India’s NCCS Allows Software Changes During Security Testing Under ITSAR Framework

The National Centre for Communication Security (NCCS) has issued a regulatory update providing clarification for applicants undergoing security testing at Telecommunication Security Testing Laboratories (TSTL) under the ITSAR framework.

This update introduces greater flexibility in handling software changes during the testing process, addressing a key challenge previously faced by manufacturers and OEMs.

Key Update: Software Changes Now Permitted During Testing

As per the latest NCCS notification:

Software modifications are now permitted during testing at TSTL, subject to submission of the required declarations.
The applicable documentation depends on the nature of the change:
- Software changes → Submission of Annexure I and Annexure II is required
- Minor corrections (e.g. typographical errors in ITSAR BOM without any software change) → Submission of Annexure II only

This provides a structured pathway for applicants to make necessary updates without restarting the certification process.

Prior to this update, making software changes during ITSAR testing was highly restrictive, often requiring:

re-submission of applications
additional testing cycles
extended certification timelines

This lack of flexibility created operational challenges for manufacturers, particularly when minor updates or corrections were required during testing.

Impact on Manufacturers and OEMs

The NCCS update introduces several practical benefits for industry stakeholders:

Enables OEMs to implement necessary software updates during the testing phase
Helps reduce delays in certification timelines
Improves overall efficiency of the ITSAR testing and approval process

By allowing controlled software changes with proper documentation, the framework becomes more aligned with real-world product development and testing cycles.

Documentation Requirements

Applicants must ensure that the appropriate annexures are submitted depending on the nature of the change:

Annexure I and Annexure II for software-related changes
Annexure II only for non-software-related minor corrections

These declarations form a critical part of maintaining traceability and compliance integrity during the testing process.

For more information, access the official NCCS notification below.

How C-PRAV Can Support You

Navigating ITSAR requirements and NCCS security testing procedures can be complex, particularly when managing documentation, testing timelines, and regulatory updates.

C-PRAV supports manufacturers with:

Guidance on NCCS and ITSAR compliance requirements
Assistance with documentation, including Annexure submissions
Coordination with TSTLs for testing and certification processes
End-to-end support to ensure efficient and compliant market access in India

For further information or assistance, please contact:
📩 india@c-prav.com
📞 +91 99023 85494

Choose Compliance. Choose Certifications. Choose C-PRAV with Confidence.

Share the Post:

More Regulatory Updates

Australia’s ACMA Opens Consultation on Draft Five-Year Spectrum Outlook 2026–31

The Australian Communications and Media Authority (ACMA) has released its Draft Five-Year Spectrum Outlook (FYSO) 2026–31, outlining its strategic priorities

BIS Issues Implementation Guidelines for Revised Standard IS 16102 (Part 1):2026 for Self-Ballasted LED Lamps

The Bureau of Indian Standards (BIS) has issued guidelines for the implementation of the revised Indian Standard IS 16102 (Part