Telecommunications compliance checklist

Work through every section that applies to your business. Tick off each item when you have confirmed it is in place.

Section 1 — Health and safety at work

• Have you identified your general duties as an employer (or self-employed person) under the Health and Safety at Work etc. Act 1974?
• Have you carried out a suitable and sufficient risk assessment covering working at height (mast and tower work), electrical safety, confined-space entry, lone working and manual handling?
• If you employ five or more people, is the risk assessment recorded in writing?
• Do you have a written health and safety policy (required if you employ five or more people)?
• Have you appointed a competent person to assist with health and safety?

Section 2 — Fire safety

• Have you carried out a fire risk assessment for your premises?
• Are escape routes clear, signed and adequately lit?
• Is fire detection and alarm equipment installed and regularly tested?
• Are data centres, equipment rooms and battery-storage areas assessed for fire risks (lithium-ion batteries, electrical equipment)?
• Have all staff received fire safety training?

Section 3 — Employers' liability insurance

• If you employ anyone (including part-time, contract or agency workers under your direction), do you hold employers' liability insurance with at least £5 million cover?
• Is the certificate displayed at your premises or accessible electronically?

Section 4 — Equality and data protection

• Are you aware of your duties under the Equality Act 2010 (or equivalent Northern Ireland legislation) not to discriminate in employment or service provision?
• Have you considered reasonable adjustments for disabled employees and service users?
• Have you registered with the Information Commissioner's Office (ICO) for data protection (unless exempt)?
• Have you identified the lawful basis for each type of personal data you process — customer records, employee records, billing data, network-traffic metadata, CCTV?
• Can you respond to a subject access request within one calendar month?

Section 5 — Ofcom notification and General Conditions

• Have you notified Ofcom that you provide a public electronic communications network or service?
• Are you complying with all applicable General Conditions of Entitlement — number portability, emergency-call access, billing transparency, complaints handling, switching, services for disabled end-users and fair-treatment rules?
• If you are a larger provider, are you paying annual administrative and network charges to Ofcom?

Section 6 — Spectrum licensing

• If you operate radio transmitting apparatus (base stations, fixed wireless, satellite earth stations, microwave links), do you hold the required Wireless Telegraphy Act 2006 licence from Ofcom?
• Are Annual Licence Fees paid and licences current?
• If you use licence-exempt bands, are you operating within the permitted parameters?

Section 7 — Telecoms security

• Have you identified and assessed security-compromise risks to your network and services?
• Are you taking the security measures specified for your tier (Tier 1, 2 or 3)?
• Have you had regard to the Telecommunications Security Code of Practice?
• Do you have supply-chain risk management procedures in place?
• Are you complying with any high-risk vendor directions that apply to your network?

Section 8 — Lawful intercept and data retention

• Do you maintain a permanent intercept capability?
• Can you give effect to interception warrants and communications-data acquisition requests?
• If you have been served with a data-retention notice, are you retaining the specified data securely?

Section 9 — PECR (privacy and electronic communications)

• Are you keeping the contents and traffic data of communications confidential?
• Do you notify the ICO and affected subscribers of personal data breaches without undue delay?
• Are you complying with PECR rules on cookies, direct marketing and calling-line identification?