Regulation of Interception of Communications and Provision of Communication-Related Information Act, 2002 (Act 70 of 2002)Directives in Respect of Different Categories of Telecommunications Service Providers made in terms of The Regulation of Interception of Communications and Provision of Communication-Related Information Act, 2002 (Act No. 70 of 2002)Schedule B : Directive for Mobile Cellular Operators in terms of Section 30(7)(a) read with Section 30(2) of the Regulation of Interception of Communications Information Act, 2002 (Act No. 70 of 2002)Part 6 : Detailed Security, Functional and Technical Requirements of the Facilities and Devices for Lawful Interception20. Functional Requirements |
20.1 | The following minimum functions must be implemented within the operator’s marking facility; the processes used to support these functions must be well documented and auditable at all times: |
• | Support of OIC in feasibility study phase i.e. provision on request of customer-related targeting information required for inclusion in the warrant or direction. |
• | Receipt of LI warrants and directions by means of either: |
o | a physically delivered hardcopy from the OIC; |
o | an oral direction from the appointed judge; |
o | a secure telefax from the OIC ie. an encrypted facsimile facility (to be provided by the OIC); or |
o | an electronically signed and encrypted form delivered by electronic mail or another messaging means to be determined in conjunction with the IC. |
• | Verification of the validity of the warrant or direction based on the telephonic or online verification of the Lawful Interception Identifier (LIID) stipulated in the warrant or direction with the OIC; |
• | Provision of the warrant or direction into the IMS as per the targeting and timing information provided in the warrant or direction; the electronic confirmation of the activation of the warrant or direction to the IC through the IMS; |
• | Administration of the physical, logical and IMS security and access control mechanisms; |
• | Day-to-day systems maintenance on the software and hardware implemented in the marking facility; |
• | Regular provision of reports available in the LI marking facility to the IC; |
• | Reporting on security breach attempts and failed access attempts to the OIC; likewise, reporting by the OlC on security breach attempts and failed access attempts to the MCO in so far as it affects the MCO’s network; and |
• | Regular internal audits of security and operations within the marking facility by the MCO to manage information security risks associated with providing this facility and capability. |