Section 27(2) in The Credit Information Companies Rules, 2006
(2)Without prejudice to the generality of the policy as formulated and procedure as adopted under sub-rule (1), every specified user shall include in such policy and procedure, the provisions relating to the following, namely:-(a)the level of officers to be authorised to access the data, information and credit information received from a credit information company;(b)the parameters to be adopted for satisfying itself about the identity of the respective borrower, or the client whose credit report is to be taken into account by the specified user;(c)the appropriate measures so as to ensure that they do not fail to take note of any remark included by a credit information company in respect of any credit information; and(d)procedure relating to receiving data, information and credit information through secured medium.
