Responsibility of Information Technology Department

– Deliver, provide, withdraw special digital certificates of tax authorities; protect, store, transport digital certificates in a way that ensure safety and confidentiality; provide support and instructions on issues related to digital certificates at the Department of Taxation and Sub-department of taxation; promptly report and deal with violations.

– Provide, manage, use, withdraw public digital certificates of organizations and individuals at Information Technology Department on demand.

– Inspect and supervise the adherence to this document of individuals and units of tax authorities.

– Manage and maintain a database about subscribers and digital certificates under their management.

– Protect and use the secret key storage device in “top secret” mode according to regulations on state secrets.

– Manage, protect, and ensure the operation of hardware security module of General Department of Taxation.

– Retain and manage relevant documents.

– Instruct Departments of Taxation, departments and units affiliated to General Department of Taxation to use digital certificates.

– Register, receive, deliver special digital certificates with Government Cipher Board.

Article 11. Responsibility of subscribers

– Provide sufficient and accurate information about issuance of digital certificates.

– Do not reveal information about digital certificates including registration information and the secret key.

– Do not give the secret key storage device to another person.

– Keep the secret key storage device in a safe and secret place. Protect and use the secret key storage device in “top secret” mode according to regulations on state secrets.

– Change and protect the password of the digital certificate right after receiving it.

– Notify the head of the unit in case the secret key is revealed or suspected to be revealed, the secret key storage device is lost or copied, or other cases of insecurity, the subscriber’s position is changed or the subscriber retires, the digital certificate expires, the subscriber receives a request for withdrawal of the digital certificate from a security agency.

– Promptly report violations to the head of the unit.

– Digital signatures shall be appended on digital certificates of the agency/organization by the document management division on the authority of the head.

– The subscriber that loses or damages the digital certificates shall pay damages.