Regulation of Interception of Communications and Provision of Communication-Related Information Act, 2002 (Act 70 of 2002)Directives in Respect of Different Categories of Telecommunications Service Providers made in terms of The Regulation of Interception of Communications and Provision of Communication-Related Information Act, 2002 (Act No. 70 of 2002)Schedule C : Directive for Internet Service Providers in terms of Section 30(7)(a) read with Section 30(2) of the Regulation of Interception of Communications Information Act, 2002 (Act No. 70 of 2002)Part 3 : Detailed Security, Functional and Technical Requirements of the Facilities and Devices for Lawful Interception10. Functional Requirements |
10.1 | The following minimum functions must be implemented within the ISP for LI purposes; the processes used to support these functions must be well documented and auditable at all times: |
• | Support of OIC in feasibility study phase ie. provision on request of customer-related targeting information required for inclusion in the warrant or direction. |
• | Receipt of LI warrants and directions from the Office of Interception Centers (OlC) by means of either: |
o | hand delivery; or |
o | an electronically signed and encrypted form delivered by electronic mail or another messaging means to be determined in conjunction with the IC. |
• | Verification of the validity of the warrant or direction; |
• | Provision of the warrant or direction into the provisioning terminal as per the targeting and timing information provided in the warrant or direction; the electronic confirmation of the activation of the warrant or direction to the IC through the mediation device; |
• | Administration of the physical and logical security and access control mechanisms implemented for this purpose; |
• | Any systems administration of the provisioning terminal, databases and mediation devices implemented at the ISP, which is requested by the IC; |
• | Reporting to the IC on security breach attempts and failed access attempts relating to the interception provisioning terminals; and |
• | Regular internal audit of security and operations implemented for LI purposes. |