17 January, 2019
DoT prescribes Minimum Requirement for Security Policy of DoT Licensees
The security policy at the minimum must include provisions in relation to, inter alia:
(i) responsibility of the management;
(ii) designation of chief security officer(s) for network security and information security;
(iii) implementation of security risk management system;
(iv) periodic evaluation of the information security performance and effectiveness of the security management;
(v) provision of periodic training and awareness programs;
(vi) ensuring adequate storage, protection and availability of the security policy, recruitment process, and employee’s record including permanent and local addresses and their pre-employment references, etc. T
he notification clarifies that the licensees should have further provisions, in addition to the minimum requirements set out in the notification, as a part of their security policy to enhance security as deemed fit, since network security is the responsibility of the licensees. The licensees have been given a period of one year to fully implement these requirements. Further, these guidelines are subject to review after every two years or on need basis.
Inclusion of the Net- Neutrality provision in License Agreements
The DoT has, recently amended the terms of UL(VNO) agreement, Cellular Mobile Telephone Service license agreement and Unified Access Service license agreement to include the regulatory framework on ‘Net Neutrality’. Pursuant to these amendments, the telecom licensees are not permitted to engage in discriminatory treatment of content, including any discrimination based on the sender or receiver or the user equipment. The licensees have been expressly prohibited from entering into any arrangement or agreement with any person that has the effect of discriminatory treatment of content. In the context of these restrictions, the DoT has prescribed an inclusive definition for ‘content’ to include all content, applications, services and any other data or end-point information that can be accessed or transmitted over the internet.
Further, for the purposes of these restrictions, ‘discriminatory treatment’ has been defined to include blocking, degrading, slowing down or even grant of preferential speeds or treatment to any content. The amendments clarify that the aforesaid restrictions will not apply to ‘specialized services’ i.e. services other than internet access service that are optimized for specific content, protocols and user equipment wherein such optimization is necessary to meet the specific quality of service requirements.
For further information, please contact:
Zia Mody, Partner, AZB & Partners
zia.mody@azbpartners.com
