Sreekanth NemaniCompliance is not a one-time thing, it is a constant monitoring and periodic checks of the systems, to stay compliant with DoT regulations. Maintaining adequate and secure compliance has multiple facets including failure notifications, change control mechanisms, and periodic reviews.
An interesting fact to know about the telecom industry – In past six years, the enterprise PBX toll fraud has increased around 50%, reaching to $7.5 billion.
“When we talk IT infrastructure – whether it is the network, OS, Databases or applications that sit on top of them (IP telephony is one such application), the security aspects are heavily enforced, but compliance is neglected. We learned it the hard way when a DoT (Department of Telecom) auditor walked into our office one day and sealed it” said VP-IT, Fortune 500 Company.
Introduction to compliance with Indian telecom
“Data regarding Primary Rate Interface (PRI) line customers, Calling Line Identification Restriction (CLIR) customers, Heavy usages customers, Bulk connections etc. are sent by service providers regularly to TERM cells, which are then scanned for illegal service providers. Discrepancies are then acted upon immediately, and DoT headquarters are updated monthly with all this information.” – Compliance Audit on Communication & IT Sector Union Government, Department of Telecommunications, 2015.
The Ministry of Communications and Information Technology is the head department where all the activities of Indian telecom landscape are governed, through the multiple institutions.
The original structure was established through the “Indian Telegraph Act, 1885” and the “Indian Wireless Telegraphy Act, 1933”, though the modern aspect of the regulations was governed through the “Telecom Regulatory Authority of India Act, 1997” and the Information Technology Act, 2000”.
India Toll Compliance
As per the Telecom regulations in India, it is mandatory for the organizations to get a separate license for Internet-based telephony and traditional-cellular telephony. This restriction is called ‘India Toll Regulations’ or ‘India Toll Compliance’.
Enterprises using a PBX (Public Branch eXchange) for calls within the organization are most likely to be impacted by this regulation. And it is essential for such enterprises to establish a strict partitioning in the PBX and stay compliant with this regulation.
Other Service Providers
‘Other service providers (OSPs)’ are the enterprises providing ‘other services’ over the licensed telephony network. Contact centers, KPOs, telemedicine, ITES, Network operation centers, etc. are such enterprises that fall under this category, and need to register with DoT (Department of Telecom) and follow specific OSP terms & conditions.
Term Cell and OSP distribution in India
As per the collected data, a total of 6189 registered OSPs are present with 34 DoT term cells across India. These term cells conduct annual audits with their particular offices under Licensed Services Areas. Also, seven cities majorly cover a whopping 79.33% of OSPs in India at present.
What challenges does an OSP face?
Mainly, OSPs usually encounter three main challenges that are explained below:
· Technical Expertise:
Finding experts who can understand the involved regulations and ensure that the systems are configured to the necessary configurations. Using consultants is a more prudent approach in such cases.
· DoT Audits:
DoT conducts multiple audits in about 5-10% of TERM Cells of the OSPs of India every year. Failing an audit leads to closing of the operations for many OSP.
· Liaising with DoT:
Paperwork can be challenging when it comes to submitting the same at the relevant TERM cell every year. It is best to outsource to DoT consultants.
Future trends to impact the landscape
Regulations and technology are both changing with time, making it challenging for the OSPs to keep track of the same. Some of the future trends that will be impacting the landscape of Indian IT are:
· SIP Trunking:
SIP trunking does not prevent an enterprise from achieving full compliance, but it does alter the way things are done, which an expert can easily tackle with from a compliance perspective. From the traditional PRI trunks towards the SIP trunking, a definite trend is there in telephony, directly impacting the OSPs and the enterprise CUGs, resulting to changes to the configuration of the PBX of the logical partitioning.
· Regulatory support for Internet Telephony:
TRAI proposes that a liberal intermixing of the traditional networks and internet telephony could fundamentally lead to alterations in business use cases. It will be more challenging for the enterprises with hot desking and mobility, attempting on staying compliant with OSP regulations.
OSP audits by locations
DoT TERM cells conduct regional audits of the OSPs regularly and, as per their past data, 30-70% of the aggregate OSPs has been audited in last five years, in a licensed service area (LSA).
Two major factors are considered for the statistics evaluation:
· Multi-location OSPs:
OSPs with multiple operating offices in the same city are ‘Multi-location OSPs’. DoT primarily targets the audits towards such multi-site OSP operations, computing around 80-90%.
· Dormant OSPs:
As per the data, 10-15% of OSPs are accounted dormant yearly. An OSP that misses submitting their yearly documentation, for two continuous years, are placed in the dormant list of DoT. Though they running their operations regularly while violating the OSP regulations.
DoT with its 34 TERM cells can perform audits every couple of years in all the OSPs of India if they choose so. They verify paperwork every year and report their outcomes to the head office every month to detect illegal activity or fraud while looking to conduct annual audits to cover the major OSPs every 4-5 years.
The article is the first part of a 2 part series. Stay tuned!
Also Read: Cloud Telephony Services in India: The Scope and Future
(Disclaimer: This is a guest post submitted on Techstory by the mentioned authors. All the contents and images in the article have been provided to Techstory by the authors of the article. Techstory is not responsible or liable for any content in this article.)