Scribd
Upload
96 views5 pages

Cyber Security Compliance Guidelines

Uploaded by

hamidbandhakuri
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
96 views5 pages

Cyber Security Compliance Guidelines

Uploaded by

hamidbandhakuri
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

I.

Cyber Security Redline:

1. It is prohibited to Access customer's system and collect, process, or modify


the data and information on customer network without documented
permission.
2. It is prohibited to Connect personal portable device or storage media to
customer network without documented permission.
3. It is prohibited to do Operations beyond the scope approved by customer.
4. It is prohibited to do Operations by using other people's account or
unauthorized account to log in to customer's devices.
5. It is prohibited to Implant malicious codes, malicious software, backdoor,
reserve concealed interfaces or accounts in products or services.
6. It is prohibited to Attack and undermine customer networks. Crack
customer's account password.
7. It is prohibited to Disclose and spread the data and information on
customer's network.
8. It is prohibited to Use shared accounts and passwords without customer's
documented permission.
9. It is prohibited to Retain or use the administrator account and
unauthorized accounts after the commercial use of network or the
maintenance transition.
10. It is prohibited to Run the unauthorized software unless approved in
writing by Customer or Customer client on a customer network, or use
software versions, patches, or licenses that are not obtained through official
channels.
11. It is prohibited to Use information and data in customer's system to
seek improper gains or for illegal purposes.
12. It is prohibited to Participate in government-related sensitive business
and providing any equipment maintenance service to the Monitoring Centre
(MC).
13. It is prohibited to Access lawful interception activity data and carrying
out lawful interception activities and training. Lawful interception activities
include lawful interception object management, lawful interception event
management and lawful interception content management, witout approval
by competent authority.
14. It is prohibited to Participate in equipment maintenance for the
switching network element (the network element provides lawful
interception interface) and the Lawful Interception Gateway (LIG) without
authorization from the customer. If authorization from the customer is
obtained, execution of maintenance work must also follow the two-man rule.

responsibility as regard the lawful interception equipment maintenance


service. The responsibilities for handling equipment maintenance of other
suppliers/ vendors/ manufacturers on behalf of the customer must also be
clearly stated.
15. It is prohibited to Reveal or disseminate the content of security
incidents related to lawful interception and data retention without
authorization from the customer.
16. It is prohibited to Collect, store, transfer, modify or remove customer
network data (including personal data) and performing similar operations
without signing a "Data Protection Agreement" with the customer or
obtaining written authorization from the customer.
17. It is prohibited to Transfer personal data used in business analysis
away from the customer network without being anonymized. The collection
and use of personal data must follow the need-to-know principle.
18. It is prohibited to Send any customer network data (including personal
data) to China without written authorization from the customer.

19. It is prohibited to transmit personal data without encryption.


20. It is prohibited to Share accounts with others; operate beyond the
scope of job responsibilities. Account passwords must follow strong password
rules and be changed regularly.
21. It is prohibited to implement a data retention policy in relation to
traffic data and location data without obtaining written customer approval
before.
22. It is prohibited to take over or grants account privilege which can
collect content of communications (such as short messaging and call
content) without written authorization from the customer; The personnel to
use this kind of accounts must be clearly stated in the written authorization.
The authorization document must be kept properly.
23. It is prohibited to collect content data of communications; Authorized
person(s) can only perform the operations to collect the content of
communications under the consent of the end-user and the written approval
of the customer when the end-user reports a failure related to the content
of communications. The person(s) must follow the need-to-know principle.
The collected files containing content of communications must be encrypted
and stored on shore. They must not be accessed by a non-authorized person.
They must be deleted irreversibly after the completion of troubleshooting.
24. It is prohibited to Tamper with or remove logs from the customer
network. The integrity of logs must be maintained to assist with customer
security incident investigations.
25. It is prohibited to Use operations tools without prior customer
approval in the customer networks. Those tools / software must be obtained
from either the Customer Support web site or customers' authorized
channels.

II. Non Compliance and Disciplinary Actions

Any Non compliance of any manner is not be acceptable at all. If someone found
to be at fault in regards cyber security, a very stern action would be initiated
against that person which will amount to immediate termination of services with
the company along with a penalty of Rs 50000/- (Rs. Fifty Thousand),irrespective
of any level or position a person is holding in the organization

Abdul Hamid

MobileComm Technologies (India) Pvt. Ltd.

Abdul Hamid

07/10/2024

Ranchi

You might also like