysis must be performed or when remediation takes longer than expected.

Who can perform a SOC 2 audit?

A SOC 2 audit can only be performed by an auditor at a licensed CPA firm, specifically one that specializes in information security.  SOC 2 audits are regulated by the AICPA. 

What do I receive when my SOC 2 audit is complete?

A SOC 2 audit culminates in a SOC 2 report. The components and formatting of SOC 2 reports delivered by AASC are based on guidelines provided by the AICPA and written by our in-house Professional Writing team. SOC 2 reports provide a service organization’s clients with documentation outlining their system and controls, demonstrating how client information is maintained in a secure manner, and aides clients in performing their evaluation of the effectiveness of controls that may require their administration.

How long is a SOC 2 report valid?

The opinion stated in a SOC 2 report is valid for twelve months following the date the SOC 2 report was issued.

How often does a SOC 2 audit need to be performed?

Industry standard is to schedule a SOC 2 audit (Type I or Type II) to be performed annually or when significant changes are made that will affect the control environment. Any frequency less than that will demonstrate a lack of commitment to compliance, plus it may cause distrust in the service organization’s systems.

Who is involved in a SOC 2 audit?

In every SOC 2 engagement, our Information Security Auditors are required by the AICPA to maintain communication with management and those charged with governance from the service organization. Other team members involved in the audit could come from anywhere in your organization, ranging from human resources to development to compliance officers – anyone with the appropriate responsibilities for and knowledge of the matters concerned in the audit.

What Is A SOC 3 Report ?

SOC 3 report is meant to inform any interested parties about the operating effectiveness of internal controls at the service organization relevant to security, availability, processing integrity, confidentiality, and/or privacy, in connection with a SOC 2 engagement. Public distribution of these reports is not restricted.

How do you validate the security of your organization’s services? A SOC 1 engagement is an audit of the internal controls that a service organization has implemented to protect client data, specifically internal controls over financial reporting. SOC 1 is the standard used by CPAs during a SOC 1 engagement to evaluate, test, and report on the effectiveness of the service organization’s internal controls. The result? A SOC 1 report validating the organization’s commitment to delivering high quality, secure services to clients.

SOC 1 audits are one of our specialties and we deliver SOC 1 reports to the customers. Information Security Auditors are senior-level experts, holding certifications like CISSP, CISA, and CRISC, to help you maintain SOC 1 compliance. Our audit delivery tool streamlines the audit process, helps reduce the complexity of compliance efforts, and gives our clients the ability to combine multiple audit frameworks into one audit. Connect with us today to learn about the time it takes to complete a SOC 1 audit and understand the cost of receiving a SOC 1 report.

What is a SOC 1 audit?

A SOC 1 audit is an audit at a service organization related to internal control over financial reporting (ICFR). SOC 1 audits were developed by the AICPA and follow the Statement on Standards for Attestation Engagements No. 18 (SSAE 18).

How much does a SOC 1 audit cost?

Pricing for a SOC 1 audit depends on scoping factors, including business applications, technology platforms, physical locations, third parties, and audit frequency. Pricing will also vary based on the report type you choose, inclusion of a gap analysis, or inclusion of additional remediation time.

How long does a SOC 1 audit take to complete?

The average SOC 1 audit, using AASC’s process, is completed in 12 weeks. The engagement begins with scoping procedures, then moves into an onsite visit, evidence review, report writing, and concludes with the delivery of a SOC 1 report. This timeline is extended when a gap analysis must be performed or when remediation takes longer than expected.

What do I receive when my SOC 1 audit is complete?

A SOC 1 audit culminates in a SOC 1 report. The components and formatting of SOC 1 reports delivered by AASC are based on guidelines provided by the AICPA and written by our team. SOC 1 reports provide a service organization’s clients with documentation outlining their system and controls, demonstrating how client information is maintained in a secure manner, and aides clients in performing their evaluation of the effectiveness of controls that may require their administration.

How long is a SOC 1 report valid?

The opinion stated in a SOC 1 report is valid for twelve months following the date the SOC 1 report was issued.

How often does a SOC 1 audit need to be performed?

Industry standard is to schedule a SOC 1 audit (Type I or Type II) to be performed annually or when significant changes are made that will affect the control environment. Any frequency less than that will demonstrate a lack of commitment to compliance, plus it may cause distrust in the service organization’s systems.

Who is involved in a SOC 1 audit?

In every SOC 1 engagement, our Information Security Auditors are required by the AICPA to maintain communication with management and those charged with governance from the service organization. Other team members involved in the audit could come from anywhere in your organization, ranging range from human resources to development to compliance officers – anyone with the appropriate responsibilities for and knowledge of the matters concerned in the audit.

Our mission is to provide the support and guidance your organization needs to begin a successful compliance journey. You don't need to choose an audit partner and leave you with unanswered questions and regulatory compliance concerns. Instead, you can begin and end your audit with us and overcome the most challenging compliance requirements you face. Using our service you will achieve:

A Streamlined Audit Process

After engaging with us, Information Security Specialists use the proprietary tools to help clients complete 60% of the audit before stepping through your doors for an onsite visit. Our tool acts as a guide through the audit control objectives, allowing clients to organize their requirements and document their process. Our clients are able to collaborate with their Information Security Specialist through an efficient process on their own schedule, gain remediation guidance early in the process, and eliminate intrusive and expensive onsite time. The tool’s efficiency allows our clients to be notified of audit requirements year-round and prepare for future engagements.

Partnership with an Expert

When you work with us, your organization is partnered with an expert in information security. This can be an invaluable resource for your organization. Our Information Security Specialists are dedicated to educating our clients and helping them meet their compliance objectives. Our average Information Security Specialist has 10 years of experience in areas such as IT governance, data security, regulatory compliance, and cybersecurity, spanning healthcare, government, manufacturing, banking, and software services industries.

The Information Security Specialists maintain their expertise with industry trends through continued education so that we can best help you maintain compliance and keep your organization safe and secure. After an engagement with us, you will be able to demonstrate your organization’s compliance and verify that your organization has the proper internal controls and processes in place to deliver high quality services to your clients.

Delivery of a Quality Audit

We believe in a quality audit. It’s our responsibility to provide our clients with the most thorough, accurate, and timely project that we can. Our commitment to quality starts at the top and runs throughout the organization. Our Quality Assurance team reviews Information Security Specialist’s working papers to ensure that testing results use our common language to capture accurate, detailed explanations of what was tested, and that testing results were captured in a timely, repeatable, and retainable fashion. The Quality Assurance process results in a scorecard for each project, which drives our continual improvement cycle. We regularly make adjustments to this process to provide clients with a thorough, accurate, and timely audit report.

Build trust. Protect your company’s most critical assets

Reliance on outsourcing to save money and gain efficiencies continues to grow, but so, too, does the trust gap as you share your critical data with third parties. Audit reporting assures customers and stakeholders that your business has the appropriate controls in place - for both your business processes and information technology (IT) - to protect your financial and client data.

Many traditional industries - for example, payroll processors and loan servicers within financial services - have relied on the audit reports to assure they have proper controls in place for years. Increasingly, a wider set of industries - like FinTech and tech-enabled logistics companies - are also relying on the information technology audit  processes. These processes offer a cohesive, repeatable process where companies can assess once and then report out to many stakeholders. The information technology audit report can:

• - Drive trust and transparency with internal and external stakeholders.
• - Increase efficiencies while reducing compliance costs and time spent on audits and vendor questionnaires.
• - Meet contractual obligations and market concerns through flexible, customized reporting
• -  Proactively address risks across the organization.

Our professionals can bring expertise and insight to your reporting process. By navigating the complexities of the information technology audit report with the help of a skilled and independent auditor, you can obtain the following:

• - A readiness assessment aligned to the relevant the information technology audit report framework, including recommendations for improvement and identification of potential gaps prior to a examination.
• - A information technology audit report you can share with customers and other auditors to provide transparency into your control environment.
• - A customized information technology audit report that meets specific industry or customer requirements, such as NIST, HITRUST or GDPR....

With more than 30 years of experience in consulting business management solutions, we are a reliable partner of over 2,500 clients in Vietnam.In order to consult comprehensive digital transformation solutions for businesses in Vietnam, AASC have built and developed the brand ADIGITRANS - AASC Digital Transformation - ( https://adigitrans.com ) belonging to the AASC ecosystem to provide professional services and Top quality for our clients.

The quality of ADIGITRANS's service has been acknowledged as the Gold Partner of Bitrix24 and the authorized partner of the world's leading brand such as Zoom and FreshWorks ... With a team of experienced experts, We believe that the combination of modern technology and leading experience of corporate governance experts will bring customers an economical and effective solution.

1. BITRIX24: Business automation software with 35+ tools on board are efficient undergo digital transformation, replace multiple tools with one solution and unlock new possibilities for business growth. ADIGITRANS is a Bitrix24's gold partner in Vietnam.

2. ZOOM: The leader application according to Gartner's Magic Quadrant for Meeting Solutions in 2019 and is suitable for all sizes of businesses and easy to use. ADIGITRANS is an authorized reseller partner of Zoom in Vietnam.

3. FRESHWORKS - The system of products meets most business needs with affordable cost, affordable, quick to implement, and designed for the end-user. The featured products are: Freshdesk - Customer Service & FreshSales - Customer Relationship Management.

ADIGITRANS is also an authorized partner of QRC Assurance and Solutions Company in Vietnam to provide Quality Services and Integrated solutions in the Data Security & Privacy domain. We take the complexity out of protecting data and attaining the Governance, Risk and Compliance goals for our clients. We provide multiple Quality, Risk, and Compliance services and have completed over 15000+ assessments with 325 + clients in 35 + countries.

The solution from ADIGITRANS offers customers the optimal solution and has an attractive implementation cost when compared to the efficiency it brings. We pride ourselves on providing a perfect experience and professional support to our customers when using our services. We also advise you on business management solutions in the digital transformation process from AASC - Top 5 Consultant in Vietnam. That makes the difference and the value exceeds your expectations.

AASC Auditing Firm was established on May 13, 1991 under the Decision of the Minister of Finance. The first People's Credit Fund was established under the Prime Minister's Decision in 1993. On their feet from south to north, nearly 500 AASC auditors have seen the People's Credit Fund more than once. people but never thought that this would be a place to stay for a long time.

The age is about the same and they are active all over the country, but it was not until 2011 that they had a chance to meet each other. Starting with Rural Project III, which is owned by the Bank for Investment and Development of Vietnam, and AASC Auditing Firm appointed by the World Bank (WB) to audit 08 People's Credit Funds Moc Chau, An Thach , Van Trach, Go Den, Cham Mat ... in the program to strengthen the institutional capacity of credit institutions.

Ending the Project and closing it like many other projects, AASC continued in the ups and downs of life with its partners Banking, Finance, Joint Stock Company, Limited Company ... and the image of Credit Fund. The population fades in May.

After five years of separation, the AASC auditor's footsteps were startled by the strong growth of the People's Credit Fund. With the people-based development model, taking the people as the root and driving force of development, as well as the State Bank increasingly consolidating the system of policies and regimes, the People's Credit Fund has grown stronger. , which is more sustainable and makes an important contribution to meeting the capital needs for production, business, services and life of its members, realizing the goals of hunger eradication, poverty alleviation and restriction of usury in the region. countryside.

Coming to the People's Credit Fund, AASC auditors know the sincerity, sharing, help and gratitude of the homeland people. It is easy to see us sleeping at the house of the President, the Director or the Accountant. And when the staff of the People's Credit Fund got up early to send the auditors to the Head Office in time for work. Even when drinking alcohol soft lips even though AASC auditors are very afraid that drunken matches will affect the next People's Credit Funds and delay the reporting schedule. Full of love, please allow me to touch the full cup of wine with my lips so that my feet can be hard and soft.

And from here, the People's Credit Fund and the AASC Auditing Firm will share the same path, wishing for sympathy, sharing, closeness and long-term attachment. With that desire, AASC Auditing Firm accompanies the People's Credit Funds in auditing and consulting for more than 400 People's Credit Funds and regularly sends newsletters of legal documents to more than 1,000 Credit Funds. People's Credit Fund for a strong and long-term relationship through a little sentiment about the People's Credit Fund.

A LITTLE SENTIMENT ABOUT PEOPLE'S CREDIT FUND

I have traveled all over North Central South
From the midlands and mountains down to the plains
And I see so many beautiful stories
Stories of the spirit of cooperation
Homeland development

Very ordinary people Determined to work together to do credit
People with the same dream
Helping the people

People who are not afraid of difficulties
Appraisal, lending, debt recovery
Every day every day like a swarm of worker bees
Serving the people

Caring and considerate people
Receive love messages from relatives
Salty sweat savings
Turn sweet profits

Villages crammed with tall houses
Fruit-laden orchards
The fields are flooded with grazing cattle
Also thanks to the people's credit fund

Capital goes from where it is to where it is needed
Like water flowing from high to low
Fund is a river, Fund is a dam
Bring water and bring silt

I won't forget the places I've been
An Giang, Bac Lieu, Soc Trang, Binh Phuoc
Binh Thuan, Lam Dong, Dak Nong, Dak Lak, Gia Lai
Ninh Thuan, Vung Tau, Ho Chi Minh City

Quang Tri, Quang Nam, Xu Nghe, Quang Binh
Thanh Hoa, Ninh Binh, Hai Duong, Hanoi
Ha Giang, Thai Nguyen, Son La, Yen Bai
Phu Tho, Quang Ninh, Nam Dinh, Thai Binh

The countryside is imbued with love
A bowl of green tea brings the soul of the North
The central song is like a confession
Glass of Southern wine is extremely generous

We are proud to be partnered
Together with the Funds to build the country
AASC vows to walk together
Long-term cooperation...!!!

Accompanying People's Credit Funds in recent years, AASC Auditing Firm has audited more than 300 People's Credit Funds, advised over 400 People's Credit Funds by phone and email, and regularly sent copies of the report. Information on legal documents for more than 1,000 People's Credit Funds. On that basis, the AASC Auditing Firm listened to the opinions of the People's Credit Funds to draft documents to advise and support the operation of the People's Credit Fund, as a small brick to contribute to the development of the People's Credit Fund. development and growth of the People's Credit Fund system in Vietnam. Details are as follows:

1. The diagram of the regulation system of the People's Credit Fund: With the system of regulations according to the operation of the apparatus, including: Organizational apparatus; Loan; Capital mobilization; Finance – Accounting – Money Transfer; Safety rate; Safe vault; Labor – Salary; Other Regulations

2. The system of internal regulations, processes and regulations of the People's Credit Fund: Including 73 internal regulations and processes and regulations directly serving the operation of the People's Credit Fund.

3. Loan forms and loan contracts: The system of forms and contracts related to lending activities is classified by legal entity and natural person with 72 forms.

4. Internal forms for lending activities: The system of internal forms for lending activities is classified by legal entity and natural person with 22 forms.

5. The people's credit fund document system: Including all important documents, still valid and affecting the operation of the people's credit fund, updated up to the present time.

6. Training materials: Publications issued by AASC to support and advise the training and operation of the People's Credit Fund.

Although we have tried our best, errors cannot be avoided in the compilation process. We look forward to receiving comments from the People's Credit Funds to make the document more complete.

People's Credit Funds "People's Credit" was established in 1993 and currently there are over 1,200 People's Credit Funds operating across the country. After more than 24 years of implementation, up to now, the goal of forming and developing a cooperative economic model in the credit field has been achieved in rural areas, exploiting local capital sources to contribute to meeting the needs of customers. capital for production, business, services and life of members and play an active role in the process of rural economic development.

In line with the Government's policy and the requirement to audit financial statements in particular, the professional service needs in general of the People's Credit Fund sector, AASC has established the Auditing and Assurance Services Division in the field of assurance and auditing. Banking and finance sector with a core team of well-trained personnel at home and abroad, and equipped with professional knowledge such as CPA, ACCA and also have many years of experience in the field of finance and banking. specialized... to ensure the provision of specialized and quality services to the People's Credit Funds in particular and credit institutions in general.

After many years of operation, AASC has provided audit services, accounting advice, tax advice, policy advice and support to improve management capacity for more than 300 People's Credit Funds in the province. operating in 64 provinces and cities across the country.

Outstanding features of AASC's Services:

- Deep understanding of the banking and finance sector and experience in providing services for many years continuously for hundreds of People's Credit Funds.

- Regularly advise, support and share with customers documents and knowledge to improve business management and internal management capacity.

- Consistently apply Audit Manual designed to fully comply with the requirements of ISAs of HLB International Network (HLB International).

- The network's international knowledge and experience is combined with over 25 years of domestic experience of AASC - the first audit firm established in Vietnam.

- AASC together with Big4 are the 5 largest service providers in the market (according to statistics of the Vietnam Association of Practicing Auditors).

- AASC is a member of the Standing Committee of the Vietnam Tax Advisory Association (VTCA).

- AASC's services are performed by nearly 500 professional staff in 3 offices in Hanoi, Ho Chi Minh City and Quang Ninh.

Relevant information:

- AASC forms and publications for People's Credit Funds

- Contact to consult and audit the People's Credit Fund

Attachment: 2013 Transparency Report

Aiming to improve financial management capacity of projects funded by IFAD in Asia Pacific, from October 14 to October 16, in Bangkok, Thailand, in collaboration with APMAS, IFAD organized a financial management workshop with the attendance of 50 delegates from countries in the region. At the workshop, financial experts of IFAD office in Rome updated new regulations and requirements of IFAD on project management as well as shared practical experiences in other countries to the delegates. Mrs. Pham Thi Thanh Giang, Partner, Deputy Manager of AASC presented the funding of the project and capital allocation method in implementation stage in Vietnam. Along with this workshop, AASC also carried out the audit of project “Greater Mekong Sub-region Highway Expansion” funded by Thailand Ministry of Transportation and Construction, which helped AASC to expand its image and presence in Thailand.

Deputy Manager of AASC Pham Thi Thanh Giang presented at the workshop

Delegates of the workshop in Bangkok, Thailand

Vietnamese Government's policies on the investment attraction were marked by the issuance of the Law on Foreign Investment in 1987. After over 30 years of the implementation, Foreign Direct Investment (FDI) sector has always been a dynamic sector and significantly contributing to the development and integration with the international economy.

In the connection with the Government’s policies and the demand for professional financial statement audit services of FDI enterprises, AASC has established the Foreign Investment Services (FIS) Department. FIS staff are well educated in prestigious universities in Vietnam and abroad, equipped with professional knowledge of CPA Aust. and ACCA and had many years of working experience, etc. to ensure the highest quality of professional services provided to FDI enterprises.

Over many years of operating, FIS Department has been providing a variety of the Audit and Consulting services on Finance, Accounting, Restructuring, Tax… and Related Parties’ transactions (as required by Decree No. 20/2017/ND-CP issued on 24/02/2017).

Our clients are operating in diversified business sectors such as Banking, Trading, Manufacturing, Services, etc. and from various countries e.g. Japan, Korea, Taiwan, Malaysia, Singapore, Germany, the UK…. Many of them are MNCs whose group companies are the public or stock listed.

Advantages of our professional services:

    •    The consistent application of Audit Manual issued by HLB International (https://hlb.global) which is fully complied with the requirements of the International Standards of Audit (ISAs)

   •     Auditing knowledge and experiences as well as the best international practices are all shared and supported by Audit Working Group and members of HLB International operating in over 100 countries.

    •     Over 27-year experiences of AASC in harmony with HLB International towards the strategy of Global in Reach Local in Touch.

   •    AASC and Big4 are in the Top 5 leading professional service providers in Vietnam (according to the annual statistic of Vietnam Association of Certified Public Accountants - VACPA).

•     AASC’s services are conducted by over 500 professional people working at 3 offices in Hanoi, Ho Chi Minh City and Quang Ninh province.

Contact
       Mr. Do Manh Cuong MBA CIMA FCCA CPA Aust. FCPA Vietnam
       Deputy General Director
       This email address is being protected from spambots. You need JavaScript enabled to view it.
       (+84) 903 256 280

AASC has provided audit services to many projects funded by international organization in diversified sectors:

AASC is the first Vietnamese Auditing firm shortlisted to provide audit and consulting services for projects funded by the World Bank since 2003.

During over 10 years since 2003, AASC has provided audit and consulting services to hundreds of ODA projects in diversified economic sectors. These projects audited by AASC were funded by the World Bank (WB), the Asia Development Bank (ADB), the International Fund for Agricultural Development (IFAD), the European Commission (EC), JICA, IFD, etc. and under the management and direction of Ministries, Sectors, Provincial People’s Committees, Economic Groups, State-owned Enterprises, etc.

AASC’s services include:
- Financial Statement Audit;
- Internal Audit;
- Procurement Audit;
- Consultancy on improving financial management capacity…

Additionally, with deep understanding of donors' requirements and Vietnamese Government’s regulations on the operation of ODA projects, we have received many requests from Project Management Units to provide courses on training and updating knowledge of accounting and financial management for projects’ officers.

On the morning of 18/10/2013, the inauguration ceremony of project “Office Building of the Communist Party Central Office” was solemnly held at No. 1A, Hung Vuong Street, Hanoi. The ceremony was honored to receive Mr. Le Hong Anh, Politburo member, standing member of the Secretariat, Mr. Phan Dien, former Politburo member, standing member of the Secretariat, Mr. Ngo Van Du, Politburo member, Secretary of the Party Central Committee (PCC) and Head of the PCC Commission for Inspection, Mr. Tran Quoc Vuong, Secretary of the PCC, Chief of the Secretariat attending and congratulating on the success of the project. Mr. Ngo Duc Doan, Chairman of the Member Board and General Director of AASC Auditing Firm also attended the ceremony, participated in the sightseeing tour around the construction and congratulated Management Board of Party Central Office and project investment owners.

The Office Building, which has been constructed from 18/10/2011, is a major project having significant meaning in politics and foreign affairs. Under the direction of the Management Board of Party Central Office, with the determination of all contractors and consultants and assistance from Ministries, Branches and Sectors, the project has been completed and put into use 15 months earlier compared to the estimated plan. This is the second largest project of Party Central Office audited by AASC after the project “Office Building of the Politburo, Secretariat and Party Central Committee” at No. 01 Hung Vuong Street.

The inauguration ceremony ended in the jubilant atmosphere of all visitors, Management Board and staff of Party Central Office. Additionally, Management Board of Party Central Office also expressed confidence in the quality of AASC’s professional services and hoped that AASC and Party Central Office will continue to firmly cooperate in the coming time.

Photos of the inauguration ceremony

Editorial Board

On the morning of 9th October, 2013, representatives of Board of Management, auditors, audit assistants, technicians and staff of AASC Auditing Firm paid respects to General Vo Nguyen Giap at his home, 30 Hoang Dieu street, Hanoi. Joining people from all walks of life nationwide, AASC staff was touched by the sentiments and respects of citizen all around the country for the General. Lines of people, from the elderly to the youth of Northern, Central, Southern of Vietnam, gathered together with patriotism to pray for General Giap and wish him rest in peace and bless the country.

The overflowed feelings of grief at the moment standing before the General’s portrait moved AASC young generation to tears. All AASC staff would like to express our sincere thanks, admiration and pledge to study and follow the bright example of the Great General - a national hero, a legend dedicated his whole life for the country and its citizen. In the white uniform, all AASC staff was in deep memory of the General, full of patriotism, proud of national traditions and aware of our social responsibilities. Concurrently, everyone promised to cultivate professional ethics in auditing and accounting, successfully perform and complete all the assigned tasks and professional services in auditing and consultancy, build and develop AASC strongly and stably.

Since 2011, the risk management activities have been promoted and implemented to contribute effectively the improvement of the State management of import and export activities.

On September 18, 2013 the Prime Minister issued Decision No. 1621/QD-TTg on approving the plan of development of Vietnam’s chemical industry to 2020 vision 2030.

Accordingly, the Prime Minister has set out a number of directions, key objectives for each specific group, such as till 2020 investing in modern technologies and renewing equipment and management to meet the basic raw materials for the pharmaceutical industry; building new factories of plant-derived natural products and semi-synthetic with the capacity of 150-200 tonnes / year, inorganic pharmaceutical and conventional excipients with the capacity of 200-400 tonnes / year, cephalosporin antibiotic I with total capacity of 600 tons / year, some other essential medicines (fever relievers, anti-inflammatory analgesic, antibacterial) with the capacity of 1,000 tons / year; sorbitol production with the capacity of 30,000 tonnes / year to meet the raw material for Vitamin C production with a capacity of 1,000 tons / year, and more ...

Simultaneously, for group of rubber products, the Government focused on the investment in the renewal of equipment, technology, expansion of existing production facilities up to 15 million automobile tires / year; expansion of technical rubber production in existing plants and building new production plant: 700,000 m2 and conveyor belts clad steel wire, steel wire 1.0 million meters / year; construction of carbon black production plant with the capacity of 115,000 tons / year to produce black coal as raw materials for rubber products, etc ...

For group of plant protection chemicals, the purpose is to promote production and processing plant protection chemicals, meeting domestic demand in 2020; apply production technology, advanced processing to create the product easy to use, eco- friendly, biodegradable products… towards 2030.

Regarding growth targets, the country aimed for an average growth rates between 14% and 16% and the share of chemical industry to account for up to 14 percent of the whole industrial sector by 2020, and 15 percent by 2030…

BBT

Vietnam government will allow greater foreign ownership of banks of up to 49 percent as it seeks to revive growth in the country.

In addition, there are plans to sell shares in companies such as Vietnam Airlines Corp.,, Vietnam Posts & Telecommunications Group, and Vietnam Oil & Gas Group.

The Prime Minister Nguyen Tan Dung also said he is considering increasing the foreign ownership limit in banks and telecommunication companies. Total foreign ownership in any lender is currently from 20% - 30% which limits offshore interest in Vietnamese banks.

Vietnam has reduced the number of companies which are wholly-owned by the government to 1,300 from 12,000.

Source: From Vietnamese version.

In condition of domestic competition is fierce and saturated, searching new overseas markets like Viettel and Mobifone indicating the testaments to penetrate foreign market through acquisitions would surely have more lesions for domestic telecommunications companies.

At the invitation of Mr. Nguyen Thang – Journalist, Editor in chief of Audit Newspaper, on 9th July, 2013, Mr. Ngo Duc Doan – Chairman of the Member Board, General Director of AASC attended a cordial meeting to celebrate the anniversary of the 1st printed matter of Audit Newspaper (5/7/2012 – 5/7/2013). Attending the meeting were members of Centre Committee of the Communist Party of Vietnam: Mr. Nguyen Huu Van – Chief State Auditor, Mr. Phung Quoc Hien – Chairman of National Assembly Committee of financial and budget affairs, representatives of Centre Department of Propaganda and Training, Ministry of Information and Communications, Vietnam Journalists Association…

“In the previous year, thanks to the interest and facilitation in the fields of human resources, infrastructure, initial investment capital of leaders of State Audit, the effective assistance and cooperation of departments and units in Audit field, the support of collaborator and readers, Audit Newspaper has been gradually stabilized and improved the quality of published articles both in the aspects of content and presentation, enhanced the quantities of printed matters and number of readers, successfully completed the assigned political tasks” – stated in reports of Editorial Board of Audit Newspaper.

Also in the meeting, Chairman of the Member Board, General Director of AASC has reported to Chief State Auditor on the cooperation between AASC and the State Audit since 1994 to present, particularly on the signing ceremony of memorandum of agreement between AASSC and Centre for Sciences and Staff fostering – State Audit of Vietnam on 18th June, 2013. Mr. Doan also hoped to receive the interest, guidance and support from Chief State Auditor to successfully implement this memorandum of agreement. In reply to Mr. Doan, Mr. Nguyen Huu Van recognized and expressed his willing to support the cooperation in the field of training auditors and sharing auditing and consulting experiences between the State Audit and independent auditors.

Photos of the meeting

After over 22 years of operation, including 16 years operating as a SOE, 6 years operating as a limited company with more than two members, AASC has strongly and firmly developed and been considered one of Top 5 largest auditing companies operating in Vietnam (after international auditing companies Big 4).

To recognize and praise excellent achievements of AASC in 2012 contributing to Social Republic building and nation protection as well as strong development of Finance field and Independent Audit field, on 24th June, 2013, 2013,Vietnamese Prime Minister issued Decision no. 982/QĐ-TTg to award AASC the illuminating Flag of the Government for excellent and complete accomplishing business tasks and leading the illuminating movement in Finance field 2012. That AASC has been honorably awarded the illuminating Flag of the Government for the second time has a lot of meanings, particularly when people all around the country have excitedly emulated to celebrate 65th anniversary Uncle Ho appealed Patriotic Emulation (11/06/1948 - 11/06/2013).

On 1st July, 2013, Chairman of the Member Board, Board of General Directors, Party Committee Secretary, Chairman of Trade Union, Youth Union Secretary, Representatives of veteran branch of AASC Auditing Firm honorably welcomed and met with leaders of Ministry of Finance at the time AASC was a SOE: Mr. Ho Te – Former Minister, Mr. Ly Tai Luan – Former Chairman of the National Assembly Committee on Economic and Budgetary Affairs, former Deputy Ministers: Mrs. Pham Thi Mai Cuong, Mr. Pham Van Trong, Mr. Vu Mong Giao, Mr. Nguyen Ngoc Tuan (Chairman of Vietnam Valuation Association at present), Asso. Pro., Dr. Dang Thai Hung - Director of Accounting & Auditing Policy Department and Dr. Pham Huy Doan - former Director of AASC. Through the meeting, AASC would like to express sincere thanks and appreciation to these leaders and hope to receive more interests and assistance from them.

To recognize and praise AASC, continuing Mr. Ho Te’s speech of encouragement and trust expressed to AASC, on behalf of leaders of Ministry of Finance at the time AASC was a SOE, Mr. Dang Thai Hung - Director of Accounting & Auditing Policy Department – Ministry of Finance emphasized that after over 22 years of operation, including 6 years of transformation, AASC has deserved to be considered one of Top 5 largest auditing companies operating in Vietnam (after international auditing companies Big 4) in the aspects of revenue, numbers of clients, number of auditors. Mr. Dang Thai Hung also advocated AASC to be a brilliant pioneer to implement the development strategy of independent audit profession towards 2020, vision to 2030 and believed that AASC would continue to popularize its trademark nationwide, integrate globally in providing professional services, remain its leading position among Vietnam auditing firm and narrow the gap with international auditing firm Big 4 operating in Vietnam.

Mr. Ngo Duc Doan expressed sincere thanks to valued guests for attending the meeting and hoped that AASC will receive more interest and assistance from the Government, Ministry of Finance, relevant Ministries and Branches, professional associations, former leaders in the field of finance and committed that AASC will successfully implement the development strategy of auditing and accounting towards 2020, vision to 2030, continue to strongly develop and narrow the gap with international auditing firm Big 4 operating in Vietnam.

 Photos of the cordial meeting

On 18^th June, 2013, at the office of Centre for Sciences and Staff fostering – STATE AUDIT OF VIETNAM, AASC Auditing Firm has signed Minute of Agreement with Centre for Sciences and Staff fostering – STATE AUDIT OF VIETNAM.

This is an important milestone in the relationship between AASC and the STATE AUDIT OF VIETNAM after many years of cooperation in the fields of human resources, training on Finance, Accounting and Auditing, in providing and implementing services of auditing, financial consultancy, accounting, tax, in organizing international workshops on the integration of accounting and auditing locally and globally. Particularly in the period (2006-2009), sponsored by the European Union, cooperated with the European Commission delegation in Vietnam, AASC and Bannock Consulting Limited (United Kingdom) and National Audit Office (England) successfully implemented the project “Support to the State Audit of Vietnam”, issuing Vietnamese Standards on Auditing in 2010.

To best comply with the Independent Audit Law, the Law on State Audit and contribute to the strong development of the State Audit and Independent Audit profession, this minute of agreement plays a role as the framework for both sides to promote activities to help and support each other.

Attending the signing ceremony of minute of agreement between AASC and Centre for Sciences and Staff fostering – STATE AUDIT OF VIETNAM were Assoc. Pro., Dr. Ngo Tri Tue - Director, Assoc. Pro, Dr. Nguyen Dinh Hoa-Deputy Director and key staff of the centre and, on AASC’s side, were Mr. Ngo Duc Doan-Chairman of Member Board, General Director, Members of the Member Board and Deputy General Directors: Nguyen Thanh Tung, Cat Thi Ha and Head of Business Support Unit Mrs. Nguyen Lan Anh.

Assoc. Pro. Dr. Ngo Tri Tue, Director of the Centre and Mr. Ngo Duc Doan, Chairman of the Member Board of AASC reached a consensus: Formalizing the cooperation by the minute of agreement between Centre for Sciences and Staff fostering – STATE AUDIT OF VIETNAM and AASC Auditing Firm would bring many benefits to the development of both parties.

At the end of the ceremony, both parties have expressed happiness and committed to successfully implement the Minute of Agreement.

Photo of the signing ceremony of Minute of Agreement

BBT

On the morning of 17th June, 2013, Mrs. Coco K. Liu-Head of Business Channel Development of HLB International visited and worked with AASC Auditing Firm, during her time in Vietnam from 15th to 22nd June, 2013.

At the meeting, on behalf of the Board of Directors of AASC, Mr. Ngo Duc Doan- General Director was pleased to notify and share the brilliant operating results of AASC Auditing Firm over the last 22 years, particularly after its launching ceremony on 17th May, 2013. In reply to Mr. Doan, Mrs. CoCo congratulated and affirmed the commitment of Mr. Rob Tautges- HLB President to assist AASC by delegating HLB International Head of Business Channel Development to implement and promote business channels in Vietnam and other countries. With the target of building closed relationship, becoming trusted and strategic partner with leading organizations such as: Australian Trade Commission (Austrade), Japan External Trade (JETRO), UK Trade & Investment (UKTI), MIDA, Finnish Foreign Trade Association (FINPRO)…in Vietnam and all around the world, HLB International made its best efforts to improve the prestige, get higher rankings in providing professional services and expand its presence in African countries. Additionally, Mrs. Coco also presented the operation of HLB member firms in Japan, United Kingdom, Hong Kong, China…and promoted cooperation opportunities between AASC and other HLB members.

AASC believed that the solid cooperation between HLB International and AASC would bring many mutual benefits to both parties soon after the working visits of Mr. Rob Tautges- HLB International President and Mrs. Coco- Head of Business Channel Development to AASC.

Photos of the meeting between AASC Auditing Firm and Mrs. Coco K. Liu- HLB International Head of Business Channel Development .

Implementing the annual assigned tasks by Ministry of Finance, from 2nd June to 6th June, 2013, Auditor Do Thi Ngoc Dung – Manager of Training and Quality Control Department of AASC Auditing Firm Company Limited and officers of Department of International Cooperation – Ministry of Finance and representatives of Vietnamese delegation attended the 38th meeting of ASEAN Audit Committee in Jakarta – Indonesia.

The meeting focused on the annual issues of ASEAN Audit Committee, including inspecting and monitoring the implementation of recommendations of ASEAN Audit Committee for Financial, Accounting and Internal Control Systems of ASEAN in previous meetings, examining and evaluating the quality, effectiveness and content of independent audit work on financial statements prepared and presented by ASEAN Secretariat. Additionally, ASEAN Audit Committee also participated in the establishment of Draft on Duties of independent auditors who will undertake the audit engagement of financial statements of ASEAN Secretariat for the fiscal year 2013, and planning the working schedule of internal auditors for 2014 and other relevant issues.

At the end of the meeting, Auditor Do Thi Ngoc Dung and Vietnamese delegates successfully implemented the assigned tasks, contributing to the success of 38th meeting as well as communicating and expanding the prestige in providing high qualified professional services and strengthening the image of AASC Auditing Firm, one of the first two auditing firms established in Vietnam, a forerunner of independent audit profession in Vietnam, to Vietnam administrative departments and international partners.

On the afternoon of 9^th Jun, 2013, at AASC Auditing Firm’s head office, Chairman of the Member Board, General Director of AASC Ngo Duc Doan hosted a reception for Mrs. Jeanne De Guillebon, controller management Asia of Entrepreneurs du Monde (EDM).

At the meeting, Mrs. Jeanne De Guillebon expressed the purpose to assist the poor in Vietnam and gradually reduce poverty and improve their livelihoods through lending, saving and training activities of EDM. Mrs. Guillebon also appreciated the qualified professional services of auditing, financial consultancy that AASC provided to “Anh Chi Em” Finance Program implemented by EDM in Dien Bien province, Vietnam. She also considered AASC to be a good and reliable partner of EDM and hoped to continue to cooperate with AASC in following EDM projects in Vietnam.

Chairman Ngo Duc Doan expressed his sincere thanks to Mrs. Jeanne De Guillebon and EDM for their consideration and cooperation exposed to AASC in the audit and consultancy engagement. General Director Ngo Duc Doan also stated that the objective of EDM projects to help the poor improve their lives is also the responsibility and strategic mission of AASC during 22 years of development along with business, consultancy and investment activities. AASC committed to enhance quality of professional services provided to EDM projects in Vietnam and hoped that the relationship between AASC and EDM will firmly develop towards the goal of community development and for a prosperous, civilized and glorious Vietnam.

Grasp thoroughly the Patriotic Emulation of Uncle Ho, in practical activities to celebrate the 65th anniversary Uncle Ho appealed Patriotic Emulation (11/06/1948 - 11/06/2013), departments and units in AASC AUDITING FIRM have made ​an ​exciting emulation to implement and successfully complete political mission and assigned tasks. As of the end of May 2013, a typical number of units issued cash receipts from customers based on data of Accounting department compared with the previous period, in order, are:

 1. AASC branch in Ho Chi Minh City increased by 45.6%.

 2. Auditing Department No.2 increased  by 11%.

 3. Construction Auditing Department has the same revenue as last period.

In particular, the growths of Auditing Department No. 3 and No. 7 experienced impressive growth at 43.5%.

To spread extensively AASC brand in nation-wide, in the region and the world, the Board of Directors, General Director called for Departments, Unit, Branch and Representative office to participate in a patriotic movement of being into AASC AUDITING FIRM as follows:

     Seize opportunities to develop markets, increase market share in the fields of Finance, Auditing and Accounting.  

    Constantly improve the quality of professional services of Auditing, Accounting & Financial consultancy, Tax providing to clients.

    Successfully complete the target of the 6th fiscal year approved by the Member Board of AASC.

All for AASC AUDITING FIRM’s strong and sustainable development – Every Member of The Member Board emulate to gain great achievements.

On the morning of August 2, 2013, at Ministry of Finance head office, Member of Central Committee of the Communist Party of Vietnam, Civil Affair Committee Secretary, Finance Minister Mr. Dinh Tien Dung welcomed and worked with Chairman of Vietnam Association of Certified Public Accountants (VACPA) Mr. Tran Van Ta, leaders of VACPA and Chairman of the Member Board, General Director of AASC Auditing Firm Mr. Ngo Duc Doan.

At the meeting, through reports of VACPA, Mr. Dinh Tien Dung has approached the market situation in over 2 last decades and challenges in implementing professional services of auditing and accounting at present when the Vietnam economy is still in big troubles. Leaders of VACPA and AASC also hoped to receive the interest and direction of Finance Minister to develop a strong and stable auditing and accounting market in the time ahead. In reply, Mr. Dung has expressed and emphasized policies on managing and stabilizing the auditing and accounting market, practical activities of Ministry of Finance for supporting auditing and accounting associations in boosting professional services of auditing, accounting, financial and tax consultancy in Vietnam.

Also at the meeting, Mr. Tran Van Ta presented about AASC Auditing Firm and its operation to Finance Minister. AASC is one of two first auditing and consulting companies established in Vietnam by Ministry of Finance and plays a role as the forerunner of independent audit profession in Vietnam. Mr. Doan hoped to receive the guidance and assistance of Finance Minister, leaders of Accounting & Auditing Policy Department, professional association and relevant agencies to facilitate the strong development of AASC and support AASC to become a brilliant pioneer among Vietnamese Auditing Firm, narrowing the gap with international auditing firms Big4 operating in Vietnam. Mr. Dinh Tien Dung has recognized and praised the endeavor and accomplishments of VACPA and auditing firms including AASC as well as committed to support professional association and auditing firms to firmly develop and successfully complete auditing and accounting strategy to 2020, vision to 2030.

Photos of the meeting

On 20/8/2013, in Thailand, Directorate for Roads of Thailand - Ministry of Transport and consulting group including AASC Auditing Firm – HLB member in Vietnam and HLB Thailand hold a successful signing ceremony of consulting agreement for “Greater Mekong sub-region highway expansion project”. Attendees at the meeting include Dr. Punya Chupanit – Project Director, leaders of Thailand Ministry of Transport, Mr. Ngo Duc Doan – AASC Auditing Firm Chairman of the Member Board and General Director, Mr. Do Manh Cuong – AASC Deputy General Director and representatives of HLB Thailand.
This is one of Thailand national priority projects in the aspects of traffic, economics and relations with other countries coordinated by Ministry of Transport with total capital investment up to $180 million (equivalent to VND 3,800 billion) financed by Asian Development Bank (ADB) and Thailand government. Identifying the project from February 2013, AASC has proposed cooperation with HLB Thailand to participate in the  consultancy bidding package. After over 6 months of hard work, relentless efforts and close cooperation between 2 parties, the consulting group has won a victory over many other auditing firms of Thailand and foreign countries to be appointed consultant of the project by Thailand Ministry of Transport. That the consultant was selected based on CQS method (Consultant Quality Selection) has affirmed AASC’s competence and experience in the region and worldwide.
Coming back from the signing ceremony, Mr. Doan was pleased to inform the good news to Board of Management, auditors, audit assistants and staff of the company. AASC – the biggest one among Vietnamese auditing firms, under judicious direction of Board of Directors and with extensive professional knowledge of auditors, committed to do its utmost to successfully implement the consulting agreement in reply to the trust of Thailand Ministry of Transport as well as to improve and expand AASC image and status regionally and globally, towards the strategic mission “Bring Vietnam audit profession to a new height” of Vietnamese auditing firms.

 Photo: Chairman of AASS Mr. Ngo Duc Doan and Project Director Dr. Punya Chupanit

Towards the 59th anniversary of the Capital Liberation Day (10/10/1954 - 10/10/2013) and   the 7th Member Board meeting of AASC Auditing Firm, on the morning of 07/10/2013, Deputy General Director Mrs. Cat Thi Ha presented AASC a meaningful gift, two parterres with colorful flowers in front of the Company’s entrance. Those parterres not only contribute to the beauty of the Capital, the street, the company but also are best wishes of Mrs. Ha to the 7th Member Board meeting of the Company.

AASC would like to express sincere thanks to Mrs. Ha as well as her family and hope that she will always be healthy, charming, reach great achievements in the field of auditing and consultancy, significantly contributing to the development of AASC and Vietnam Independent Audit Profession.

Following the working schedule of the business trip to survey consulting and auditing activities in Western Europe countries, the senior delegation including representative members of AASC Member Board led by Mr. Ngo Duc Doan - Chairman of the Member Board and General Director of the Company has visited and worked with HLB Hungary and WTS Klient Tax Advisory.

Receiving AASC delegation are 4 senior members of HLB Hungary and WTS Klient Tax Advisory including: Mr. Szabolcs Szeles Audit Director HLB Hungary, Mr. Tamás Gyányi Director Tax services WTS, Mr. Zoltán Lambert Partner International tax expert WTS, Mr. Gyorgy Korosi Partner WTS.

At the meeting, both parties have actively shared about great successes and achievements obtained in auditing, accounting and consulting. Attendees also discussed about concerned points related to the provision and implementation of professional services in Vietnam and Hungary as well as the strategy to promote services and clients in Asia and Europe, particularly in the fields which HLB Hungary and WTS Klient Tax Advisory have prominent advantages in such as tax consultancy, financial management, merger and acquisition. HLB Hungary and WTS Klient Tax Advisory have recognized AASC’s proposal and pledged to introduce AASC investors and clients of HLB Germany and HLB Hungary operating in Vietnam as well as provide technical support and share experience in accounting and consulting in Europe to AASC.

Photos of the meeting 

BBT

On the morning of September 14, 2013, in Hanoi, AASC Auditing Firm held a cordial meeting to celebrate 20 year anniversary of Prime Minister’s approval for AASC to rebrand and implement auditing services. Distinguished guests at the meeting include Assoc. Prof. Dr. Dang Thai Hung - Director of Accounting & Auditing Policy Department, Assoc. Prof. Dr. Tran Van Ta – Former Permanent Deputy Minister of Ministry of Finance (MOF) and Chairman of Vietnam Association of Certified Public Accountants (VACPA), Assoc. Prof. Dr. Dang Van Thanh – Chairman of Vietnam Association of Accountants and Auditors (VAA), Former Vice Chairman of the National Assembly Committee on Economic and Budgetary Affairs, Dr. Pham Huy Doan – Former Director of Auditing and Accounting Financial Consultancy Service Company (AASC), Mrs. Truong Thi Hoang Dieu – Deputy Director General of Department of Personal and Training, MOF.

At the meeting, on behalf of AASC Board of Management, Chairman of the Member Board, General Director Mr. Ngo Duc Doan reviewed the rise and fall of the company over 22 years of development, challenges and difficulties since its establishments, greatest milestones impressed upon AASC's generations of leaders and auditors. Reaching a consensus and sharing unanimous thoughts between members of the Member Board, under the sound and solid leadership of the Board of Directors as well as with the determination of all staff, AASC – a Vietnamese Auditing Firm has been like “a flagship flowing to the ocean”, overcoming all obstacles to obtain great successes and achievements. Mr. Doan also pledged that AASC, besides the inheritance of traditional values and core values during over 2 decades of operation, will do its utmost to innovate, enhance service quality, improve professional knowledge of staff, integrate in auditing, accounting, tax and financial consultancy in the region and internationally, comply with Vietnamese and international auditing standards to maintain the trust from clients and partners locally and globally.

Speaking at the meeting, Assoc. Prof. Dr. Dang Thai Hung - Director of Accounting & Auditing Policy Department recognized, praised and congratulated AASC for its accomplishments and great contributions to the development of the independent audit profession in Vietnam. Mr. Hung also actively shared about the development strategy of independent audit profession in Vietnam towards 2020, with a vision to 2030 approved by Prime Minister. Additionally, Mr. Hung gave his commitments to support AASC to maintain its position as a leading company and a brilliant pioneer among Vietnamese Auditing Firms and to communicate AASC brand name nationwide and worldwide. Last but not least, Mr. Hung emphasized that AASC must always strive to strongly develop, gradually be equivalent to international auditing firm Big 4 operating in Vietnam.

AASC also received precious advisory, sharing, encouragement of Assoc. Prof. Dr. Tran Van Ta – Chairman of VACPA and valued visitors for the company development. In reply, Mr. Doan expressed sincere thanks to all distinguished guests and believed that with the interest and support from MOF, Ministries and Branches, relevant agencies, professional associations, AASC will successfully implement accounting and auditing strategy towards 2020, with a vision to 2030.

Photos of the meeting

Assoc. Prof. Dr. Dang Thai Hung - Director of Accounting & Auditing Policy Department, MOF
Valued visitors and AASC Board of Management

On the afternoon of September 9, 2013, at the head office of Vietnam Association of Certified Public Accountants (VACPA), Mr. Ngo Duc Doan – Chairman of the Member Board and General Director of AASC participated in the meeting with leaders of State Audit Office of Vietnam including Mr. Nguyen Huu Van – member of Central Committee of Communist Party of Vietnam, Auditor General of the State Audit Office of Vietnam and Mr. Nguyen Ngoc Sung – Chief of State Audit Office Secretariat.

At the meeting, Assoc. Prof. Dr. Tran Van Ta – Chairman of VACPA reported to Mr. Van on the operating results of VACPA over last 8 years and achievements in implementing the tasks assigned by Ministry of Finance (MOF). Mr. Doan continued the meeting by giving sincere thanks to Mr. Van for his interest and support expressed to Audit profession and AASC Auditing Firm. Immediately after State Audit’s foundation in 1994, the close cooperation between AASC and State Audit has been originated by the Vietnamese Government with the consultancy from MOF. One of the typical demonstration is that from 2006 to 2009, sponsored by the European Union, cooperated with the European Commission delegation in Vietnam, AASC and Bannock Consulting Limited (United Kingdom) and National Audit Office (England) successfully implemented the project “Support to the State Audit of Vietnam”  issuing Vietnamese Standards on Auditing in 2010.

Particularly, on June 18, 2013, aiming to the solid and strategic cooperation between two parties, AASC and Centre for Sciences and Staff fostering – STATE AUDIT OF VIETNAM have signed Memorandum of Agreement, forming a framework to further cooperation activities between two parties. The Board of Management of AASC and Centre for Sciences and Staff fostering believed that with the consensus and determination, both parties will successfully implement the Memorandum of Agreement, creating many benefits to the development of both parties and contributing to the transpiration and development of Vietnam economy.

Photos of the meeting

AASC officially issues new logo built based on true value: Transparency- Independence- Knowledge- Trust- Sustainability. Of which, the core value is TRANSPARENCY.

AASC is one of two first independent auditing companies (with VACO) – changes its name from the Auditing and Accounting Financial Consultancy Service Company Limited (AASC) found by Ministry of Finance since 13 May, 1991. AASC transferred its business form to company limited with more than 2 members in accordance with WTO commitment in 2007.

After 22 years operation and development, company still remained the position as one of the five auditing companies in Vietnam with the highest number of customers and auditors (nearly 65 auditors, 01 auditors qualified ACCA, 18 Valuer Certificates, 54 Certificates for practicing service on tax procedure (VTCA) and above 330 staff).

AASC currently achieves the highest second position in customer and revenue among auditing companies system achieving 128 billion dong; leading position of revenue and auditing construction quality out of 230 independent auditing companies operating in Vietnam. Simultaneously, AASC is three times granted Competition Flags and set of Labor Medals by President and Prime Minister of the Socialist Republic of Vietnam.

AASC currently is one of audit companies having the highest revenue from auditing services and the investment capital settlement reports.

(DTCK) Along with deep integration of Vietnamese economy, the Vietnamese Auditing Firms have played an increasing important role and globally integrated in the aspects of quality and brand name

(ĐTCK) CùAASC has launched a ceremony changing its name from Auditing and Accounting Financial Consultancy Company Limited (AASC) to AASC Auditing Firm with the target of narrowing the gap with international auditing firms Big 4 operating in Vietnam and bringing Audit profession in Vietnam to a new height, said Mr. Ngo Duc Doan – Chairman of the Member Board, General Director of AASC Auditing Firm.
International Auditing Firms Big 4 have broadened their presence in Vietnam. According to many experts, Vietnamese auditing firms have been in an unequal competence. As general director of AASC - the biggest among auditing firms operating in Vietnam (after Big4), what are your comments?
AASC has elevated the cooperation with international auditing firms Big4 as well as some small and medium auditing firms. In our opinion, the cooperation will bring many mutual benefits to all parties in fostering quality of services provided to clients, improving clients' confidence and increasing revenue from audit services…
If competence is compulsory, AASC will do its best to find niche market and less competitive sections which AASC has advantages to develop rather than directly confront with other auditing firms.
Recently, AASC has organized launching ceremony changing its name to AASC Auditing Firm. What are motivations under this transformation?
Over 22 years operating in the fields of auditing and financial accounting consultancy in Vietnam, AASC has affirmed its prestigious brand name in the auditing and accounting market as well as expanded its presence nationwide. Therefore, to be compatible with AASC’s size and enhance the integration of auditing and accounting in the region and all over the world, we have reached a consensus to change the company name to AASC AUDITING FIRM.
Under the new brand name, AASC Auditing Firm still maintained and relentlessly promoted its traditional core values as one of the two first companies operating in the fields of auditing and accounting in Vietnam.
What are the effects after changing company name?
Up to now, after 2 months from launching ceremony to change company name and establish a subsidiary (AASC Consulting and Associates Company Limited – ACG), early signs show that the trust and confidence of clients for AASC has been reinforced. Along with traditional clients, a number of new ones have approached to AASC, contributing to AASC’s expansion in auditing and accounting market. Part of new clients has proposed AASC to provide financial and management consulting services…
We have been implementing our plans to spread AASC brand name in providing professional services and human resources as well as expand the company’s size and enhance its prestige and status in audit profession. The strategic objective of AASC is to maintain the leading position among Vietnamese auditing firm, narrow the gap with international auditing firms Big 4 operating in Vietnam, lift Audit profession in Vietnam up to a new height and contribute to Vietnam’s economic development.

On 17th May, 2013, in Hanoi, The Member Board, Board of General Directors, Auditors, Valuers of AASC solemnly held “Launching Ceremony of AASC”, changing company’s brand name. AASC was honored to welcome Mr. Tran Xuan Ha – Deputy Minister of Ministry of Finance, former leaders of Ministry of Finance: Mr. Vu Mong Giao, Mr. Tran Van Ta, Mr. Nguyen Ngoc Tuan, Directors of Departments under Ministry of Finance, Leaders of professional associations: Vietnam Association of Certified Public Accountants (VACPA), Vietnam Tax Consultants’ Association (VTCA), Vietnam Valuation Association and Mr. Robert Tautges – President of HLB International to attend, congratulate and make speech at the ceremony. Particularly, attending the meeting were numerous clients and customers all over the country who have recognized and trusted AASC for the last 22 years.

In the solemn atmosphere of the event, Chairman of the Member Board, General Director of AASC Ngo Duc Doan warmly welcomed and expressed sincere thanks to all honored guests, delegates and respective partners and clients accompanying AASC in the past years, shared the feelings of all members in the new stage of development and declare business philosophy associating with new brand name and new logo of AASC. General Director emphasized that the launching ceremony has marked a significant impression and the golden time in the company’s history and committed that AASC, along with international auditing firms Big 4 operating in Vietnam, will provide professional services of auditing and consultancy with international standards to clients locally and internationally.

Speaking at the ceremony, on behalf of the Party Commission, Ministry of Finance Leader, Deputy Minister Tran Xuan Ha congratulated AASC and affirmed that "the launching AASC brand name at this moment is a very appropriate decision". Over the last two decades of operation and development, with brilliant achievements gained and the difficulties and challenges experienced, AASC Auditing Firm was converted from Auditing and Accounting Financial Consultancy Services Company Limited (AASC) is aged at the prime of one's life with full of enthusiasm and dynamic to capture new opportunities, with confidence to receive new challenges, to reach their mature and develop in a strong and sustainable way.

Along with the announcement of the new name and logo of AASC, Leadership of AASC Consulting and Associates Company Limited (ACG) were also launched. Chairman of ACG had a speech to thank warmly supports by the majority of customers, leaders in Finance, Accounting, Auditing fields and leaders in professional associations at the ceremony, and committed to continuously improve the quality of services, meet the needs of integration and economic development.

Also at the Ceremony, Deputy Minister of Finance, Mr. Tran Xuan Ha awarded the Labor Medal Third Class of the President to Manager of General Affair Department, Mr. Hoang San and Merit of the Prime Minister to the Director of the Representative Office of AASC in Quang Ninh, Mrs. Nguyen Thi Hai Huong and Manager of Auditing Department No.1, Mr. Pham Anh Tuan.

Photos of Launching Ceremony on 17th May, 2013.

Deputy Minister of Ministry of Finance Mr. Tran Xuan Ha spoke at the ceremony

Chairman of VACPA Mr. Tran Van Ta expressed feelings at the ceremony

Chairman of Southern Food Corporation Mr. Pham Hoang Ha congratulated AASC Auditing Firm

President of HLB International and Chairman of the Member Board of AASC

Leadership of AASC Consulting and Associates Company Limited (ACG)

Deputy Minister of Ministry of Finance awarded the Labor Medal Third Class of the President of Vietnam to Manager of General Affair Department, Mr. Hoang San

Implement the program of Union work and youth movement in 2013; Pursuant to the Plan No. 93-KH/DTN-BTC dated 4/7/2013 of the Standing Committee of the Youth Union of the Ministry of Finance on "Organizing the 2013 Voluntary Blood Donation Day", in response to the campaign "The drops of red blood", the AASC Auditing Firm's Youth Union participated in the 2013 Humanitarian Blood Donation Day held by the Youth Union of the Ministry of Finance and the Central Institute of Hematology and Blood Transfusion at 8:00 am on July 23, 2013 at the National Institute of Hematology and Blood Transfusion. Room 106 headquarters of the Ministry of Finance.

Understanding the profound meaning of the movement "humanitarian blood donation" is one of the noble gestures of people to people and is the tradition of mutual love and affection "good leaves protect torn leaves" of the Vietnamese people, The AASC Auditing Firm's youth union actively participated in this Blood Donation Day. With the strength of youth, the AASC Auditing Firm's Youth Union volunteered to participate in the Blood Donation Day with the highest spirit, bringing meaningful blood units to serve emergency work, bringing faith and hope for the patient. Especially in this Blood Donation, some brothers and sisters like Mr. Vu Xuan Bien - Head of Audit Department 2, Ms. Nguyen Hoang Trinh - Deputy Head of Project Audit Department, although no longer active in the Union, still actively registered to participate. Experts show that the "humanitarian blood donation" movement has increasingly become a meaningful and noble act, clearly demonstrating the noble humanity, the voice of conscience, and the affection of people towards their children. people honored by society.

On 05/18/2013, President of HLB International and AASC Auditing Firm representatives have visited orphans at the Bo De Temple - Gia Lam - Ha Noi .

HLB International not only focuses on investment and development services and revenue growth but also concentrate on fulfilling corporate social responsibility for the poor or unlucky people. Small meaningful gifts reflect deep concern from Chairman Robert Tautges and AASC. Hope that they will have a better life in the future. It is also a goal to strive all the way in the formation and development along with business operations and management, AASC and HLB International always shared social responsibility to the State for a beautiful Vietnam, civilization and prosperity.

To support those affected by the floods that took place in the middle of Vietnam, in the afternoon of October 8, 2010, the Ministry of Planning and Investment launched a fundraising campaign.

On 7/8/2013, at the Government Office, the Deputy Prime Minister Vu Van Ninh has met the Director of World Bank in Vietnam (WB), Ms. Victoria Kwakwa.

At the meeting, on behalf of the Government, Mr. Ninh thanked the largest multilateral lender’s positive support of WB for Viet Nam over the past time.

The Deputy Prime Minister said that Viet Nam has deployed a string of measures to restructure the economy including numerous consultations and recommendations which were proposed by the WB. These measures have worked efficiently. All cooperated programs between the Government and WB has been conducted proactively.

Ms. Victoria Kwakwa emphasized that WB respects Viet Nam’s endeavors in economic restructuring especially in the banking system, SOEs and public investment. These fields play the decisive role in Viet Nam’s long-term development. In addition, WB acknowledges the achievements of Viet Nam particularly in macro-economic stability, FDI attraction and support for the stable development of the economy. One of the main achievements is that Viet Nam succeeded in establishing the Viet Nam Asset Management Company (VAMC) in line with the country’s economic and social conditions. The company is expected to handle bad debts in the economy and revitalize the banking system.

In addition, the Deputy Prime Minister Vu Van Ninh and Ms. Victoria Kwakwa discussed issues which both sides were interested in and related to three main factors need to restructure such as: WB supports expert having experience in restructuring financial sector; supports to VAMC to operate more efficiently in Vietnam economy; supports professional technique in SOEs restructuring processes, etc.  

Source: From Vietnamese version.

On July 15th 2013, the Minister of Industry and Trade issued Circular No. 15/2013/TT - BCT regulations on coal exports.
Specifically, for the coal export conditions, the Circular No. 15/2013/TT-BCT have regulated that subjects, who only are enterprises are allowed to export coal. Coal exporters are enterprises having eligible coal trading business under the provisions of Circular No. 14/2013/TT-BCT dated July 15th 2013 of the Ministry of Industry and Trade regulations on coal trading conditions.

On the other hand, about goods, coal which is permitted to export when simultaneously meeting the following conditions: Having been processed and met quality standards or equivalent quality standards specified in Appendix I under this Circular; having legal origin as stipulating in Circular No. 14/2013/TT-BCT dated July 15, 2013 of the Ministry of Industry and Trade regulation of the coal business conditions; as the other provisions (if any) as the administration of the Government for export-import operations in each period.

Enterprise when do coal exporting procedures must have a proven record of lawful origin of exporting coal together with report of sample analysis in order to confirm the suitability of the standard and quality of batches of exporting coal, which issued by a laboratory reaching standard VILAS.

The General Department of Energy (the Ministry of Industry and Trade) is assigned to be responsible for all maintenance and coordinate with Ministries, Branches and localities related periodically check the compliance with the provisions of Circular and the provisions of relevant laws.

This Circular has come into effect since September 1st, 2013 and replaced Circular No. 05/2007/TT-BCT dated October 22nd, 2007 of the Ministry of Industry and Trade on the export of coal.

Source: Ministry of Industry and Trade of the Socialist Republic of Vietnam

Minister Nguyen Bac Son issued Circular No. 14/2010/TT-BTTTT dated June 21, 2013 of the Ministry of Information and Communications guiding the formulation, approval and implementation of local telecommunications infrastructure planning.

On 15/07/2013, Prime Minister Nguyen Tan Dung signed the decision to issue Decree No. 72/2013/ND-CP on the Government on management and use of Internet services and online information. This Decree also elaborates on the assurance of information safety and security, organization’s and individual’s rights and obligations to the management, the provision and use of Internet services, online information, online games, etc.

Accordingly, the Decree has implemented the development and management policies of Internet and online information as follows: To encourage the use of Internet in all economic and social activities, especially in education, health care, and scientific research to improve productivity; To encourage the development of Vietnamese contents and applications to serve Vietnamese community on Internet and enhance the upload of healthy and useful information to Internet; To develop broadband Internet infrastructure in schools, hospitals, research institutes, libraries, state agencies, enterprises, public Internet stations, and households. Focus on the provision of Internet services in rural areas, remote areas, bordering areas, islands; To prevent the abuse of the Internet to threaten national security, social order and safety; To encourage and facilitate the use of “.vn" domain names, domain names in Vietnamese, and the conversion to addresses using IPv6 technology (hereinafter called IPv6 technology). To intensify international cooperation in Internet on the basis of mutual benefits, etc.

Enterprises may provide internet services after obtaining the license to provide internet services.

This Decree takes effect from 01/09/2013.

From 11th to 13th May, 2012, the representative of the Accounting, Auditing and Financial Consultancy Service Limited Company (AASC), Mr. Do Manh Cuong

On the morning of 20th March, 2013, at Accounting, Auditing and Financial Consultancy Service Limited Company (AASC)’s head office, Chairman of Board of Members, General Director….

After visiting Vietnam Ministry of Finance, on 16th May, 2013, President of HLB International, Mr. Robert Tautges visited and worked with…

During the visiting in Vietnam, on 17th May, 2013, the President of HLB International Mr.Robert Tautges visited and worked with…

In the jubilant atmosphere of launching ceremony and changing the company name to AASC AUDITING FIRM, a party is ceremonially organized to celebrate the brand new logo of AASC and AASC Consulting and Associates Company Limited (ACG) at the headquarters: No. 1 Le Phung Hieu - Hoan Kiem - Ha Noi. Attending the event has welcomed President of HLB International- Robert Tautges, representative clients from the South, Board of Directors, Leaders, Auditors, Audit Assistants, Technicians and AASC staff.

All the Board of Directors and AASC staff are always proud of the successes and achievements during years and believe that AASC will reach new remarkable accomplishments in Accounting, Auditing and Financial and Tax Consultancy based on the strong solidarity, professional ethics, and passionate spirit for the principle "Always provide the highest quality services for the legal benefit of customers".

The ceremony ended in the happy atmosphere spreading out all people attending. This event not only brings meaningfulness to all members but also reflects the commitment for the development of Financial, Accounting and Auditing Field as well as sustainable growth of AASC. With a new image, dynamic and strategic vision to 2030, AASC will continue to assert its renowned brand-name and growth; maintain the leading position in the auditing company system in Vietnam, narrow the gap with Big4, gradually integrate regionally and internationally.

Photos of celebration on 18th May, 2013

(DTCK) Investors need to keep in mind some basics when considering interim financial statements for the fiscal year 2013 so as to comprehend financial position of enterprises behind the sales and profit figures.

Under the requirement of many parties for information transparency on the stock market, listed companies have increased their awareness of responsibilities to ensure that the financial statements give a true and fair view of the financial position of those at the time of preparation.