In case of any comments regarding the manual, it may be sent to the

following address:

Shri Anil Kumar Bhardwaj,

Advisor (B&CS),
Telecom Regulatory Authority of India (TRAI), Mahanagar
Door Sanchar Bhawan, J.L. Nehru Marg, (Old Minto
Road)
New Delhi - 110002, India
Email: [email protected]

For any clarification/information, Advisor (B&CS) may be contacted at Tel.

No.: +91-11-23237922, Fax: +91-11-23220442.

© 2019 Telecom Regulatory Authority of India. In case of using any part, please attribute/ cite the work
to Telecom Regulatory Authority of India, www.trai.gov.in, MDS Bhawan, J.L.N. Marg, New Delhi
110002, India
 INDEX
S. no Contents Page No
1 Background & Introduction 1
2 Pre signal or Compliance Audit 4
3 Scheduling of pre signal or compliance audits 7
4 Scope of work under pre signal/compliance audit 8
5 Documents requirements under pre 9
signal/compliance audit
6 Methodology to be adopted for pre signal/ 9
compliance audit.
7 Procedure to be followed for inspection of 11
Schedule III Interconnection Regulation 2017
Compliance
a) CAS and SMS Requirements

b) Fingerprinting

c) STB
8 Timelines under pre-signal/compliance audit 27
9 Subscription Audit 27
10 Scope of work under Subscription Audit 29
11 Documents requirements under Subscription 31
Audit by auditor
12 Methodology to be adopted for Subscription 31
audit
13 Procedure to be followed for inspection of 33
Subscription audit
14 Scheduling of Subscription Audit 33
15 Timelines for completion of Subscription Audits 34
16 Data Extraction Procedure to be followed by 34
auditor under compliance and subscription audit
17 Analysis and Verification of TS recordings/ VC 36
samples
18 Responsibilities in respect of Compliance and 37
Subscription Audit
A. DPO

B. Broadcaster and

C. Auditor
19 Minimum Laptop Configuration to be provided by 46
DPO

20 Formats of Annexures and Reports 47

1. CAS Vendor Declaration (Annexure 1)

2. SMS Vendor Declaration (Annexure 2)

3. Compliance audit form (Annexure 3)

4. STB Vendor Declaration (Annexure 4)

5. Subscription Audit Form (Annexure 5)

6. Compliance Audit Report Format

(Annexure 6)

7. Subscription Audit Report Format

(Annexure 7)
1. Background & Introduction

1.1 Keeping in view the implementation of Digital Addressable Systems (DAS)

and effectively utilizing its benefits, Telecom Regulatory Authority of India
(TRAI) after due consultation process brought out a common regulatory
framework for digital addressable systems on 3 March 2017. This framework
comprises of Interconnection Regulations, Quality of Service Regulations and
Tariff Order for providing broadcasting services relating to television through
digital addressable system.

1.2 The Interconnection regulations namely the Telecommunication (Broadcasting

and Cable) Services Interconnection (Addressable Systems) Regulations,
2017 dated 3 March 2017 (herein after the Interconnection Regulations 2017)
cover technical and commercial arrangements between Broadcaster &
Distributor and Distributor & Local Cable Operators (LCOs) for providing
television services to the consumers. TRAI also issued Telecommunication
(Broadcasting and Cable) Services Interconnection (Addressable Systems)
(Amendment) Regulations, 2019 (7 of 2019) on 30 October 2019 (herein after
called Amendment Regulations).

1.3 In the DAS based TV services value chain, a broadcaster uplinks signals of pay
television channel to satellite in encrypted form. The distributor receives the
signals from the satellite and decodes them using the decoder provided by the
broadcaster. After processing and merging the TV Channel signals of multiple
broadcasters the distributor encrypts the combined signals and retransmits it
further, either directly or through local cable operator, to customer. The distributor
could be a Multi-System Operator (MSO), a Direct to Home operator (DTH), a
Head-end in The Sky operator (HITS) or IPTV operator.

1.4 The Interconnection Regulations 2017 provides for the Audit initiated by the
Distribution Platform Operator (DPO) vide sub-Regulation (1) of Regulation 15 or
by the Broadcaster vide sub-Regulation (7) of Regulation 10 and sub-Regulation
(2) of Regulation 15. The Audit of the systems of DPO is necessary to ensure that
the equipment and the software (including configuration of

Page 1 of 94
 systems) comply with the extant regulatory framework. The new framework
envisages that the DPO gets its systems audited every year so as to ensure
compliance.

1.5 The regulations also provide for audit caused by a Broadcaster. There is a
provision for Audit caused by a Broadcaster, before the provisioning of signals
to a new DPO as per sub-Regulation (7) of Regulation 10. Broadcaster
caused audit could also occur as per sub-Regulation (2) of Regulation 15.

1.6 The Telecommunication (Broadcasting and Cable) Service Interconnection

(Addressable Systems) Regulations, 2017, are accessible on TRAI website
www.trai.gov.in.

1.7 The Authority had issued a consultation paper on ‘Empanelment of Auditors

for Digital Addressable Systems’ on 22 December, 2017. As a matter of
practice and following a transparent process an open house discussion (OHD)
on the above-mentioned consultation paper was convened on 12 April 2018 in
Delhi. One of the suggestions received from some stakeholders was to
develop a comprehensive audit manual for auditors to audit digital
addressable systems. Further, it was also suggested that in addition to other
aspects the said audit manual may consist of a well-defined audit procedure.

1.8 Accordingly the Authority constituted a committee comprising of industry

stakeholders to prepare and submit draft Audit manual to the Authority. The
committee had representatives from the following
firms/organisations/associations:

• Broadcast Engineering Consultants India Limited (BECIL)

• Indian Broadcasting Foundation (IBF)
• News Broadcasters Association (NBA)
• All India Digital Cable Federation (AIDCF)
• M/s Tata Sky Ltd.
• M/s Dish TV India Ltd.

Page 2 of 94
• M/s Bharti Telemedia Ltd.
• M/s Sun Direct TV Pvt. Ltd.

1.9 The committee held several meetings in TRAI. These meetings were
facilitated by the Authority. After extensive deliberations, the industry reached
consensus on most of the issues barring few issues and submitted a draft
audit manual to the Authority. The Authority conveys its appreciation for the
extensive work done by the committee and also on arriving at a consensus on
a number of issues.

1.10 Based on the committee report and after considering all

objections/representations, the Authority issued a consultation paper on ‘The
Telecommunication (Broadcasting and Cable) Services Digital Addressable
Systems Audit Manual on 29 March 2019.

1.11 All the comments received in the consultation process including at the Open
House Discussions, have been duly considered.

1.12 This Audit manual addresses issue of audit in terms of Regulations 10 and 15
of the Interconnection Regulations 2017.

1.13 This audit manual may be reviewed periodically, owing to the technological/
techno-commercial changes, market development and changes in the systems.
The Audit Manual is proposed as a guidance document for stakeholders. This
manual does not supersede any provision(s) of the extant regulations. In case of
any discrepancy between the provision of Interconnection Regulations 2017,
other extant Regulations or Tariff Order and the Audit Manual, the provisions as
per the regulations/ tariff Orders shall prevail.

1.14 The audits provisioned under Interconnection Regulations 2017 are broadly
divided into two categories (i) pre-signal or compliance audit and (ii)
subscription audit. As per the Regulation, the DPO and broadcasters can get
the audit conducted either by M/s. Broadcast Engineering Consultants India
Limited (BECIL) or any other agency empanelled by TRAI. The list of auditors

Page 3 of 94
 empanelled by TRAI is available on TRAI’s website: www.trai.gov.in. The
broad scope of work to be covered under these audits, procedure for conduct
and other necessary information has been mentioned in the sections below.

2. Pre signal or Compliance Audit

2.1 The audit will be called Pre-signal audit if it is carried out before the content
acquisition by the Distribution Platform Operator (DPO) from respective
broadcaster otherwise it will be called as compliance audit. It may be noted
that pre-signal/compliance audit will be carried out as per Schedule III
mentioned in the Interconnection Regulations 2017.

2.2 In accordance to the sub-regulation (6) of regulation 10, every distributor of

television channels before requesting signals of television channels from a
broadcaster shall ensure that the addressable systems to be used for
distribution of television channels meet the requirements as specified in the
Schedule III of the Interconnection Regulations 2017. For ensuring the same,
DPO can get the pre-signal Audit conducted either by BECIL or any other
agency empanelled by TRAI.

2.3 It is clarified here that before requesting signals of television channels, getting its
DAS system audited from BECIL or any other agency empanelled by TRAI as per
Schedule III compliance is not mandatory for DPO under sub-regulation
(6) of regulation 10 of Interconnection Regulations 2017. However, every
distributor of television channels shall ensure that before requesting signals of
television channels from a broadcaster the addressable systems to be used for
distribution of television channels meet the requirements as specified in the
Schedule III of Interconnection Regulation 2017 and the DPO may provide its
declaration in writing to broadcaster regarding Schedule III compliance along with
below mentioned documents for requesting signals.

• CAS certificate provided by vendor.

• SMS certificate provided by vendor.
Page 4 of 94
• STB certificate provided by vendor.
• BIS compliance certificate.

2.4 Sub-regulation (7) of Regulation 10 of the Interconnection Regulations 2017

specifies that if a broadcaster, without pre-judice to the time limit specified in
Sub-Regulation (2) of Regulation 10, is of the opinion that the addressable
system, being used by the distributor for distribution of television channels, does
not meet the requirements specified in the Schedule III of the Interconnection
Regulation 2017, it may, cause audit of the addressable system of the distributor
by M/s. Broadcast Engineering Consultants India Limited (BECIL), or any other
auditor empanelled by the Authority for conducting such audit and provide a copy
of the report prepared by the auditor to the distributor. However, it is important to
1
note the proviso to the Sub-regulation (7) of Regulation 10, before instituting
such audit by the broadcaster.

2.5 The proviso to the said Regulation provides for the case where the system of
the distributor has been successfully audited (with full compliance) during the
last one year by M/s. Broadcast Engineering Consultants India Limited
(BECIL), or any other auditor empanelled by the Authority. In such case, if the
distributor provides for the report of the Audit (conducted during the pre-
ceding one year) to the Broadcaster, then the broadcaster shall not cause pre-
signal audit, unless the configuration or the version of the addressable system
has been changed after the issuance of the report by the auditor.

2.6 Therefore, the pre-signal audit may also be commissioned by the broadcaster to
satisfy itself that the distributor, to whom it is likely to provide television signal,
meets the addressable system requirements as per Schedule III of the
Interconnection Regulations 2017. As such the audit fees for such audit will be

1 Proviso to Sub Reg (7) of Regulation 10 “Provided that unless the configuration or the version of the
addressable system of the distributor has been changed after issuance of the report by the auditor, the broadcaster,
before providing signals of television channel shall not cause audit of the addressable system of the distributor if the
addressable system of such distributor has been audited during the last one year by M/s. Broadcast Engineering
Consultants India Limited, or any other auditor empanelled by the Authority and the distributor produces a copy of
such report as a proof of conformance to the requirements specified in the Schedule III.”

Page 5 of 94
 borne by the broadcaster. In case(s) of pre-signal audit by a broadcaster only
technical audit is required to be conducted.

2.7 Annual Compliance Audit: As per sub-regulation (1) of Regulation 15 of the

Interconnection Regulations 2017, every distributor of television channels
shall, once in a calendar year, cause audit of its subscriber management
system, conditional access system and other related systems by an auditor to
verify that the monthly subscription reports made available by the distributor to
the broadcasters are complete, true and correct, and issue an audit report to
this effect to each broadcaster with whom it has entered into an
interconnection agreement. The annual Audit caused by Distributor shall
include the Audit to validate compliance with the Schedule III of the
Interconnection Regulations 2017 and the Subscription Audit, as provided for
in Interconnection Regulations 2017.

2.8 Once an interconnection agreement has been signed between a Broadcaster

and DPO, if any changes, modification and alterations are made to the
configuration or version of the addressable system (CAS, SMS and other
related systems) of the DPO and/or distribution network of DPOs (“Changes”),
then these should be notified within seven (7) days to the relevant
Broadcasters. DPO shall provide an undertaking that the changes do not in
any way compromise the system and the set-up and all the equipment
including software meets the statutory compliance requirements.

2.9 In order to avoid any dispute, the changes as mentioned below in DAS
System can cause the audit by broadcaster under sub regulation (7) of
regulation 10 of Interconnection Regulation 2017, before providing signals of
television channels to DPO. It may also be noted that these changes are also
required to be formally informed to broadcasters by DPO within 7 days from
the implementation date of these changes:

a) Addition/Deletion of SMS
b) Change in the SMS version w.r.t last audited SMS

Page 6 of 94
c) Addition/Deletion of CAS
d) Change in the CAS version w.r.t last audited CAS
e) Deployment of new type of STBs by DPO which were not
audited earlier.

2.10 Subject to conformance to Regulation 11, the distributor may extend territory
of interconnection agreement by giving a written notice to the broadcaster
providing at least 30 days to the broadcaster. In such cases, the distributor
shall also inform the Broadcaster formally after 7 days of actual extension of
the territory.

3. Scheduling of Pre signal or Compliance Audits

3.1 There is no specific timelines for conducting the pre-signal/compliance audits.

Pre-signal or compliance audit can be conducted at any stage whenever DPO
wants to ensure that the DAS system is in compliance as per Interconnection
Regulations 2017. As mentioned earlier, as per sub-regulation (1) of Regulation
15, the annual Audit caused by Distributor shall include the Audit to validate
compliance with the Schedule III of the Interconnection Regulations 2017 and the
Subscription Audit, as provided for in Interconnection Regulations 2017. The
annual Audit as caused by Distributor under regulation 15 (1) shall be scheduled
in such a manner that there is a gap of at-least six months between the audits of
two consecutive calendar years. Further, there should not be a gap of more than
18 months between audits of two consecutive calendar years.

3.2 Whenever Broadcaster is of the opinion that the system of DPO is not in
compliance with the Schedule III of Interconnection Regulations 2017,
Broadcaster can schedule the audit of DPO by selecting BECIL or any other
auditor empanelled by the Authority for conducting such audit, in case of
Compliance Audit (or in case of pre-signal audit, after taking into consideration
the proviso to sub regulation 7 of Regulation 10).

Page 7 of 94
4. Scope of work under pre-signal/compliance audit

4.1 Perform walk-through of the main head-end/s where CAS and SMS servers
are deployed.

4.2 Obtain Headend diagram and validate with the equipment installed in the
head-end/s.

4.3 Perform checks on IP configuration to confirm and identify live and proxy
servers. This shall include IP credentials of all the servers including MUX.

4.4 Take inventory of IRDs + VCs issued by broadcaster including their serial
numbers. Make note of broadcasters IRDs + VCs available but not installed.

4.5 Check MUX configuration to validate number of Transport Streams (“TS”)

configured with SID, scrambling status of each SID and ECM and EMM
configuration (MUX-TS Stream-No. of ECM & EMM configured)

4.6 Take screenshot of all TS streams from MUX and compare with results of field
TS recorded randomly at minimum two locations by auditor.

4.7 Take information of QAMs installed and powered to identify streams available
for local insertion by LCOs.

4.8 Obtain record of PSI/SI server to confirm EPG, LCN etc. details.

4.9 Check PSI/SI server that it has EPG push capability.

4.10 Confirm insertion of watermarking network logo for all channels from encoder
end. Only the encoders deployed after coming into effect of the Amendment
Regulations shall support watermarking network logo for all pay channels at
the encoder end.

4.11 Use FTA cable box/ TS analyzer to confirm whether all channels are encrypted.

4.12 Walkthrough and understand the customer acquisition process and

verification of sample CAF and PAF forms available with DPO.

4.13 Verification of Interconnection Regulation 2017 Schedule III compliance of the

DPO DAS System (CAS, SMS, Fingerprinting and STB) as per procedure
mentioned in section 7 of the Audit Manual.

Page 8 of 94
4.14 Data Extraction from CAS and SMS should be carried out as per requirements
specified in Schedule III of Interconnection Regulations 2017. Procedure and
method of data extraction is specified in the section 7 and section 16 of the
Audit Manual.

4.15 Report the channels found running in unencrypted or analogue mode on the
day of Audit.

4.16 Analysis and verification of TS recording/VC samples provided by

broadcasters may also need to be covered under scope of work. However, the
procedure to be followed for carrying out such analysis and verification are
mentioned separately in the section 17 of the Audit Manual.

5. Documents required under pre-signal/Compliance

audit

5.1 Valid DAS license/ permission issued by Ministry of Information and

Broadcasting (MIB)

5.2 BIS certificates for all makes & models of STB deployed by DPO after DAS
implementation.

5.3 Certificate from all the CAS vendors (Format as in Annexure 1).

5.4 Certificate from SMS vendors (Format as in Annexure 2).

5.5 Block Schematic diagram of Head-end including CAS and SMS.

5.6 Signed and stamped copy of compliance audit form as per Annexure 3.

5.7 Certificate from STB vendor (Format as in Annexure 4).

5.8 List of all the decoder along with VC serial numbers issued by broadcasters to
DPO.

6. Methodology to be adopted for pre-signal/Compliance

Audit

6.1 The audit either will be caused by the DPO or by the Broadcaster by selecting
BECIL or one of the audit agencies empanelled by TRAI.

Page 9 of 94
6.2 Once the audit is scheduled, the DPO will immediately inform concerned
broadcasters regarding the audit of its DAS system by the selected
empanelled agency or BECIL. The broadcasters will then arrange to provide
TS recordings and VCs (if any) for verification during audit and will share the
same with auditors before the conduct of audit.

6.3 If the compliance audit is caused by broadcaster, in such cases broadcaster

may share the TS recording/VC numbers (if any) with auditors for verification
during conduct of audit.

6.4 After the appointment by DPO or broadcaster, auditor will immediately ask
DPO whether DPO has any objections regarding usage of its laptop for the
conduct of audit.

6.5 If DPO has objections and wants to provide its own laptop for conduct of audit
then auditor need to convey its requirement of software or any other tool
required during the conduct of audit.

6.6 The auditor will also share the documents requirements with DPO as specified
in section 5 of the audit manual.

6.7 The minimum configuration requirement of laptop is mentioned in the section

19 of audit manual which should be provided by DPO to auditor. DPO is free
to provide laptop of higher configuration also.

6.8 During the audit, Auditor should carry out all the checks/verification as
mentioned under section 4 (scope of work under pre-signal/compliance audit)
at all head-ends of DPO where the CAS and SMS servers are installed.

6.9 The audit for compliance to Schedule III of Interconnection regulation 2017
should be carried out by auditor as per procedure specified in section 7 of the
Audit Manual.

6.10 The data extraction from CAS and SMS under compliance audit should be
carried out as per section 7 of the Audit Manual.

6.11 The auditor will prepare the pre-signal/compliance audit report as per format
provided in Annexure 6 of the Audit Manual.

6.12 After the completion of audit, auditor will submit the copy of the audit report to
DPO only if the audit is caused by DPO. It should be the responsibility of DPO
to share the audit report with broadcaster whenever such requests are made.

Page 10 of 94
6.13 If the audit is caused by the broadcaster then the auditor will share the audit
report copies both with broadcaster as well as DPO.

6.14 In case the audit report is non-compliant to Interconnection Regulations 2017

then it is the responsibility of auditor to provide non-compliance status
information to TRAI whether the audit is caused by DPO or broadcaster.

7. Procedure to be followed for inspection of Schedule III of

Interconnection Regulations 2017 Compliance
A. CAS and SMS requirements as per Schedule III of TRAI Interconnection
Regulations
Sl. Regulatory Audit Procedure
no Provision

1 Schedule III – C 1 i. DPO to declare on its audit form the no. of CAS
systems deployed in each of its distribution
The distributor of
networks. It should mention the no. of ‘Headend’
television channels
connected with the said CAS. This declaration is
shall ensure that the
required to be signed by the authorized
current version of the
signatory/compliance officer. (Annexure 3)
CAS, in use, do not
have any history of
ii. DPO to provide certificate from each CAS vendor
hacking.
on CAS vendor letterhead signed by no less than
Authorized Signatory/Compliance Officer of the
CAS vendor (Issued within last 12 months and
certify current operating version of CAS)
(Annexure 1).

iii. Auditor to perform TS recording: i) At the

Headend; ii) In the field at appropriate place.
Auditor to analyze the TS streams to ascertain
actual number(s) of CAS running in the network
and compare with the declaration made as part of
agreement with the broadcaster. Auditor to record
discrepancy, if any.

2 Schedule III – C 2 a) To check the availability of logs in SMS for the

period of last 2 years and analyze activation, de-
The SMS shall be
activation, fingerprinting, messaging, blacklisting
independently
etc.
capable of
generating,
recording, and
maintaining logs, for

Page 11 of 94
 the period of at least b) DPO to certify on its letterhead the number of SMS
immediate preceding deployed along with its integration status with all
two consecutive the CAS deployed.
years, corresponding
to each command c) DPO to provide declaration from SMS vendor on
executed in the SMS SMS vendor letterhead (not older than 6 months)
including but not signedbyno less thanAuthorized
limited to activation Signatory/Compliance Officer of the SMS vendor
and deactivation (Annexure 2).
commands.
d) The above SMS certificate (Annexure 2) should
mention DPO name & address matching with
name & address mentioned in DPO registration
certificate issued by Ministry of I&B, Govt. of India.

e) Auditors to check system capability for generating

historical transaction logs along with date and time
stamp.

f) Auditor to check, verify and document whether all

the actions, including but not limited to activation,
de-activation, package creation, package
change/modification, FP insertion, and scroll
insertion are being recorded in SMS.

3 Schedule III – C 3 Simulation test should be carried on one model of

every STB available in the inventory of DPOs for all
It shall not be
actions such as subscriber creation, activation –de-
possible to alter the
activation, channel assignment, fingerprinting,
data and logs
messaging, scrolling through SMS.
recorded in the CAS
and the SMS. The logs of these activities then are required to be
cross checked both in CAS and SMS live systems and
whether these can be edited or not.
It is clarified here that non editable requirement of SMS
and CAS logs should be checked through live systems
only. Once extracted or downloaded to any format
these logs can be editable.

4 Schedule III – C 4 a) DPO to provide declaration and demonstrate

procedures that all activations and deactivations of a
The distributor of
Set Top Box (STB) directly from the CAS terminal are
television channels
not done as a part of normal business operations. All
shall validate that the
activation and deactivation of STBs is done through
CAS, in use, do not
SMS, except for internal testing purposes.
have facility to
activate and
b) Auditor on sample basis can check by trying to
deactivate a Set Top

Page 12 of 94
 Box (STB) directly activate some STBs directly from the CAS and record
from the CAS the findings.
terminal. All activation
and deactivation of
STBs shall be done
with the commands of
the SMS.

5 Schedule III – C 5 Auditor should perform simulation testing on one STB

of every model deployed (if available in the inventory
The SMS and the
of DPO) as per following process:
CAS should be
integrated in such a
manner that i) Activate different channels / packages on all
activation and test STBs from SMS.
deactivation of STB
happen ii) Check transaction logs in SMS server and
simultaneously in CAS server to confirm the activities related to
both the systems. channel activation and other simulation tests
carried out reflects in both SMS and CAS logs
with same date & time.

iii) Auditor should perform as on date unique VC

Level Reconciliation from the data dump of CAS
and SMS. VCs active in CAS but not in SMS
and similarly VCs active in SMS but not in CAS
should be highlighted as discrepancy.

6 Schedule III – C 6 a) Auditor to check that the CAS declaration

The distributor of (Annexure 1) confirms the availability of this facility.
television channels
b) Auditor to verify the feature on test STB and record
shall validate that the
the findings.
CAS has the
capability of
upgrading STBs over-
the-air (OTA), so that
the connected STBs
can be upgraded.

7 Schedule III – C 7 a) Auditor should trigger a fingerprint (any one

ECM/EMM) of minimum 180 seconds duration

The fingerprinting
from SMS/CAS to the test STB (minimum 180
should not get
seconds timeline is to ensure that fingerprinting
invalidated by use of
command is still available on STB when it is
any device or
rebooted as some of the STB takes at least 120
software.
seconds to reboot).

Page 13 of 94
 b) In case the CAS does not have provisions to
send minimum 120 seconds FP then multiple
commands of FP of short duration may be sent
to verify the same.

c) The STB should be rebooted, and fingerprint

should reappear again automatically. If
fingerprint disappears, auditor should take
appropriate note.

8 Schedule III – C 8 Auditor should check CAS declaration (Annexure

1) and SMS declaration (Annexure 2) that
The CAS and the
mentions this capability.
SMS should be able
to activate or
deactivate services or
STBs of at least five
percent (5%) of the
subscriber base of
the distributor within
24 hours.

9 Schedule III – C 9 a) Auditor should verify that paired VC of one STB

should not work with another STB

The STB and Viewing
Card (VC) shall be
b) Auditor to interchange VC between two STBs of
paired from the SMS
the DPO and confirm that both STBs give error
to ensure security of
message on-screen.
the channel.
c) Auditor should take screenshot of the error
message and include in audit report.

d) Only applicable in case of carded STBs.

10 Schedule III – C 10 Auditor should:

The CAS and SMS a) Activate fresh STBs individually through SMS
should be capable of and verify whether the same is activated in CAS
individually as well.
addressing
subscribers, for the b) Add existing packages and channels to the test
purpose of generating customer created through SMS and verify
the reports, on channels were activated in CAS and are visible
channel by channel on TV monitor.
and STB by STB
basis. c) Remove packages / channels through SMS
allotted to the test STB.
Page 14 of 94
d) After completing all other audit tests
deactivate the test STB through SMS.

e) Extract the logs of SMS and CAS for the day

to check whether the above commands related to activation, deactivation of customer
and packages was captured with date and time stamp.
11 Schedule III – C 11 Auditor should:

The SMS should be a) Create at least two test customers in SMS

computerized and with names -
capable of recording “AuditTest1Customerddmmmyy”,
the vital information “AuditTest2Customerddmmmyy”
and data concerning b) Allocate fresh hardware and map the test
the subscribers such customer to an LCO/ DPO
as: c) Check whether item “(a) to (k)” specified in
Schedule-III C 11 are getting captured
(a) Unique customer
(Auditor to provide details for filling the CAF)
identification (ID)
d) Take SMS screenshot(s) such that all items
(b) Subscription are covered
contract number e) Generate SMS customer details report state
wise and check the fields “a to k” are
(c) Name of the
appearing.
subscriber
f) Auditor to deactivate the test subscribers
(d) Billing address from the SMS and confirm the
corresponding STB is deactivated for all
(e) Installation
channels / services.
address
g) Sample verification of 5 CAF forms selected
randomly from the list of customers
(f) Landline
activated in last one month.
telephone number
(g) Mobile telephone number
(h) E-mail address
(i) Channels,
bouquets and
services
subscribed
(j) Unique STB number
(k) Unique VC number

Page 15 of 94
12 Schedule III – C 12 Auditor should ensure:
The SMS should a) Date & time stamp is mandatory in report
be capable of: generation.
(a) Viewing and
printing of historical data in b) All data from SMS server should be extracted
terms of the activations and in such a manner that no STB/VC is left out from the
the deactivations of STBs. database.
(b) Locating each
c) The screen shots and explanations of the
and every STB and VC
queries shall be provided after masking customer
installed.
confidential data of the DPO before handing over to
(c) Generating the auditor and such screen shots and explanation
historical data of changes in should be included in the report.
the subscriptions for each
subscriber and the d) The Auditor will check the generation capability
corresponding source of of these reports in SMS at any desired time from the
requests made by the front end (SMS application) of the SMS.
subscriber.
e) The SMS reports generated during the audit
13.
exercise for verification will be enclosed with audit
Schedule III – C 13 report as Annexures.

The SMS should be f) The auditor on sample basis will also generate
capable of three reports from the SMS database (back end) also
generating reports, at and verify these reports with the reports generated
any desired time from SMS application.
about:
(a) The total number g) It should be clarified here that auditor will not
of registered subscribers. insist on the specified format of the reports generated
(b) The total number from the front end (SMS application) or back end
of active subscribers. (SMS database) of the SMS However the report
should be able to reflect desirable information.
(c) The total number
of temporary suspended
subscribers.
(d) The total number
of deactivated subscribers.

Page 16 of 94
(e) List of blacklisted STBs in the system.
(f) Channel and bouquet wise monthly subscription report in the prescribed
format.
(g) The names of the channels forming part of each bouquet.
(h) The total number of active subscribers subscribing to a particular channel or
bouquet at a given time.
(i) The name of a-la carte channel and bouquet subscribed by a subscriber.
(j) The ageing report for subscription of a particular channel or bouquet.
14 Schedule III – C 14 Auditor should ensure:
The CAS shall be a) Date & time stamp should be captured in all the
independently reports generated from CAS.
capable of
generating,
b) Auditor to extract historical transactional logs
recording, and
from CAS for audit period and confirm the
maintaining logs, for
availability of the data required.
the period of at
least immediate
c) All data from CAS server (CAS servers installed
preceding two
by DPO and it’s JVs CAS (including standby
consecutive years,
headends, mini headends) should be extracted
corresponding to
each command in such a manner that no STB/VC is left out from
executed in the CAS the database.
including but not
limited to activation d) The screen shots and explanations of the
and deactivation queries that are run shall be provided after
commands issued by masking customer confidential data of DPO
the SMS. before handing over to the auditor and such

Page 17 of 94
 screen shots and explanations should be
included in the report.

e) Annexure1 should mention that CAS logs are

available for up to preceding two consecutive
years for each command executed in the CAS.

15 Schedule III – C 15 a) Auditor to blacklist one STB & VC of each CAS

(separate from test STB & VC) from SMS, and

The CAS shall be
check the status of the STB+VC in CAS and
able to tag and
SMS
blacklist VC numbers
and STB numbers
b) Auditor to take logs of blacklisted STB +VC from
that have been
CAS and SMS
involved in piracy in
the past to ensure
c) Take screenshot of the blacklist screen to
that such VC or the
record the above and include in the report.
STB cannot be re-
deployed.
d) If any STB of DPO has been blacklisted during
audit for verification purpose, the same STB
should be considered by auditor during re-audit
caused by broadcaster unless broadcaster has
any objections in respect of blacklisting
capabilities of SMS and CAS deployed by DPO.

16 Schedule III – C 16 Auditor will generate these reports from the CAS and

would verify the same by generating these reports from

It shall be possible to
SMS transactions log
generate the
following reports from
the logs of the CAS: a) STB VC pairing de-pairing report is applicable
only for carded CAS.
(a) STB-VC
Pairing / De-
b) Auditor shall keep screenshots of each report
Pairing
with masking of customer confidential data of
DPO and include in the report.
(b) STB Activation
/ De-activation
c) All data from CAS server to be extracted in
such a manner that no STB/VC is left out from
(c) Channels
the database
Assignment to
 STB
d) It should be clarified here that auditor will not
insist on the specified format of the reports
(d) Report of the
generated from the CAS application or from
activations or
CAS server. However, the report should be
the
deactivations

Page 18 of 94
 of a particular able to reflect and produce desirable
channel for a information.
given period.

17 Schedule III – C 17 On sample basis, Auditor to verify the Itemized bill

generated from the SMS to ensure that it captures all

The SMS shall be
the mentioned details in this clause & record a copy
capable of generating
of the bill format & any discrepancy noticed, if any, in
bills for each
the audit report.
subscriber with
itemized details such
as the number of
channels subscribed,
the network capacity
fee for the channels
subscribed, the rental
amount for the
customer premises
equipment, charges
for pay channel and
bouquet of pay
channels along with
the list and retail price
of corresponding pay
channels and
bouquet of pay
channels, taxes etc.

18 Schedule III – C 18 a) Auditor to check that the CAS declaration from

each CAS vendor (Annexure 1) mentions the

The distributor shall
availability of this facility.
ensure that the CAS
and SMS vendors
b) Auditor to check that the SMS declaration
have the technical
(Annexure 2) from each SMS vendor mentions the
capability in India to
availability of this facility.
maintain the systems
on 24x7 basis
throughout the year.

19 Schedule III – C 19 a) DPO to declare on its letterhead the no. of CAS

systems and SMS deployed in each of its

The distributor of
distribution networks. It should mention the no.
television channels
 of “Headends” connected with the said CAS
shall declare the
and SMS. This declaration is to be signed by
details of the CAS
authorized signatory/compliance officer.
and the SMS
(Annexure 3)
deployed for

Page 19 of 94
 distribution of b) Any changes in CAS and SMS and STB should
channels. In case of be reported by DPO and can be verified by
deployment of any auditor.
additional CAS/ SMS,
the same should be
notified to the
broadcasters by the
distributor.

20 Schedule III – C 20 Auditor to deactivate the "test subscribers" from the

SMS and confirm the corresponding STB is

Upon deactivation of
deactivated for all channels / services including DD
any subscriber from
channels.
the SMS, all program/
services shall be
denied to that
subscriber.

21 Schedule III – C 21 a) In case of distribution platforms operational for

less than 2 years, the Auditor to check that the

The distributor of
CAS declaration from each CAS vendor
television channels
(Annexure 1) mentions the CAS is compliant with
shall preserve
this requirement.
unedited data of the
CAS and the SMS for
b) In case of distribution platforms operational for
at least two years.
less than 2 years, the Auditor to check that the
SMS declaration (Annexure 2) from each SMS
vendor mentions the SMS is compliant with this
requirement.

c) Auditor to take declaration from DPO that it has

preserved unedited data of the CAS and the SMS
for at least two years if the CAS and SMS system
are operational for more than 2 years. (Annexure
3)

B. Fingerprinting:

S. Regulatory Audit Procedure

no Provision

1 Schedule III – D1 a) Auditor to trigger fingerprinting from SMS by

 inputting start / end time, duration of display,
The distributor of
frequency of display and confirming that the
television channels
fingerprint is seen on the test STB output.

Page 20 of 94
 shall ensure that it has
systems, processes b) Auditor to take a screenshot of the
and controls in place fingerprint.
to run fingerprinting at
regular intervals

2 Schedule III – D2 a) For visible type of finger printing: same as 1

above
The STB should
support both visible
b) For covert type: Auditor should ensure this
and covert types of
capability is mentioned in STB certificate
finger printing. The
(Annexure 4) and as well test the same
fingerprinting should
feature during audit.
not get invalidated by
use of any device or
c) Auditor should accept any type of covert
software.
fingerprinting.

Provided that only the Note: Only the STB deployed after coming
STB deployed after into effect of the Amendment Regulations
coming into effect of shall be required to support the covert finger
the Amendment printing.
Regulations shall
support the covert
finger printing.

3 Schedule III – D 3 a) Auditor should trigger a fingerprint (any one

ECM/EMM) of minimum 180 seconds

The fingerprinting
duration from SMS/CAS to the test STB
should not get
(minimum 180 seconds timeline is to ensure
invalidated by use of
that fingerprinting command is still available
any device or
on STB when it is rebooted as some of the
software.
STB takes at least 120 seconds to reboot).

b) In case the CAS does not have provisions to

send minimum 120 seconds FP then multiple
commands of FP of short duration may be
sent to verify the same.
d) The STB should be rebooted, and fingerprint
should reappear again automatically. If
fingerprint disappears, auditor should take
appropriate note.

Page 21 of 94
4 Schedule III – D 4 a) Auditor should trigger a fingerprint of at least

120 seconds or above duration from SMS/

The fingerprinting
CAS to the test STB.
should not be
removable by
b) While fingerprint is displayed on STB output
pressing any key on
connected to TV screen, auditor should
the remote of STB.
press every key on the STB remote control
and STB front panel.

c) Auditor should confirm that no action while

pressing buttons on remote or on STB box
(soft boot or hard boot) makes the displayed
5 Schedule III – D 5 fingerprint disappear even momentarily for

the whole duration of FP.

The finger printing
should be on the top
d) If fingerprint disappears with any key action,
most layer of the
this requirement is not complied with.
video.
e) If may be noted that in case if FP more than
60 seconds is not triggered through
SMS/CAS then multiple commands or
repetitions of such FPs may be sent to
confirm the compliance.

6 Schedule III – D 6 Auditor should trigger fingerprint on two test STBs

and confirm the fingerprint displayed are unique to

The finger printing
the VCs in the STBs (UA no. in card-less STBs).
should be such that it
can identify the unique
STB number or the
unique VC number.

7 Schedule III – D 7 a) Auditor should trigger 120 seconds or more

duration fingerprint on test STB and use

The fingerprinting
remote control of STB to navigate to Menu
should appear on the
page, EPG page, Settings page, Blank
screens in all
screen and Games page.
scenarios, such as
menu, Electronic
b) Fingerprint should be displayed on all the
Program Guide
above-mentioned pages.
 (EPG), Settings, blank
screen, and games
etc,

8 Schedule III – D 8 Auditor should trigger fingerprint on test STB

multiple times, each time with at least 3 different
The location, font
permutation/combinations of location, font color,
color and background
and background box color. The locations of the
color of fingerprint

Page 22 of 94
 should be changeable fingerprint should be seen on random areas of the
from head end and TV screen to make it unpredictable to viewer.
should be random on
the viewing device.

9 Schedule III – D 9 Auditor should trigger fingerprint on two test STBs

and confirm the fingerprint displayed are

The finger printing
corresponding uniquely to the actual VCs in the
should be able to give
STBs (UA no. in cardless STBs).
the numbers of
characters as to
identify the unique
STB and/or the VC.

10 Schedule III – D 10 a) Auditor should trigger fingerprint to all STBs

and confirm fingerprints are displayed on all
The finger printing
test STBs provided DPO has no objection
should be possible on
while testing the feature of global FP on all
global as well as on
its STBs.
the individual STB
basis.
b) If DPO has objection then this feature can be
checked by giving ECM FP on a non-popular
channel.

c) Auditor should trigger fingerprint to one test

STB and confirm it is displayed on the
particular STB only.

11 Schedule III – D 11 a) Auditor should obtain fingerprint Schedules

from some broadcaster channels distributed
The overt
by the DPO.
fingerprinting should
be displayed by the
b) Auditor should monitor sample channels of
distributor of television
those broadcaster on DPO’s STB and take
channels without any
screenshot of broadcaster fingerprint seen
alteration with regard
on TV screen as proof of compliance
to the time, location,
duration and
frequency.

12 Schedule III – D 12 a) Auditor should trigger scroll message of 120

characters from the DPO’s SMS or CAS
Scroll messaging
targeted to all test STBs.
should be only
available in the lower
b) The scroll should be displayed as a horizontally
part of the screen.
moving ticker on the lower part of the TV
screen.

Page 23 of 94
 13 Schedule III – D 13 a) Auditor should trigger a fingerprint of 120

seconds or more duration FP from SMS/ CAS to

The STB should have
the test STB.
a provision that
fingerprinting is never
b) The STB should be rebooted, and fingerprint
disabled.
should reappear again automatically. If
fingerprint disappears, this requirement is not
complied with.

c) The STB declaration (Annexure 4) should also

mention this capability.

14 Schedule III – D 14 To confirm the network logo is inserted from the

encoder end only for all channels:

The watermarking
network logo for all a) Auditor should disconnect all test STBs from RF
pay channels shall be signal and then observe the TV screen.
inserted at encoder
end only. b) If network logo is still visible on TV screen, then
the requirement of insertion of network logo at
the encoder end is not complied with.
Provided that only the
c) Screenshot of the observations should be
encoders deployed
included as part of the audit report.
after coming into

effect of the Note: Only the encoders deployed after coming into
Amendment effect of the Amendment regulations shall support
watermarking network logo for all pay channels at
regulations shall
the encoder end.
support watermarking
network logo for all
pay channels at the
encoder end.

(C) Set Top Box (STB):

S. Regulatory Provision Audit Procedure

no
1 Schedule III – E1To inspect all models of STBs available in the inventory of
MSOs or deployed (2 units of each make & model) under test and confirm the STB
Page 24 of 94
 All STBs should have a serial no./VC no./UA no. exists in the live CAS
Conditional Access database.
System.

2 Schedule III – E 2 The auditor will check and verify whether the STB

is able to execute all the commands initiated from

The STB should be
the CAS whether activation/de-activation of
capable of decrypting
particular channel or package or FP/messaging
the Conditional Access
command without any major delay or issue.
messages inserted by
the Head-end.

3 Schedule III – E 3 a) To trigger fingerprinting on a particular

channel and confirm fingerprint is seen on all

The STB should be
test STBs on that particular channel only at
capable of doing
the same time. This is ECM based
fingerprinting. The STB
fingerprinting.
should support both
Entitlement Control
b) To trigger fingerprinting on all channels and
Message (ECM) and
confirm fingerprint is seen on all test STBs on
Entitlement
all channels at the same time. This is EMM
Management Message
based fingerprinting.
(EMM) based
fingerprinting.
c) The auditor will check and verify both types of
fingerprinting on each and every model of STB
available with DPO in its inventory.

4 Schedule III – E 4 The auditor will verify whether the STB are

addressable by performing simulation tests on the

The STB should be
STB for activation/de-activation.
individually
addressable from the
Head-end.

5 Schedule III – E 5 a) Auditor should trigger scroll message of 120

characters from the DPO’s SMS targeted to all

The STB should be able
test STBs.
to receive messages
from the Head-end. b) The scroll should be displayed in its entirety
 as a horizontal moving ticker on the lower part
of the TV screen.

6 Schedule III – E 6 a) Auditor should trigger scroll message of 120

characters from the DPO’s SMS targeted to

messaging character
all test STBs.
length should be
minimal 120 characters.

Page 25 of 94
 b) The scroll should be displayed in its entirety
as a horizontal moving ticker on the lower
part of the TV screen.

7 Schedule III – E 7 a) Auditor should trigger scroll to all STBs and

confirm it is displayed on all test STBs.
There should be
provision for global
b) Auditor should trigger scroll to one test STB
messaging, group
and confirm it is displayed on the particular
messaging and the
STB only.
individual STB
messaging

8 Schedule III – E 8 Auditor should trigger scroll messaging from SMS

or CAS to all STB in the network which should

The STB should have
display the fingerprint as the message. Auditor
forced messaging
should take screenshot of the display
capability including
forced finger printing
display.

9 Schedule III – E 9 a) Auditor should take copies of BIS certificates

from the DPO for each make & model of STB

The STB must be
procured after 2012.
compliant to the
applicable Bureau of
b) The certificates should mention exact STB
Indian Standards
make & model nos.

c) As of the audit date, the certificates should

be valid.

10 Schedule III – E 10 DPO shall give a declaration on its letterhead

mentioning the availability of this facility.
The STBs should be
addressable over the
air to facilitate OTA
software upgrade.

11 Schedule III – E 11 Auditor to check and report:

The STBs with facilities a) For STBs having recording facility to internal
for recording the and/or external storage devices such as USB
programs shall have a / Hard Disk drives, auditor should check
copy protection system recorded content plays only on the specific
STB where content was recorded.
b) Auditor to check that scheduled fingerprint
and scroll messaging is displayed even when
stored content is played on the STB.

Page 26 of 94
c) Auditor should confirm that recorded content
cannot be played if STB is in de-active state

8. Timelines under pre-signal/Compliance Audit

8.1 Every audit should be ideally completed within three weeks and the proposed
suggested timelines under compliance audit are mentioned below.

8.2 Audit visit at DPO shall be completed within one week by the auditor excluding the
travelling time.

8.3 1 to 2 weeks maximum for the analysis of the data and finalization of the audit report.

8.4 Auditors are also required to share the relevant queries/observations/anomalies (if
any) in brief with DPO in writing after the completion of audit visit.

8.5 One week time will also be given to DPO to respond and provide explanation on
these issues flagged by auditor.

8.6 Auditor will incorporate these explanation/responses if found relevant and

satisfactory in its audit report.

8.7 In case whether verification and analysis of TS recording and ground VC are also
required the auditor may take additional one week for sample verification of the
recordings and ground VC samples.

9. Subscription Audit
9.1 Regulation 15 of the Interconnection Regulations 2017 specifies that every distributor
of television channels shall, once in a calendar year, cause audit of its subscriber
management system, conditional access system and other related systems by an
auditor to verify that the monthly subscription reports made available by the distributor
to the broadcasters are complete, true and correct, and issue an audit report to this
effect to each broadcaster with whom it has entered into an interconnection
agreement. It may be noted that all the subscription report for each

Page 27 of 94
 month with respect to each broadcaster with whom the distributor has signed an
agreement will be necessarily required to be checked by the auditor. This audit is
generally called subscription audit. The audit fee for such audit will be borne by
the distributor. As per sub-regulation (1) of Regulation 15, the annual Audit
caused by Distributor shall include the Audit to validate compliance with the
Schedule III of the Interconnection Regulations 2017 and the Subscription Audit,
as provided for in Interconnection Regulations 2017.

In case of new distributor, before acquiring the content, no such subscription

reports would be available for verification. The auditor will duly record this fact and
carry - on the audit on all other aspects.

9.2 The subscription audit’s focus is on ascertaining the subscriber numbers being
reported by distributors to broadcaster. As per the Interconnection Regulation 2017
any variation, due to audit, resulting in less than zero point five percent of the billed
amount shall not require any revision of the invoices already issued and paid.

9.3 Therefore, in addition to compliance audit, DPO are required to conduct the
subscription audit every year and share the copy of the report with every
broadcaster with whom interconnection agreements are signed.

9.4 Sub-regulation (2) of Regulation 15 of the Interconnection Regulations 2017 further

specifies that in cases, where a broadcaster is not satisfied with the audit report
received under sub-regulation (1) of Regulation 15 or, if in the opinion of a
broadcaster the addressable system being used by the distributor does not meet
requirements specified in the Schedule III, it shall be permissible to the broadcaster,
after communicating the reasons in writing to the distributor, to audit the subscriber
management system, conditional access system and other related systems of the
distributor of television channels, not more than once in a calendar year.

9.5 The audit fee for compliance audit or subscription audit commissioned by a
broadcaster to re-verify the addressable system requirements, will be payable by
the broadcaster.

Page 28 of 94
9.6 In case such audit reveals that additional amount is payable to the broadcaster,
the distributor shall pay such amount, along with the interest at the rate specified
by the broadcaster in the interconnection agreement, within ten days and if such
amount including interest due for any period exceed the amount reported by the
distributor to be due for such period by two percent or more, the distributor shall
bear the audit expenses, and take necessary actions to avoid occurrence of such
errors in the future.

9.7 It may be noted that the scope of subscription audit will be limited to validation of
the monthly subscriber report submitted by DPO to the respective broadcaster
with whom interconnection agreements are signed.

10. Scope of work under Subscription Audit

10.1 In view of the section 15 of the Interconnection Regulations 2017, the scope of
subscription audit will be limited to validation of the monthly subscriber report
submitted by DPO to every broadcaster with whom interconnection agreements
are signed. However, in order to ensure the sanctity of data certain checks
regarding integration of CAS and SMS will also be carried out by the auditor
before data extraction.

10.2 Auditor will verify the integration of the CAS and SMS deployed by DPO by
performing few simulation tests on sample STBs such as activation/deactivation,
fingerprinting and messaging command and generating respective reports from
both SMS and CAS. The auditors will then check the SMS and CAS logs also
regarding command execution timings to validate the integration between CAS
and SMS.

10.3 After verification of integration of CAS and SMS deployed by DPO (or after
conducting compliance audit), auditor needs to carry out data extraction from the
SMS and CAS as per the scope mentioned below.

o Extraction of as on date data dumps from the SMS and CAS server
deployed by DPO.

Page 29 of 94
o Analysis on the data dump to verify the 20% random sample weeks of the
audit period in respect of monthly subscriber report submitted by DPO to every
broadcaster. The auditor is required to verify the MSR data for every pay channel of
broadcasters available on DPO’s network for these 20% sample weeks selected on
random basis by the auditor.

o Analysis on data dumps to verify the as on date active, de-active

count of STBs available on the network of DPO.

o Analysis on data dump to report the active STB count on 5 random

th th st th
dates from the audit period other than 7 , 14 , 21 and 28 .

o As on date DPO package wise, a-la-carte and broadcaster bouquet

wise STB/VC details (both from SMS & CAS system)

o Verification and reporting of Channel to package mapping along with

service ID (with creation, modification and discontinue date) from SMS & CAS of
the audit period.

o As on Date Reconciliation of VC and STB from complete CAS and SMS

for the date of Audit. Any discrepancy of VC not active in SMS but found active in
CAS, excluding test/monitoring VC/STB, or vice versa should be reported in Actual
numbers as well as percentage of the total base.

10.4 Details of test/monitoring VC/STB should be separately recorded.

10.5 Auditor will ensure that no parallel SMS or CAS systems which are not reported
by DPO are deployed in the headend of DPO where the audit is being carried out
by auditor.

10.6 Audit will check the transaction logs of the audit period to ensure no manipulation
in the logs of CAS and SMS are done by DPO in order to under report the active
STB count.

Page 30 of 94
 10.7 Reconciliation of LCN and Genre declared by broadcaster with the actual LCN
and genre found during Audit. All mismatches of LCN and genres found during
audit to be reported.

10.8 Auditor to connect STB to DPO signal in headend and Scroll through all channels
and make list of genre wise LCN + Channel name against actual channels seen
on the screen and report all mismatches of LCN and genres found during audit.

10.9 Analysis and verification of TS recording/VC samples provided by broadcasters

may also need to be covered under scope of work. However, the procedure to be
followed for carrying out such analysis and verification are mentioned separately
in the section 17 of the audit manual.

11. Documents required under Subscription audit by auditor

11.1 Valid DAS license/ permission issued by Ministry of Information and Broadcasting.

11.2 Block schematic diagram of Headend including CAS and SMS.

11.3 Certificate from all the CAS vendors (Format as in Annexure 1).

11.4 Certificate from SMS vendors (Format as in Annexure 2).

11.5 Signed and stamped copy of subscription audit form as per Annexure 5.

11.6 Monthly SMS report regarding state wise active/de-active STB count for the
audit period. This report is applicable for all DPOs.

12. Methodology to be adopted for Subscription audit

12.1 The audit either will be caused by the DPO or Broadcaster by selecting BECIL or
any of the audit agencies empanelled by TRAI.

12.2 Once the audit is scheduled, the auditor will immediately ask DPO whether he has
any objections regarding usage of its laptop for the conduct of audit.

Page 31 of 94
12.3 If DPO wants to provide its own laptop for conduct of audit then auditor need to
convey its requirement of software or any other tool required during the conduct of
audit.

12.4 The DPO shall respond immediately on the same whether he is willing to provide
laptop and other necessary tools/software required or wants auditor to use his/her
own laptop.

12.5 The minimum configuration requirement of laptop is mentioned in section 19 of the

Audit Manual which should be provided by DPO to auditor. DPO is free to provide
laptop of higher configuration also.

12.6 The DPO will also be required to inform all the broadcaster regarding the conduct
of subscription audit of its DAS system by the auditor along with audit Schedule in
case of DPO caused audit.

12.7 The auditor will also share the documents requirements with DPO as specified in
Section 11 of the Audit Manual before the conduct of audit.

12.8 Auditor will cover all the scope of work mentioned in section 10 of the audit
manual during subscription audit.

12.9 The data extraction procedure from CAS and SMS should be carried out as
mentioned in section 16 of the Audit Manual.

12.10 In case of DPO having multiple headends, the auditor is required to conduct
subscription audit at these headends separately if any additional CAS or SMS
server are deployed at these headends.

12.11 After completion of subscription audit, auditor shall ensure that subscription
report w.r.t particular broadcaster only contains relevant information which
includes information in respect of his channels and bouquets only. For example, if
there are 20 broadcasters with whom interconnection agreements are signed then
20 such broadcaster wise subscription reports are required to be made.

Page 32 of 94
 12.12 If the audit is caused by the broadcaster then the auditor will share the audit
copies both with broadcaster as well as DPO.

13. Procedure to be followed for inspection of Subscription

audit
13.1 The primary objective of the subscription audit is to validate the monthly
subscriber report submitted by DPO to its respective broadcasters.

13.2 In this regard, scope of work to be covered and data extraction methodology to be
adopted under subscription audit is specified in section 10 and section 16 of the
Audit Manual.

13.3 Thus, auditor needs to ensure that the subscription audit should be carried out
keeping in view of the scope of work and data extraction procedure mentioned in
the Audit Manual.

13.4 The format of the report required under subscription audit is provided in the
Annexure 7 of the audit manual.

13.5 No specific analysis procedure on data dump is specified here and auditor is free
to choose its own analysis method, tools, software to achieve the desired result.

14. Scheduling of Subscription Audits

a) All the DPO are required to conduct the subscription audit within calendar year as
mandated by Interconnection Regulation 2017. Further the first subscription audit under
this framework will be from the date of coming into effect of the framework,
st
but not later than 1 April 2019. The annual Audit as caused by Distributor under
regulation 15 (1) shall be scheduled in such a manner that there is a gap of at-least
six months between the audits of two consecutive calendar years. Further, there

Page 33 of 94
 should not be a gap of more than 18 months between audits of two consecutive
calendar years.

b) Post first subscription audit, the DPO (in case of DPO caused subscription audits)
may conduct the subscription audit of the unaudited period.

c) If the audit is caused by the broadcaster, then he/she can request auditor to
conduct the audit of a maximum of previous 2 years from the date of audit even if the
audit of such period is conducted by the DPO. Provided that the audit under this
framework will be from the date of coming into effect of the framework, but not later than
st
1 April 2019.

15. Timelines for completion of Subscription Audits

a) The auditors are required to complete the subscription audit and submission of
report within 4 weeks from the date of first visit of DPO with subscriber base above 5
lakhs.

b) The auditors are required to complete the subscription audit and submit report within
3 weeks from the date of first audit visit of DPO with subscriber base below 5 lakhs.

c) In case where verification and analysis of TS recording and ground VC are also
required the auditor may take additional one week for sample verification of the
recordings and ground VC samples.

16. Data Extraction procedure to be followed by auditor

under compliance and subscription audit

16.1 DPO to declare all admin/super admin login access to CAS & SMS servers and
will depute a resource who has complete knowledge of the systems (CAS and
SMS). The resource can be common or different for CAS and SMS systems
depending upon his/her expertise.

Page 34 of 94
16.2 The DPO resource under supervision of auditor will take the access in both
systems and extract data and run queries.

16.3 Auditors are not allowed to interfere with the live systems (CAS and SMS) of DPO
without its permission and assistance.

16.4 If the extraction from the live SMS and CAS systems are not possible due to any
technical issue or taking excess time in extraction then auditor are allowed to use
latest automated or manually downloaded dump data from the server after due
verification of the query used for downloading the same.

16.5 If the auditor is satisfied with the procedure of downloaded data dump and finds
that the dump is not compromised or altered, he/she may use the same for audit
purpose.

16.6 Note: The exemption of data extraction from live servers is only applicable
for DPO who are having more than 5 lakhs subscriber base and when there
is practical difficulty is extracting the data dump from live servers. This will
be decided by auditor after understanding the systems of such DPOs and in
case they find explanations relevant.

16.7 The DPO is also requested to share the database structure table’s fields and column
along with other necessary information required by auditor to work on the data dump
in order to extract the active /de-active STB/VC count from the data dump.

16.8 If required, all extracted data should be loaded on PC/ Laptop provided for Audit.

16.9 All data from CAS and SMS server should be extracted in such a manner that no
STB/VC is left out from the database. The Auditors should acquaint themselves
with the data extraction queries that are run on the live CAS & SMS servers.

16.10 Data extraction queries scripts and explanation of terminology used must be
preserved.

Page 35 of 94
16.11 The auditor should understand what all filters (if any) are being applied to either
exclude data of other DPOs, or even exclude data of certain geographical areas
that may have a bearing on the overall count of the subscriber numbers.

16.12 Auditor should be present in-person during the extraction of CAS & SMS data.
Auditor to certify that the Data extraction has been done under his/her supervision.

17. Analysis and Verification of TS recordings/ VC samples

17.1 If the audit is caused by the DPO whether compliance or subscription audit then the
information regarding the schedule/conduct of audit along with audit agency will need
to be shared with broadcasters at least 30 days before the conduct of audit.

17.2 The broadcasters may provide the TS recordings or ground VC (if any) to auditors
for verification and analysis of the TS recordings and VC samples before the
conduct of audit.

17.3 If the audit (whether compliance or subscription audits) is caused by broadcaster

then broadcaster can directly share the information regarding TS recordings or VC
samples (if any) with the audit agency.

17.4 The analysis and verification of TS recordings shall be carried out as per following
procedure:

• The broadcaster cannot share more than 5 TS recordings and 100 VC

samples with auditor in case the audit is caused by DPO. In case the audit is caused by
broadcaster there is no restriction on sample size of TS/VC recordings. Broadcaster
should ensure that these TS recordings and VC samples are correct and should be
provided with date, time and complete address/location details.

• The auditor should verify these TS recordings and VC samples during conduct of
audit. In case he/she is not able to find some VC samples in the CAS and

Page 36 of 94
 SMS database of DPO and TS recordings parameters also have some
variation w.r.t TS recordings of headend than random physical verification of
such VC samples and TS recordings also should be carried out by auditor in
order to validate the shared VC samples/recordings.

• In such cases where a certain amount of VC samples provided by

broadcasters are not found in the CAS and SMS database of DPO then auditor will
select minimum five (5) number of VC samples from these VC samples and one (1) TS
recordings on random basis for carrying out physical verification in order to ensure the
correctness of samples.

• The cost of carrying out minimum physical verification of these TS recordings

and VC samples which are not found in the DPO system shall be borne by the DPO if
the audit is caused by DPO.

• Further, any physical inspection cost during audit caused by broadcaster shall be
borne by broadcaster however 6 minimum (5 VC samples and 1 TS) physical inspection
needs to be carried out by auditor in order to validate the TS recordings and VC samples
which are not found/matched in the system of DPO.

• It may be noted that it should be the responsibility of broadcaster to provide

necessary assistance and support to auditor during physical verification of TS recording
and ground samples whenever validation of such VC samples and TS recordings are
required.

18. Responsibilities in respect of Compliance and

Subscription Audit
A. Distribution Platform Operator
1) The DPO should abide by the provisions of Interconnection Regulation
2017 w.r.t. provisions related to Audit.
2) The DPO should ensure all the compliance of the Digital Addressable
System (CAS, SMS and STB) as per Schedule III of Interconnection

Page 37 of 94
 Regulation 2017 and cause the compliance audit and the subscription
audit of its system every calendar year.

3) Every DPO shall ensure the availability of complete data in CAS and SMS
for minimum 2 years from the date of conduct of audit.

4) It is the responsibility of DPO having shared CAS and SMS systems with
its JV companies to share the complete data from SMS and CAS including JV
companies data with auditor during compliance or subscription audit whether caused
by DPO or broadcaster. Thus, it would be advisable for such DPO to conduct audit of
its complete DAS system including JV companies.

5) The DPO shall timely inform the broadcasters whenever compliance or

subscription audit is scheduled at least 30 days in advance.

6) The DPO will share the relevant part of the report of the compliance audit
and subscription audit caused by DPO with concerned broadcaster.

7) If the subscription audit of DPO reveals more than zero point five percent
variance in the monthly subscription report submitted by DPO of any broadcasters
then it is the responsibility of the DPO to inform those broadcasters regarding
revision of the invoices already issued and paid.

8) The DPO will provide full support and assistance to auditor conducting its
audits whether caused by self or broadcaster.

9) If the DPO does not want auditor to use his laptop for audit purpose then it
is the responsibility of DPO to provide laptop of configuration as mentioned in the
audit manual or higher to auditor. The specification in respect of minimum
configuration of laptop to be provided by DPO is mentioned in section 19 of the Audit
Manual.

10) The DPO also needs to ask auditor about any other specific requirements
in advance regarding the software or tools required for data analysis
purpose before the commencement of audit.
Page 38 of 94
 11) These requirements shall be available to auditor at his disposal for usage
during the conduct of audit whether audit caused by self or broadcaster.

12) DPO should inform broadcaster if below mentioned changes are made in
its CAS, SMS and other related systems within 7 days from the
implementation date of these changes:

a. Addition/Deletion of SMS
b. Change in the SMS version w.r.t last audited SMS
c. Addition/Deletion of CAS
d. Change in the CAS version w.r.t last audited CAS
e. Deployment of new type of STBs by DPO which were not
audited earlier.

13) Subject to conformance to Regulation 11, the distributor may extend

territory of interconnection agreement by giving a written notice to the
broadcaster providing at least 30 days to the broadcaster. In such cases,
the distributor shall also inform the Broadcaster formally after 7 days of
actual extension of the territory.
14) DPO should provide access to CAS, SMS servers and related addressable
system to the auditor and depute a resource/expert of deployed CAS and
SMS systems who will perform data extraction under supervision of auditor.

15) Auditor can demand specific data, logs and reports and the DPO should
extract the data in front of the auditor and provide the same. DPO should ensure that
no STB/VC is left out from the database.

16) The DPO should also allow Broadcaster’s representative in case of audit
initiated by Broadcaster’s to be physically present during the conduct of
audit.

Page 39 of 94
 B. Responsibility of Broadcaster
1) The Broadcaster should abide by the provisions of Interconnection
Regulation 2017 w.r.t. provisions related to Audit.

2) The broadcaster should ensure that the correct TS recordings and ground
VC samples (if any) are provided to auditors before conduct of audit whether
compliance or subscription audit.

3) The broadcaster should also provide full support to auditor and provide
necessary information if required by auditor such as fingerprint schedule, assistance
in physical verification of sample TS recordings/ground VC samples etc.

4) During the audit initiated by broadcaster the representative of broadcaster

will not interfere with the audit proceedings during the conduct of audit. If there are
any relevant concerns or objections the same shall be shared before the conduct of
audit.

5) If the audit is caused by the broadcaster then the broadcaster is not allowed
to send more than two representatives to observe the audit proceedings.

C. Responsibility of Auditor
1) The auditor should abide by the provisions of Interconnection Regulation
2017 w.r.t. provisions related to Audit and the terms and conditions of the
empanelment by TRAI.

2) The Auditors’ main role and responsibility is to carry out the above
mentioned compliance and subscription audits in an objective, transparent and
impartial manner as per provisions of Interconnection Regulations 2017.

Page 40 of 94
3) It is the responsibility of auditor to keep all the data extracted or
information collected during audit confidential and produce only the relevant
information in the audit report.

4) In case the TS recordings and ground VC samples are provided by

broadcasters then auditor should verify whether these TS recordings reconcile with
headend TS recordings and VC samples are also available in the CAS and SMS
database of DPO.

5) If the TS recordings parameters are different from those recorded at headend

and shared VC samples are not found in the CAS and SMS system of DPO then auditor
will also carry out the physical verification of minimum 5 VC samples and 1 TS
recordings in order to check the authenticity of same. These 6 samples (5 VC and 1 TS)
shall be selected on random basis from the list of samples/TS which were not found in
the system of DPO.

6) The subscription audit period shall not be more than 18 months in

case the audit is caused by DPO and 24 months if the audit is caused by
broadcaster.

7) The auditor will not carry any data dump outside the DPO premises without
his consent. If DPO is not comfortable with providing data dump to auditor for data
analysis purposes then auditor shall perform all the data analysis whether under
compliance or subscription audit at DPO premises only.

8) In such cases, the auditor only will be allowed to carry the result of data
analysis along with other necessary documents such as screenshot of queries run,
CAS and SMS generated reports and audit related documents (audit forms, vendor
declarations, annexures etc.). The auditor will also provide a copy of these
documents to DPO.

9) The auditor should not enter into any arguments or dispute with DPO during
conduct of audit. If there are any issues or non-cooperation from DPO during

Page 41 of 94
 audit the auditor shall inform the DPO in writing that the audit could not be
conducted.

10) If auditor feels any justification or explanation is required from DPO on any
particular issue observed during the conduct of audit w.r.t compliance or subscription
audit, he/she may provide the opportunity to DPO before the finalization of audit
report. The justification or explanation of DPO shall also be incorporated in the audit
report along with the issue observed by the auditor.

11) The auditor will not insist on the specified format of the reports generated
from the SMS and CAS systems as mandated in Schedule III of
Interconnection Regulations 2017 or any other report to be generated
under scope of work of audit manual. However, the report should be able
to reflect and produce desirable information.

12) The auditor will make non editable soft copy and hard copy of the audit report
both for compliance and subscription audit. Further, number of copies of
subscription audit report caused by DPO depends upon the number of
broadcasters with whom interconnection agreements are signed by DPO.

13) In case the DPO is non-compliant to any of the provisions of extant

regulation(s) then it is the responsibility of auditor to clearly mention the same in its
report. TRAI should be duly informed of such non-compliance(s) within twenty-one
days of conduct of Audit.

14) The Auditor shall comply with all the instructions, guidelines, directions,
orders etc. issued by TRAI, from time to time, for the purpose of
conducting the audit of the Digital Addressable Systems of the Service
Providers and reporting thereof. TRAI officials may also associate with the
Auditor in the conduct of such audit and the Auditor shall carry out
instructions, if any, given by such officials in writing.

Page 42 of 94
 15) The Auditor shall not undertake audit of addressable system of any
service provider for whom the Auditor is also the statutory auditor or
internal auditor or concurrent auditor or where the Auditor is the consultant
to the service provider.

16) The Auditor shall not undertake audit of the addressable system of any
service provider consecutively for more than three years.

17) The Auditor shall submit the report to TRAI about the details of audits
carried out by the Auditor, as per the format prescribed by TRAI from time
to time.

18) In case the Auditor observes any major discrepancy in the Digital
Addressable Systems of the service provider during audit, the Auditor shall report the
same to TRAI immediately.

19) TRAI reserves the right to review, dissolve the panel of Auditors, extend
the validity of the panel, expand the panel and remove any Auditor from the panel for
unsatisfactory performance, at any time.

20) TRAI may remove any Auditor from the panel of empanelled auditors, in
case, it is established that the Auditor have performed two wrong audits.

21) The Auditor shall continue to meet all the eligibility conditions specified in
the Expression of Interest for Empanelment of Auditors to carry out audit
of Digital Addressable Systems, throughout the period of empanelment.
The Auditor must immediately inform TRAI in case the Auditor fail to meet
any of the eligibility criteria specified, at any time during the period of
empanelment so that TRAI may remove the Auditor from the list of
empaneled auditors. In case the Auditor do not inform, and it comes to the
notice of TRAI through any source at a later date then TRAI may blacklist
such auditor forever and forfeit performance bank guarantee and issue
press release in this regard.

Page 43 of 94
 22) The Auditor shall adhere to the scope of work given in the Expression of
Interest and shall follow the Comprehensive Audit Manual which TRAI may
prescribe.

23) The Auditor and their staff/audit personnel must carry out the tasks with the
highest degree of professional integrity and technical competence. They must
be free from all pressures and inducements, particularly financial, which might
influence their judgment or the results of any assessment, especially from
persons or groups of persons with an interest in such results.

24) The Auditor must guarantee the impartiality of inspection staff/audit

personnel. Their remuneration must not depend on the number of
assessments carried out or on the results of such assessments.

25) In case of any misconduct or negligence; TRAI is free to report the matter
at any time to any Government agency or department/statutory body/ICAI/ ICWAI or
any other concerned professional body.

26) The Auditor shall maintain confidentiality as mentioned in the EOI.

27) The Auditor shall maintain, at all times during its period of empanelment,
necessary office set up and adequate personnel to ensure proper
deployment and timely completion of the assignments.

28) The Auditor shall not sub-contract the audit work assigned to the Auditor
to any outside firm or other persons.

29) In case any information/documents submitted by the Auditor, whether at

the time of submission of proposal or thereafter, to TRAI is found to be incorrect or
false or misleading, the Auditor shall be removed from the panel immediately. In
addition, the audit agency and the professionals will be liable for appropriate action in
accordance with statutory guidelines or professional rules.

30) TRAI reserves the right to remove the Auditor from the panel in case it is
found that any of the conditions laid down in the Expression of Interest have

Page 44 of 94
 been contravened or the performance of the auditor is found to be
unsatisfactory or any serious act of omission or commission is noticed in
the Auditor’s working. In such a case the Auditor will be blacklisted for
empanelment with TRAI for a period of two years. If felt necessary, the
matter may be reported to ICAI and/or RBI/IBA/ICSI/ICWAI/BCI or any
other concerned professional body for necessary action.

31) TRAI may call the Auditor for meetings/ presentation for seeking/
providing clarifications or for reviewing the progress of audit. The Auditor
shall attend such meetings/ presentation at its own expenses.

32) The Auditor shall indemnify and hold TRAI harmless against any and all
claims, demands, disputes or judgment of any nature brought against
TRAI arising out of the services provided by the Auditor to the service
provider under this agreement. TRAI shall be entitled to get the monetary
loss suffered by it, if any, reimbursed from the Auditor. TRAI may also, at
its discretion, remove the Auditor from the panel in such circumstances,
without prejudice to the Auditor’s obligation under this clause, which shall
survive the Auditor’s removal from the panel.

33) In case of disputes/ clarifications arising out of EOI, the decision of TRAI
shall be final and binding on the Auditor.

34) The Auditor shall comply with and be governed by the laws of India for the
time being in force.

Page 45 of 94
19. Minimum Laptop Configuration to be provided by DPO
Subscriber
Subscriber
Subscriber base
base between Subscriber base
Particulars base > 50 between 10
1 Lakh to 10 less than 1 Lakh
Lakhs Lakh to 50
Lakh
Lakh
Intel® Intel® Core™ Intel® Core™ Intel® Core™ i5
Processor
Core™ i7 i5 or i7 i5 or i7 or i7
Hard Disk Space 500 GB or 500 GB or
1 TB or above 100 GB or above
available in C drive above above
16 GB or 16 GB or
RAM 8 GB or above 8 GB or above
above above
No partition
No partition
required in
required in the
Partition in drive the drive, Not Applicable Not Applicable
drive, need a
need a single
single drive
drive
Data source
location RDP Local or RDP Local Local
(Local/Server)
Operating System Windows
Windows 64bit Windows 64bit Windows 64bit
– 32 bit / 64 bit 64bit
Microsoft SQL Microsoft SQL
Microsoft SQL Microsoft
Server Server Express/
Server SQL Server
developer developer edition,
developer developer
edition/Microso Microsoft Access,
edition edition
ft Access Microsoft Excel
(not Express (not Express (not Express Express edition
Microsoft SQL
edition) edition) edition) /Developer
Server
(any year
Management (any year (any year
version (any year version
Studio & SQL version version
of 2012 / of 2012 / 2014
Server Data Tools of 2012 / 2014 of 2012 / 2014
2014 /2016 /2016 /2017)
(SSDT) /2016 /2017) /2016 /2017)
/2017)
Complete
Complete suite Complete suite Complete suite of
 suite of SSDT
of SSDT or of SSDT or SSDT or Visual
or Visual
Visual Studio Visual Studio Studio
Studio
Professional Professional Professional
Professional
.csv or .txt /excel (
Data source format .csv or .txt .csv or .txt .csv or .txt
.xlsx, .xls )

Page 46 of 94
20. Formats of Annexures and Reports
Annexure 1

Format of declaration from CAS Vendor

(On CAS company letterhead)
TO WHOMSOEVER IT MAY CONCERN

This is to certify that M/s ___________(DPO

Name)________________________________address:_______________________
_____________________________________
having its DAS headend at ______________________________________________
has installed Conditional Access System (CAS) from our company for its distribution
network.
Date of CAS Installation and operational: ________ CAS Version: ___________
CAS ID: __________________, Network ID: __________________________
Location of CAS servers (Database server, ECMG, EMMG): ___________________
Detail of main and back up CAS servers installed:________________--__________

Server time format:__________________________________

Database detail:___________________________________

Attached schematic diagram of CAS network including ECMG/EMMG & other

servers installed in headend/remote/back up headend.

With respect to the CAS installed at above mentioned headend and in terms of
Schedule-III of THE TELECOMMUNICATION (BROADCASTING AND CABLE)
SERVICES INTERCONNECTION (ADDRESSABLE SYSTEMS) REGULATIONS,
2017 of TRAI, we confirm the following:

1) All activation and deactivation of STBs can be done with the commands of
the SMS. – CAS certificate to be in two parts – DPO and CAS vendor
2) The current version of CAS does not have any history of hacking.
3) We have the capability of upgrading of CAS in case it gets hacked.
4) The CAS is currently in use by other pay TV services and it has an
aggregate of at least 1 million subscribers in the global pay TV market.
5) It is not possible to alter the data and logs recorded in the CAS.
6) That all the CAS system provided to the said distributor at all the locations
(head-ends) have been duly reported explicitly.
7) We, the CAS system provider are able to provide monthly and date wise
log of activation and deactivation on a particular channel or on a particular Bouquet / Subscriber
Package.
8) This CAS is capable of individually addressing subscribers, on a channel
by channel and STB by STB basis.

Page 47 of 94
9) This CAS is independently capable of generating, recording, and
maintaining logs, for the period of at least immediate preceding two consecutive years,
corresponding to each command executed in the CAS including but not limited to activation
and deactivation commands issued by the SMS.
10) The CAS has the capability of upgrading STBs over-the-air (OTA), so that
the connected STBs can be upgraded.
11) The CAS has the capacity to activate or deactivate services or STBs of at least
5% of the subscriber base of this customer’s distribution network within
24 hours.
12) That we ____________(CAS Company Name) are fully compliant to the
requirements of CAS system as per schedule III of the of THE TELECOMMUNICATION
(BROADCASTING AND CABLE) SERVICES INTERCONNECTION (ADDRESSABLE
SYSTEMS) REGULATIONS, 2017 of TRAI.

I __(_name)______ undertake that the information provided above is true and

full disclosure of all the CAS system(s) provided to the said distributor has been made above
and no information has been concealed.

Thanking you,
For (CAS company name)

(Signature)
Name :
Designation : (not below the level of COO or CEO or CTO)
Date :
Company seal :

Date: (within 30 days prior to audit)

Page 48 of 94
 Annexure 2

Format of declaration from SMS Vendor

(On SMS Company Letter Head)

Date:
TO WHOMSOEVER IT MAY CONCERN

This is to certify that M/s _____________________________________________________,

address: __________________________________________________________________
having its DAS headend at ___________________________________________________
has installed Subscriber Management System (SMS) from our company for its distribution
network.
Date of installation of SMS: ___________________ SMS Version:_____________________

Location of SMS servers: ___________________________________

SMS Database detail with number of instances created:_____________________________

Please find enclosed the schematic diagram of SMS and CAS system(s) integration.

With respect to the SMS installed at above mentioned headend and in terms of Schedule-III
of THE TELECOMMUNICATION (BROADCASTING AND CABLE) SERVICES
INTERCONNECTION (ADDRESSABLE SYSTEMS) REGULATIONS, 2017 of TRAI, we
confirm the following:

1. The SMS is currently in use by other pay TV services that have an aggregate of at
least 1 million subscribers in the global pay TV market (wherever applicable)

2. The SMS has the capacity to activate or deactivate services or STBs of at least 5% of
the subscriber base of the distributor within 24 hours.

3. We have the technical capability in India to be able to maintain our systems on 24x7
basis through the year.

4. We, the SMS system provider are able to provide monthly and date wise log of
activation and deactivation on particular channel or on a particular Bouquet / Subscriber
Package with date/time stamp.

5. The SMS is capable of individually addressing subscribers, on a channel by channel

and STB by STB basis.

6. This SMS is independently capable of generating log of all activations and

deactivations.

Page 49 of 94
7. The SMS is independently capable of generating, recording, and maintaining logs,
for the period of at least immediate preceding two consecutive years, corresponding to each
command executed in the SMS including but not limited to activation and deactivation
commands. ( as per period of service)

8. Please find enclosed sample log of activations & deactivations of a channel

generated from this SMS system.

9. That we ____________(SMS Company Name) are fully compliant to the

requirements of SMS system as per schedule III of the of THE TELECOMMUNICATION
(BROADCASTING AND CABLE) SERVICES INTERCONNECTION (ADDRESSABLE
SYSTEMS) REGULATIONS, 2017 of TRAI.

I __(_name)______ undertake that the information provided above is true and full disclosure
of all the SMS system(s) provided to the said distributor has been made above and no
information has been concealed.

Thanking you,
For (SMS company name)

(Signature)
Name :
Designation : (not below the level of COO or CEO or CTO)/Authoirzed signatory

Company seal :

Page 50 of 94
 Annexure 3

Format of Audit form to be filled in by DPO (Compliance

Audit Form)
On DPO Letter Head

Type of DPO: CATV/HITS/IPTV/DTH

………………………………….. Date : …………………………………

Address of the headend ………………………….

Headend technical person : ………Contact No. ……

FTA PAY TOTAL Total no. of

Transport Stream

No..of SD & HD Channels presently

1
running in the network SD

HD

Version
For Software based (Cardless)
Sl. No. CAS Make Server Location
Encryption Key Video
Strength Length Scrambling
1

Sl. No. SMS Make Version Date of Installation Server Location

(HD, SD, Card/ Embedded CAS

Sl. No. STB Make Model MPEG 2/4
PVR) Cardless Name

A) Conditional Access System (CAS) &

Yes/No
Subscriber Management System (SMS)
 Is the SMS computerized and
1 capable to record the vital information and data concerning the subscribers such as:
a. Unique Customer Id
b. Subscription Contract number
c. Name of the subscriber
d. Billing Address
e. Installation Address
f. Landline telephone number
g. Mobile telephone number

Page 51 of 94
 h. Email id

i. Service/Package subscribed to

j. Unique STB Number

k. Unique VC Number

Is the SMS able to undertake the

2
following:
a. Viewing and printing historical data
in terms of the activations,
deactivations etc.
b. Location of each and every set top
box VC unit
c. Generating historical data of
changes in the subscriptions for each
subscriber and the corresponding
source of requests made by the
subscriber.
i. The total number of registered
subscribers.
ii. The total number of active
subscribers.
iii. The total number of temporary
suspended subscribers.

iv. The total number of deactivated

subscribers.
v. List of blacklisted STBs in the
system.
vi. Channel and bouquet wise
monthly subscription report in the
prescribed format.
vii. The names of the channels
forming part of each bouquet.
viii. The total number of active
subscribers subscribing to a
particular channel or bouquet at a
given time.
ix. The name of a-la carte channel
and bouquet subscribed by a
subscriber.
x. The ageing report for subscription
of a particular channel or bouquet.

Are SMS and CA integrated for

activation and deactivation process
from SMS to be simultaneously done
3 through both the systems? Is the CA
system independently capable of
generating log of all activation and
deactivations?
Are SMS & CAS capable of
CAS SMS

individually addressing subscribers,

4
on a channel by channel and STB by
 STB basis?
For VC based CAS, is the STB & VC
5 paired from head-end to ensure
security?
Is CAS system provider able to
provide monthly log of the activations
6
on a particular channel or on the
particular package?
Is SMS able to generate itemized
7 billing such as content cost, rental of
the equipments, taxes etc?
Do CAS & SMS have provision to tag
CAS SMS

and blacklist VC numbers and STB

numbers that have been involved in
8
piracy in the past to ensure that the
VC or the STB cannot be
redeployed?
Is CAS able to provide reports at any
9
desired time about:

Page 52 of 94
 a. Active and De-active VC wise
details as on any particular date
b. STB-VC Pairing / De-Pairing
c. STB Activation / De-activation
d. Channels Assignment to STB
e. Report of the activations or the
deactivations of a particular
channel for a given period.

Is CAS & SMS able to provide

10 CAS SMS
reports at any desired time about:
a. VC wise log of changes in
packages/channels for any particular
period
b. Logs of creation and modification
of packages for any particular period
Total No. of STBs deployed in the In field SD:
12
network presently? In field HD:
STB1 STB2 STB3 STB4 STB5

B) Fingerprinting & Scroll messaging

Yes/No

Is FP Facility available (ECM/EMM)

a. Visible (Overt)
1
b. Invisible (Covert))?

Is the finger printing removable by

2 pressing any key on the remote
control / front panel of STB?
Is the fingerprinting on the topmost
3
layer of the video?
Can the Finger printing identify the
4 unique STB number or the unique
Viewing Card (VC) number?
Does fingerprinting appear on all the
5 screens of the STB, such as Menu,
EPG etc.?
Is the location of the Finger printing
6 changeable from the Headend and
random on the viewing device?
Is finger printing possible on global
STB basis?
8
Is finger printing possible on
individual STB basis?
Is overt finger printing displayed by
the MSO without any alteration with
9
regard to the time, location, duration
and frequency.

Is the STB capable of doing finger

printing and support Entitlement
control message (ECM) based finger
10 printing?
 Is the STB capable of doing finger
printing and support Entitlement
management Message (EMM) based
finger printing?
Is the scroll messaging character
11
length 120 or more?
Does STB has forced messaging
12
capability?
Is there provision for the global
13 messaging, group messaging and
the individual STB messaging?

STB1 STB2 STB3 STB4 STB5

D) STB
Yes/No

Is Valid BIS certificate of each model

1
of STB available?
Does the STBs with facilities for
2 recording the programs have copy
protection system?

Page 53 of 94
3 Is STB addressable to be upgraded by OTA?
4 Watermark of the network logo is Encoder or STB generated?

I __(_name)______ undertake that the information provided above is true and full disclosure
of all the CAS and SMS system(s) and STB has been made above and no information has
been concealed.

DPO Signature
(Signature)
Name :
Designation : (not below the level of COO or CEO or CTO)/Authorized signatory

Company seal :

Page 54 of 94
 Annexure 4

Format of declaration from STB Vendor

(On STB company letterhead)
TO WHOMSOEVER IT MAY CONCERN

This is to certify that M/s ___________(DPO

Name)________________________________address:_______________________
_____________________________________
having its DAS headend at ______________________________________________
has procured below mention STB model no from our company for its distribution
network.
S. no STB Model no BIS Compliant (yes/No) Date of BIS Certificate

All the STB deployed/purchased by DPO are in compliance to Schedule-III of THE

TELECOMMUNICATION (BROADCASTING AND CABLE) SERVICES
INTERCONNECTION (ADDRESSABLE SYSTEMS) REGULATIONS, 2017 of TRAI
w.r.t STB requirements as mentioned below:
1. All STBs should have a Conditional Access System
2. The STB should be capable of decrypting the Conditional Access
messages inserted by the Head-end.
3. The STB should be capable of doing fingerprinting. The STB should
support both Entitlement Control Message (ECM) and Entitlement Management
Message (EMM) based fingerprinting.
4. The STB should be individually addressable from the Head-end.
5. The STB should be able to receive messages from the Head-end.
6. The messaging character length should be minimal 120 characters.
7. There should be provision for global messaging, group messaging and the
individual STB messaging
8. The STB should have forced messaging capability including forced finger
printing display.
9. The STB must be compliant to the applicable Bureau of Indian Standards
10. The STBs should be addressable over the air to facilitate OTA software
upgrade.
11. The STBs with facilities for recording the programs shall have a copy
protection system
I __(_name)______ undertake that the information provided above is true and full disclosure
of all the STB(s) provided to the said distributor has been made above and no information
has been concealed.

Page 55 of 94
Thanking you,
For (STB company name)

(Signature)

Name :
Designation : (not below the level of COO or CEO or CTO)
Date :

Company seal :

Date: (……………………………….)

Page 56 of 94
 Annexure 5

Format of subscription audit form

(Letter head of DPO)

DPO
S.No Area Data requested
Response

1 Head End General Details

1.1 Details Headend Location

1.2 Date of establishment of the Headend

Number of digital headend/sub Headends with encryption

1.3
details and areas covered
Hardware Details ( if it is not covered in network diagram
2
of all DHE’s)
2.1 Details of IRD's with make & model number

3 Others

3.1 Local Channel detail:(number of local channels)

3.2 Is a unique LCN defined for each channel(Service ID)

3.3 Encryption:

3.4 Transport streams:

3.5 Number of Transport Streams

3.6 Watermarking:

3.7 Is watermark inserted? If yes, from where?

4 Features

4.1 Make & version number

Types of STB's used with make, model number &

4.2
compatibility with CAS
4.3 STB-VC ID Pairing details if applicable

Modules in SMS & the activities performed for each of the

4.4
module
Audit/trail/log of all changes for all changes made to the
4.5
customer account & STB
Subscriber
4.6 Channels to package mapping

Management
4.7 Fingerprinting ( STB wise, Group/All)
System
4.8 (SMS) Messaging ( STB wise, Group/All)
5 Reporting

Is reporting module configured to extract the following

5.1
reports:
As on historical date, count and details of STB status
5.2
(active/de-active) as per the system
Count and details of Activation/ deactivation of STBs for a
5.3
defined period
STB/Account wise Package modification report for a defined
5.4
period
Conditional
Features
6 Access
System Number of CA systems installed at the headend & the version
6.1
(CAS) of each

Page 57 of 94
 6.2 Number of channels configured on each CAS
6.3 Channel(SID) to package/product mapping
6.4 Fingerprinting (STB wise, Group/All)
6.5 Messaging ( STB wise, Group/All)
6.6 Audit/trail/log of all changes for each CAS
7 Reporting
7.1 Is reporting module configured to extract the
following reports:
7.2 As on historical date, count and details of active STB
status as per the system
7.3 Activation and deactivation log for each STB/ VC Id
Activation and deactivation log of channels and packages for
7.4
each STB/ VC ID

Undertaking

I __(_name)______ undertake that the information provided above is true, full and
complete disclosure of all the CAS and SMS system(s) and STB has been made above and
no information has been concealed.

(Signature)
Name :
Designation : (not below the level of COO or CEO or CTO)/Authoirzed signatory

Company seal :

Page 58 of 94
 Annexure 6

Compliance Report of
Addressable System of
M/s ______________
for conformity to Schedule III of
Interconnection Regulation 2017

Page 59 of 94
Contents
1 Introduction and Background ....................................................................................... 61
1.1 Background of the DPO .............................................................................. 61
1.2 Terminologies used in Audit Report ............................................................ 61
1.3 Headend Architecture ................................................................................. 61
1.3.1 Details of Broadcaster’s IRD(s) ...................................................................... 62
1.3.2 Details of CAS(s) ........................................................................................... 62
1.3.3 Details of SMS(s) ........................................................................................... 62
1.3.4 Detail of the Signal Processing Systems ........................................................ 63
1.3.5 LCN wise service details ................................................................................ 63
1.3.6 Package Configuration ................................................................................... 63
1.4 Network Architecture ................................................................................... 64
1.5 Set Top Box Management Process ............................................................. 64
1.6 Consumer Acquisition Process ................................................................... 64
1.7 Data Management Process ......................................................................... 65
2 Methodology Adopted for Compliance Audit ................................................................ 66
3 Audit Details ................................................................................................................. 67
3.1 Audit Period & Locations ............................................................................. 67
4 Schedule III Compliance Report ................................................................................... 68
4.1 Compliance Report for CAS & SMS ............................................................ 68
4.2 Compliance Report for Finger Printing ........................................................ 68
4.3 Compliance Report for STB ........................................................................ 68
5 Auditor’s Observations ................................................................................................. 70
6 Auditor’s Opinion & Conclusion .................................................................................... 71
7 Annexures.................................................................................................................... 72

Page 60 of 94
INTRODUCTION AND BACKGROUND

Background of the DPO

[
Background on the DPO organization.
Brief detail of the business operation and experience on the cable TV distribution.
Details regarding the expansion of the DPO services
Annexure: Copy of valid license/ permission from MoI&B
]

Terminologies used in Audit Report

Explanation of terms used in the report but are not part of the Act/ Rules/ Regulations/
Guidelines
]

Headend Architecture

Explanation on the entire infrastructure of the DPO including Disaster Recovery Site for the
operations.

Explanation of the following processes:

i. Content Reception
ii. Content Procession
iii. Encryption details
iv. Monitoring setup
v. Content reception at consumer premises
Annexure: Copy of Headend Schematic Diagram

Page 61 of 94
]

Details of Broadcaster’s IRD(s)

[
List of Broadcaster’s IRDs present at the headend and their operational status
]

Details of CAS(s)

[
Details of the CAS(s) installed

Detail of the licensed/authorized VC/STBs available in the respective CAS(s)

]

Details of SMS(s)

[
Details of the SMS(s) installed

Detail of the SMS(s) installed with the respective CAS(s)

]

Page 62 of 94
Detail of the Signal Processing Systems

Details w.r.t. configurations of the following hardware in the network (at main/ satellite /
remote headends)
i. EMM Servers
ii. ECM Servers
iii. Scramblers
iv. QAM
v. Multiplexers
vi. PSI/ SI servers
vii. Fiber transmitters
]

LCN wise service details

[
List of the LCN-wise channels present on the EPG as well as content available on the screen (to
be checked and recorded after assigning all the available services to the test STB)

Package Configuration

[
i. Package-wise list and detail of services configured in SMS(s) for entire period of audit
ii. Package-wise list and detail of services configured in CAS(s) for entire period of audit
]

Page 63 of 94
Network Architecture

[
Annexure: Copy of Network Diagram w.r.t. Main Headend and Satellite/ Remote Headends
]

Set Top Box Management Process

[
Detail of the STB management system w.r.t. following:
i. Authorization process of STB/ VC in CAS,
ii. Transfer of STBs/VCs from DPO to LCO and LCO to consumer

Annexure: Flow Chart of the STB Management

]

Consumer Acquisition Process

Detail of the consumer acquisition process including allocation of the STB/VC, pairing of
STB-VC and activation of packages/ services on the STB

Identification process of each STB in cases when multiple STB are assigned to single
consumer

Annexure: Flow Chart of the Consumer Acquisition Process

]

Page 64 of 94
Data Management Process

Explanation of the system and procedure adopted by DPO for management of the data from
CAS and SMS deployed for the headend

Explanation may include details regarding:

i. Servers
ii. Backup server/ Mirror server
iii. Reporting servers
iv. Etc.
]

Page 65 of 94
METHODOLOGY ADOPTED FOR COMPLIANCE AUDIT

Section will provide details of the audit team(s) and explanation of the procedure for
compliance audit.
]

Page 66 of 94
AUDIT DETAILS

[]

Audit Period & Locations

Section will provide the audit period including no. of audit visits and duration of each visit and
details of visit at remote site(s)
]

Page 67 of 94
SCHEDULE III COMPLIANCE REPORT

[]

Compliance Report for CAS & SMS

Section will cover point-wise compliance for the requirements w.r.t. CAS & SMS specified in
the Schedule-III of the Interconnection Regulations 2017
(Ideally in tabular form)
]

Compliance Report for Finger Printing

Section will cover point-wise compliance for the requirements w.r.t. fingerprinting specified in
the Schedule-III of the Interconnection Regulations 2017
(Ideally in tabular form)
]

Compliance Report for STB

Section will cover point-wise compliance for the requirements w.r.t. STB specified in the
Schedule-III of the Interconnection Regulations 2017

Page 68 of 94
(Ideally in tabular form)
]

Page 69 of 94
AUDITOR’S OBSERVATIONS

Section will cover point-wise explanation for any-compliance parameter OR any deviation
OR any abnormality in the Addressable System w.r.t. the requirements specified in the
Scope of work in the Audit Manual
(Ideally in tabular form)

Scope of Work Status/ Observations

IP configuration to confirm and identify servers and mux deployed

Inventory details of the Broadcasters IRDs+ VCs

MUX configuration to validate number of Transport Streams

(“TS”)

Details of QAM installed in the network

Record of PSI/ SI servers (for EPG and LCN)

Watermarking provisions

Encryption status of the channels/ services

Compliance Status of the CAS & SMS

Compliance Status of the Fingerprinting

Compliance Status of the STBs deployed

Analysis of TS / VCs

Page 70 of 94
AUDITOR’S OPINION & CONCLUSION

Section will provide the auditor’s opinion and conclusion for the addressable system
deployed by the DPO
]

Page 71 of 94
 ANNEXURES OF PRE-SIGNAL/COMPLIANCE AUDIT REPORT

[
Section will have the annexures as required and mentioned in the Audit Report
]

a)

b) Format of Subscription Audit Report (Annexure 7).

Page 72 of 94
 Annexure-7

Audit Report of verification carried out

for
conforming the completeness,
truthfulness and correctness of
Monthly Subscription Reports (MSR)
submitted to
_<Name of the Broadcaster>_ by
M/s ______________

Page 73 of 94
Contents
1 Introduction and Background ....................................................................................... 75
1.1 Background of the DPO .............................................................................. 75
1.2 Terminologies used in Audit Report ............................................................ 75
1.3 Headend Architecture ................................................................................. 75
1.3.1 Details of Broadcaster’s IRD(s) ...................................................................... 76
1.3.2 Details of CAS(s) ........................................................................................... 76
1.3.3 Details of SMS(s) ........................................................................................... 76
1.3.4 Detail of the Signal Processing Systems ........................................................ 77
1.3.5 LCN wise service details ................................................................................ 77
1.3.6 Package Configuration ................................................................................... 77
1.4 Network Architecture ................................................................................... 78
1.5 Set Top Box Management Process ............................................................. 78
1.6 Consumer Acquisition Process ................................................................... 78
1.7 Data Management Process ......................................................................... 79
2 Methodology Adopted for Compliance Audit ................................................................ 80
3 Audit Details ................................................................................................................. 81
3.1 Audit Period & Locations ............................................................................. 81
4 Audit Report ................................................................................................................. 82
5 Auditor’s Observations ................................................................................................. 88
6 Auditor’s Opinion & Conclusion .................................................................................... 89
7 Annexures.................................................................................................................... 90

Page 74 of 94
INTRODUCTION AND BACKGROUND

Background of the DPO

[
Background on the DPO organization.
Brief detail of the business operation and experience on the cable TV distribution.
Details regarding the expansion of the DPO services
Annexure: Copy of valid license/ permission from MoI&B
]

Terminologies used in Audit Report

Explanation of terms used in the report but are not part of the Act/ Rules/ Regulations/
Guidelines
]

Headend Architecture

Explanation on the entire infrastructure of the DPO including Disaster Recovery Site for the
operations.

Explanation of the following processes:

i. Content Reception
ii. Content Procession
iii. Encryption details
iv. Monitoring setup
v. Content reception at consumer premises
Annexure: Copy of Headend Schematic Diagram

Page 75 of 94
]

Details of Broadcaster’s IRD(s)

[
List of Broadcaster’s IRDs present at the headend and their operational status
]

Details of CAS(s)

[
Details of the CAS(s) installed

Detail of the licensed/authorized VC/STBs available in the respective CAS(s)

]

Details of SMS(s)

[
Details of the SMS(s) installed

Detail of the SMS(s) installed with the respective CAS(s)

]

Page 76 of 94
Detail of the Signal Processing Systems

Details w.r.t. configurations of the following hardware in the network (at main/ satellite /
remote headends)
i. EMM Servers
ii. ECM Servers
iii. Scramblers
iv. QAM
v. Multiplexers
vi. PSI/ SI servers
vii. Fiber transmitters
]

LCN wise service details

[
List of the LCN-wise channels present on the EPG as well as content available on the screen (to
be checked and recorded after assigning all the available services to the test STB)

Package Configuration

[
i. Package-wise list and detail of services configured in SMS(s) for entire period of audit
ii. Package-wise list and detail of services configured in CAS(s) for entire period of audit
]

Page 77 of 94
Network Architecture

[
Annexure: Copy of Network Diagram w.r.t. Main Headend and Satellite/ Remote Headends
]

Set Top Box Management Process

[
Detail of the STB management system w.r.t. following:
i. Authorization process of STB/ VC in CAS,
ii. Transfer of STBs/VCs from DPO to LCO and LCO to consumer

Annexure: Flow Chart of the STB Management

]

Consumer Acquisition Process

Detail of the consumer acquisition process including allocation of the STB/VC, pairing of
STB-VC and activation of packages/ services on the STB

Identification process of each STB in cases when multiple STB are assigned to single
consumer

Annexure: Flow Chart of the Consumer Acquisition Process

]

Page 78 of 94
Data Management Process

Explanation of the system and procedure adopted by DPO for management of the data from
CAS and SMS deployed for the headend

Explanation may include details regarding:

i. Servers
ii. Backup server/ Mirror server
iii. Reporting servers
iv. Etc.
]

Page 79 of 94
METHODOLOGY ADOPTED FOR COMPLIANCE AUDIT

Section will provide details of the audit team(s) and explanation of the procedure for
compliance audit.
]

Page 80 of 94
AUDIT DETAILS

[]

Audit Period & Locations

Section will provide the audit period including no. of audit visits and duration of each visit
and details of visit at remote site(s)
]

Page 81 of 94
AUDIT REPORT

[]

List of <Name of the Broadcaster>’s channels distributed by the DPO

Auditor will provide the list of broadcaster’s channels which are being distributed by the DPO
OR were distributed by the DPO in entire duration of the audit
(Ideally in tabular form)
]

Count of subscribers as derived by the auditor

Total count of subscribers

Count as on Count of VC/ STB

XX.XX.XXXX
As per CAS As per SMS Present in Present in
SMS not in CAS not in
CAS SMS

Active count

CAS 1

CAS 2

CAS 3

---

CAS N

Inactive
count

CAS 1

CAS 2

CAS 3
Page 82 of 94
---

CAS N

Page 83 of 94
Subscriber Count of Channel 1

As on XX.XX.XXXX (any of the randomly picked date from MSR)

Count as on Count of VC/ STB

XX.XX.XXXX
As per As per ------ As per As per Present Present ------- Present Present
CAS 1 CAS 2 CAS N SMS in SMS in SMS - in SMS in CAS
not in not in not in not in
CAS 1 CAS 2 CAS N SMS

A-la-carte
Subscriptions

Broadcaster’s Package
1 Subscriptions

Broadcaster’s Package
2 Subscriptions

-------

Broadcaster’s Package
N Subscriptions

DPO’s Package 1
Subscriptions

DPO’s Package 2
Subscriptions
Page 84 of 94
-------

DPO’s Package N
Subscriptions

Page 85 of 94
[
Section will cover reports for at least 12 weeks i.e. 12 dates for all the PAY Channels

Page 86 of 94
Deviation in the count

87
AUDITOR’S OBSERVATIONS

Section will cover point-wise explanation for deviation in the count from
MSR (Ideally in tabular form)

Scope of Work Status/ Observations

Observations on the Data Extraction Process

Observations on the Data Analysis

Observations on the Channel to Package Mapping

Observations and details of Test STB/ VCs

Observations on the transaction logs

EPG wise channel List

Observations on analysis of TS Recordings

88
AUDITOR’S OPINION & CONCLUSION

Section will provide the auditor’s opinion and conclusion for the Completeness, Correctness
and Truthfulness of the Subscriber count
]

89
ANNEXURES OF SUBSCRIPTION AUDIT REPORT

[
Section will have the annexures as required and mentioned in the Audit Report
]

90