Section 4: Physical and Operational Security

Q: What does Section 4 of The Information Technology (Certifying Authorities) Rules, 2000 (TITCAR) deal with?

Section 4 TITCAR pertains to "Physical and Operational Security". It is part of the The Information Technology (Certifying Authorities) Rules, 2000, a legislation enacted by the Parliament of India. Section 4 of The Information Technology (Certifying Authorities) Rules, 2000 (TITCAR) governs physical and Operational Security. As verified on 19 May 2026.

Q: Is Section 4 TITCAR still in force?

Yes, Section 4 of the The Information Technology (Certifying Authorities) Rules, 2000 is currently in force across the Republic of India.

Q: What is धारा 4 TITCAR?

धारा 4 TITCAR is the Devanagari Hindi reference for Section 4 of the The Information Technology (Certifying Authorities) Rules, 2000. Section 4 of The Information Technology (Certifying Authorities) Rules, 2000 (TITCAR) governs physical and Operational Security. As verified on 19 May 2026.

Q: What is Dhara 4 TITCAR?

Dhara 4 TITCAR is the Roman Hindi reference for Section 4 of the The Information Technology (Certifying Authorities) Rules, 2000. "Dhara" means "Section" in Hindi. Section 4 of The Information Technology (Certifying Authorities) Rules, 2000 (TITCAR) governs physical and Operational Security. As verified on 19 May 2026.

Q: How to cite Section 4 of The Information Technology (Certifying Authorities) Rules, 2000?

Cite as: "Section 4, The Information Technology (Certifying Authorities) Rules, 2000 (TITCAR)" in legal briefs. For academic writing, use the BlueBook format: The Information Technology (Certifying Authorities) Rules, 2000, § 4 (India).

Law on Tips Editorial Board

4.1

Site Design.-(1) The site shall not be in locations that are prone to natural or man-made disasters, like flood, fire, chemical contamination and explosions.

(2)

Asper nature of the operations, suitable floor structuring, lighting, power and water damage protection requirements shall be provided.

(3)

Construction shall comply with all 4pplicable building and safety regulations as laid down by the relevant Government agencies. Further, the construction must be tamper-evident.

(4)

Materials used for the construction of the operational site shall be fire-resistant and free of toxic chemicals.

(5)

External walls shall be constructed of brick or reinforced concrete of sufficient thickness to resist forcible attack. Ground level windows shall be fortified with sturdy mild steel grills or impact-resistant laminated security glass. All internal walls must be from the floor to the ceiling and must be tamper-evident.

(6)

Air-conditioning system, power supply system and uninterrupted power supply unit with proper backup shall be installed depending upon the nature of operation. All ducting holes of the air-conditioning system must be designed so as to prevent intrusion of any kind.

(7)

Automatic fire detection, fire suppression systems and equipment in compliance with requirement specified by the Fire Brigade or any other agencies of the Central or State Government shall he installed at the operational site.

(8)

Media library, electrical and mechanical control rooms shall be housed in separate isolated areas, with access granted only to specific, named individuals on a need basis.

(9)

Any facility that supports mission-critical and sensitive applications must be located and designed for repairability, relocation and reconfiguration. The ability to relocate, reconstitute and reconfigure these applications must be tested as part of the business continuity/disaster recovery plan.

4.2

Fire Protection.-(l) Combustible materials shall not be stored within hundred meters of the operational site.

(2)

Automatic fire detection, fire suppression systems and audible alarms as prescribed by the Fire Brigade or any other agency of the Central or State Government shall be installed at the operational site.

(3)

Fire extinguishers shall be installed at the operational site and their locations clearly marked with appropriate signs.

(4)

Periodic testing, inspection and maintenance of the fire equipment and fire suppression systems shall be carried out.

(5)

Procedures for the safe evacuation of personnel in an emergency shall be visibly pasted/displayed at prominent places at the operational site. Periodic training and fire drills shall be conducted.

(6)

There shall be no eating, drinking or smoking in the operational site. The work areas shall be kept clean at all times.

4.3

Environmental Protection.-(1) Water detectors shall be installed under the raised floors throughout the operational site and shall be connected to audible alarms.

(2)

The temperature and humidity condition in the operational site shall be monitored and controlled periodically.

(3)

Personnel at the operational site shall be trained to monitor and control the various equipment and devices installed at the operational site for the purpose of fire and environment protection.

(4)

Periodic inspection, testing and maintenance of the equipment and systems shall be scheduled.

4.4

Physical Access-(1) Responsibilities round the clock, seven days a week, three hundred sixty-five days a year for physical security of the systems used for operation and also actual physical layout at the site of operation shall be defined and assigned to named individuals.

(2)

Biometric physical access security systems shall be installed to control and audit access to the operational site.

(3)

Physical access to the operational site at all times shall be controlled and restricted to authorised personnel only. Personnel authorized for limited physical access shall not be allowed to gain unauthorized access to restricted area within operational site.

(4)

Dual control over the inventory and issue of access cards/keys during normal business hours to the Data Centre shall be in place. An up-to-date list of personnel who possess the cards/keys shall be regularly maintained and archived fora period of three years.

(5)

Loss of access cards/keys must be immediately reported to the security supervisor of the operational site who shall take appropriate action to prevent unauthorised access.

(6)

All individuals, other than operations staff, shall sign in and sign out of the operational site and shall be accompanied by operations staff.

(7)

Emergency exits shall be tested periodically to ensure that the access security systems are operational.

(8)

All opening of the Data Centre should be monitored round the clock by surveillance video cameras.