Section 3(2) in The Information Technology (Information Security Practices and Procedures for Protected System) Rules, 2018
(2)The Information Security Steering Committee (ISSC) shall be the apex body with roles and responsibilities as follows: -(a)All the Information Security Policies of the "Protected System "shall be approved by Information Security Steering Committee.(b)Significant changes in network configuration impacting "Protected System" shall be approved by the Information Security Steering Committee.(c)Each significant change in application(s) of the "Protected System" shall be approved by Information Security Steering Committee.(d)A mechanism shall be established for timely communication of cyber incident(s) related to "Protected System" to Information Security Steering Committee.(e)A mechanism shall be established to share the results of all information security audits and compliance of "Protected System" to Information Security Steering Committee.(f)Assessment for validation of "Protected System" after every two years.
