Regulation of Interception of Communications and Provision of Communication-Related Information Act, 2002 (Act 70 of 2002)

Directives in Respect of Different Categories of Telecommunications Service Providers made in terms of The Regulation of Interception of Communications and Provision of Communication-Related Information Act, 2002 (Act No. 70 of 2002)

Schedule A : Directive for Fixed Line Operators in Terms of Section 30(7)(a) read with Section 30(2) of The Regulation of Interception of Communications and Provision of Communication-Related Information Act, 2002 (Act No. 70 of 2002)

Part 6 : Detailed Security, Functional and Technical Requirements of the Facilities and Devices for Lawful Interception

20. Functional Requirements

Purchase cart Previous page Return to chapter overview Next page

 

20.1The following minimum functions must be implemented by the operator; the processes used to support these functions must be well documented and auditable at all times:

 

Support of OIC in feasibility study phase ie. provision on request of customer-related targeting information required for inclusion in the warrant or direction.
Receipt of LI warrants and directions from the Office of Interception Centers (OIC) by means of either:
oa secure telefax; or
oelectronically signed and encrypted form delivered by electronic mail or another messaging means to be determined in conjunction with the IC.
Verification of the validity of the warrant or direction;
Provision of the warrant or direction as per the targeting and timing information stipulated in the warrant or direction; the confirmation of the activation of the warrant or direction to the IC;
Administration of the physical, logical and LI application security and access control mechanisms;
Systems administration (including configuration management, change management, backup and disaster recovery) of the LI servers, databases, mediation devicesand workstations implemented in the marking facility;
Provision of available reports on performance, availability, capacity, utilisation and other measures (to be determined in conjunction with the OIC) to the IC;
Reporting on security breach attempts and failed access attempts to the OIC; and
Internal and external audit of security and operations within the marking facility.