5

An inspector may—

a

at any reasonable time enter the premises of an OES or RDSP (except any premises used wholly or mainly as a private dwelling) if the inspector has reasonable grounds to believe that entry to those premises may be necessary or helpful for the purpose of the inspection;

b

require an OES or RDSP to leave undisturbed and not to dispose of, render inaccessible or alter in any way any material, document, information, in whatever form and wherever it is held (including where it is held remotely), or equipment which is, or which the inspector considers to be, relevant for such period as is, or as the inspector considers to be, necessary for the purposes of the inspection;

c

require an OES or RDSP to produce and provide the inspector with access, for the purposes of the inspection, to any such material, document, information or equipment which is, or which the inspector considers to be, relevant to the inspection, either immediately or within such period as the inspector may specify;

d

examine, print, copy or remove any document or information, and examine or remove any material or equipment (including for the purposes of printing or copying any document or information) which is, or which the inspector considers to be, relevant for such period as is, or as the inspector considers to be, necessary for the purposes of the inspection;

e

take a statement or statements from any person;

f

conduct, or direct the OES or RDSP to conduct, tests;

g

take any other action that the inspector considers appropriate and reasonably required for the purposes of the inspection.

6

The inspector must—

a

produce proof of the inspector’s identity if requested by any person present at the premises; and

b

take appropriate and proportionate measures to ensure that any material, document, information or equipment removed in accordance with paragraph (5)(d) is kept secure from unauthorised access, interference and physical damage.

7

Before exercising any power under paragraph (5)(b) to (d) or (g), the inspector—

a

must take such measures as appear to the inspector appropriate and proportionate to ensure that the ability of the OES or RDSP, as the case may be, to comply with any duty set out in these Regulations will not be affected; and

b

may consult such persons as appear to the inspector appropriate for the purpose of ascertaining the risks, if any, there may be in doing anything which the inspector proposes to do under that power.

8

Where under paragraph (5)(d) an inspector removes any document, material or equipment, the inspector must provide, to the extent practicable, a notice giving—

a

sufficient particulars of that document, material or equipment for it to be identifiable; and

b

details of any procedures in relation to the handling or return of the document, material or equipment.

9

In this regulation—

a

a reference to a “test” is a reference to any process which is—

i

employed to verify assertions about the security of a network or information system; and

ii

based on interacting with that system, including components of that system,

and includes the exercising of any relevant security or resilience management process;

b

“inspection” means any activity carried out (including any steps mentioned in paragraph (5)) for the purpose of—

i

verifying compliance with the requirements of these Regulations; or

ii

assessing or gathering evidence of potential or alleged failures to comply with the requirements of these Regulations,

including any necessary follow-up activity for either purpose;

c

“inspector” means any person conducting all or any part of an inspection in accordance with paragraph (1) or (2).