New Delhi: The Telecom ministry has asked operators to submit status reports on offering location-based service of mobile users by November this year, as part of revised network security guidelines.
The ministry had amended the telecom licences in May this year to ask operators to provide location details of mobile customers in the licensed service area within a prescribed time-frame with certain degree of accuracy.
According to sources, the Department of Telecom (DoT) has written to operators to submit half-yearly status report on whether the service providers have upgraded their networks to ensure that subscribers’ location details are available in the call data record (CDR).
The ministry has set 7 October as a fresh deadline for mobile operators to comply with the network security-related rules which were announced in May.
Telecom companies will have to submit a separate note as to how the said organizational policy addressed related security and security management of networks and to network forensic within one month that is by 7 October 2011, an internal note from Department of Telecom said.
Further, operators will also have to ensure that important management places, like chief technical officer, chief information security officer or nodal executives responsible for call interception and monitoring, are held by Indian nationals by 1 April 2012.
Further, telcom companies also need to file a status report on security audits conducted on their networks by 30 November. Such reports will have to certify that a mobile network is safe and free of bugs and malware.
Accordingly, network audits have to be undertaken by an ISO certified agency.
Eventually, telcos need to submit a detailed network audit status reports for each financial year on the first day of the next fiscal, the note added.
Likewise, the new rules also mandate that companies keep the telecom department in the loop on all software updates and changes transpiring at the network level.
Under the compliance format, a telco needs to inform the licencer within 15 days of completion of such software updates and furnish a compliance certificate on the first day of each fiscal for the previous financial year.
Operators have also been asked to ink formal pacts with their respective equipment vendors, wherein the suppliers will have to throw open their premises to spot check by either the service provider or DoT.
The new security rules, however, do away with clauses like man-dating foreign equipment vendors to put their software in the equivalent of a sealed envelope and submit it to the government.