Nepal Telecom Authority is going to take action against the service providers who do not audit the information technology.
NEA had asked all service providers to submit information security and cloud audit report by mid-July of the last fiscal year 2077/78.
But as per the directive, NEA is angry after only two service providers submitted their reports.
NEA has taken action against the company that did not follow the instructions and did not submit the report on time. NEA has cut the letter last year and asked the service providers who did not conduct IT audit for clarification.
NEA will take action if the explanation is not satisfactory.
Last year, the Telecommunications Authority introduced a mandatory security audit of the licensed telecommunications service providers, taking into account the system and data security. According to Soe, the time was required to submit the report of the mandatory security audit within the month of February, 2077 BS. After that, the regulator had set a deadline of mid-July to submit the report.
Only two internet service providers submitted their mandatory security audit reports within that period, while other companies have refused to do so.
A director said that the authority has a plan to take action against those who do not follow the instructions and do not even audit.
“We will give everyone a chance to explain first and then take action against the service providers,” the director said.
NEA has been repeatedly giving information and instructions to conduct mandatory security audit. For this, a separate Cyber Security Regulation 2077 has been issued. Security audits have to be done on the basis of cyber security regulations. Accordingly, NEA has been asking the service providers to tighten cyber security.
To conduct security audits, the regulator has also prepared a list of audit firms for cyber security audits and cloud audits. The report has to be submitted to the authority by conducting cyber security audit and cloud audit from the listed firms.
The Telecommunications Authority (TA) has tightened cyber security after hackers leaked data on more than 50,000 customers of Internet service provider Vinet Communications Pvt. After the same incident, the regulatory body has been issuing new directives. It has also been working to alert service providers for cyber security and data security. However, Vinet, who was responsible for the incident, has not been investigated and action has been taken so far.