TM Forum Community

 View Only

  • 1.  UK Telecommunications Security Act (TSA) & Frameworx

    Posted Sep 23, 2025 05:49

    Friends, 

    Is there any specific guidance, framework adaptions or insights, as to how Frameworx with its Business Process Framework (eTOM), the Information Framework (SID), and the Application Framework (TAM), can and should be adapted towards the specific requirements of the UK TSA?

    Kind Regards,

    David.


    #BusinessAssurance
    #General

    ------------------------------
    J David Sharples
    BT Group plc
    ------------------------------


  • 2.  RE: UK Telecommunications Security Act (TSA) & Frameworx

    Posted Sep 23, 2025 17:08
    There is emerging guidance and community insight on how TM Forum's Framework-including eTOM, SID, and TAM-can be adapted to meet the specific requirements of the UK Telecommunications Security Act (TSA). 
    points:
     
    1. Alignment of Framework with UK TSA Layers
    The UK TSA introduces a three-layer security framework:
     
    Layer 1: Overarching security duties (via amendments to the Communications Act 2003)
    Layer 2: Specific security measures (Electronic Communications Security Measures Regulations 2022)
    Layer 3: Technical guidance (Code of Practice issued by DCMS and NCSC) 1
    Framework adaptation can support these layers as follows:
     
    eTOM (Business Process Framework)
    Can be mapped to TSA's operational and governance requirements.
    Processes like Security Management, Risk Management, and Service Assurance are directly relevant.
    eTOM's Operations Support & Readiness (OSR) and Enterprise Management domains can be extended to include TSA-specific controls such as patching, monitoring, and incident response.
    SID (Information Framework)
    Helps define and manage security-related data entities, such as:
    Network elements
    Access controls
    Vulnerability records
    SID can be extended to model security posture, compliance status, and audit trails-critical for TSA reporting and oversight.
    TAM (Application Framework)
    Useful for identifying and categorizing applications that support TSA compliance (e.g., SIEM, PAM, vulnerability scanners).
    TAM can be adapted to highlight security-critical applications and their interdependencies, aiding in risk assessment and remediation planning.


    ------------------------------
    Chirag Raval
    Lead Consultant
    Infosys Ltd
    ------------------------------

    Original Message


  • 3.  RE: UK Telecommunications Security Act (TSA) & Frameworx

    Posted Sep 24, 2025 05:58
    Edited by David Milham Sep 24, 2025 06:12

    The need to support Critical Infrastructure Regulation came up in the ODA Security and Privacy team ( now closed) we are expecting to pick up Telecom and other regulation in the AI and Data Security and GRC ( Governance Regulation Compliance) team.

    In addition to comments from  Chirag Raval.



    ------------------------------
    Dave Milham
    TM Forum, Chief Architect
    ------------------------------

    Original Message


  • 4.  RE: UK Telecommunications Security Act (TSA) & Frameworx

    Posted Sep 29, 2025 13:18

    Hi David,

    There is emerging guidance on aligning Frameworx with the UK TSA. For example, eTOM can map to operational and governance requirements, SID can manage security-related data, and TAM can categorize security-critical applications. You may also find this related internal resource helpful: Frameworx Security & Guaranteed Rent UK Compliance Best Practices.



    ------------------------------
    Keara will
    TO BE VERIFIED
    ------------------------------

    Original Message


  • 5.  RE: UK Telecommunications Security Act (TSA) & Frameworx

    Posted Oct 02, 2025 16:24
    Edited by David Milham Oct 03, 2025 08:46

    Thank you for this feedback. In the material i mentioned in the earlier post is based on ETOM and SID. The link you posted seems to be broken so i was unable to check that material.



    ------------------------------
    Dave Milham
    TM Forum, Chief Architect
    ------------------------------

    Original Message


  • 6.  RE: UK Telecommunications Security Act (TSA) & Frameworx

    Posted Oct 03, 2025 08:57

    I should have mentioned that we have just kicked off under the AI-Native Blueprint project  a Security and Governance team whcih likely will look at both AI and Data Governance and Critical Infrastructure Regulations including TSA.

     Members can join AI Native Blueprint project by registering at TM Forum - Site Content - Page - Collaboration projects  
    meeting are 23:00BST Mondays(late)  and 08:00BST Tuesdays  and you can join either. Calendar entries are on the project pages which you can reach after registering.



    ------------------------------
    Dave Milham
    TM Forum, Chief Architect
    ------------------------------

    Original Message


Related Content