MoCIT has released a Directive for the operation and management of Data Center and Cloud Service. The directive includes various provisions that service providers have to follow that relate to their safety, design, privacy, etc. Communication Minister Prithvi Subba Gurung approved the directive back on Magh 15, 2081.
Directive for operation and management of Data Center and Cloud Service released
The directive has provisions regarding the operation of data center. It also has rules and regulations for the data and cloud service providers who want to provide service.
The directive states that the company must be registered with the Department of Information and Technology before starting service in Nepal. The company must submit company registration and building construction certificates. It must also ensure safety from fire. It must also submit a privacy policy and business continuity plan application.
Companies also need to submit a map of the data center location, details of tiers, technical personnel responsible for the operation, methods and procedures at the department. Service providers must appoint a compliance officer to comply with international standards for the service.
Firms must have necessary infrastructure to operate data center and cloud services. This includes Network equipment such as firewals, routers, swithces and server and storage devices for storing information. Also, companies must have Heat, Ventilation, and Air Conditioning (HVAC), Fire Extinguisher, IP Pol, etc.
If the company doesn’t have its own building and land, it must submit a paper of lease agreement with its owner. It must also submit an Information Security Related Standard Certificate for DC and DR at the Department of Information and Technology.
For already existing data center and cloud service operators, they need to apply for listing within six months. If a firm wants to provide both data center and cloud service, it needs to list its service separately.
Also: Huawei wins Rs 484 MN Data center project of Nepal Telecom
For government data center and cloud service operators
Directive for the operation and management of Data Center and Cloud Service also has provisions for government services. For government data center and cloud services, operators need to use services provided by the Integrated Data Management Center (IDMC). But this provision doesn’t apply to government security agencies.
If there are government service providers, they must migrate to government data centers if are not already. However, if a firm applies with required reasons to operate both primary and secondary site, then the committee will allow for such operation.
Data center and cloud service operators must make full security arrangements. If they find any unauthorized access, they must inform the regulatory body and the Cyber Security Center of Nepal. Service providers must also comply with international standards for the operation and management of data centers and cloud services. They will also need to perform a security audit of their services once a year at least.
Check out: Social Media Bill – 2081 offenses and penalties
Additionally, customers must only buy services from data center and cloud service providers that are listed at the Department of Information and Technology.
The DoIT can facilitate service providers for smooth operation and can also act for any breach of regulations.
Data center and cloud services, especially the former is becoming popular as a commercial service. In that regard, the directive will further help regulate and operate them wih proper guidelines and safety protocols. It also safeguards customers’ rights and states duties. In conlcusion, the directive is a noteworthy groundwork from the government for the operation and management of data center and cloud services in Nepal.
