Information Security Policy

We are rolling out the Information Security Policy to comply with our mandate to protect customer information that we get access to and also the intellectual property of the organisation.

We request everyone to review this document in detail and understand the same. If anyone is unsure about what constituted Information Security Policy, then he/she should ask his/her supervisor for further guidance and clarification or can contact the IT Department.

All terms and conditions as stated in this document are applicable to all employees and contractors within the organisation’s network. All terms and conditions as stated in this document reflect an agreement of all parties and should be governed and interpreted in accordance with the policies and procedures mentioned herein. Any user violating these policies is subject to disciplinary actions deemed appropriate by the organisation.

All Users’ systems will be given sufficient rights to perform their job function.

Where possible no one person will have full rights to any system. The IT Department will control network/server passwords and system passwords will be assigned by the system administrator to the users.

Access to the systems/Internet will be by individual username and password.

Usernames and passwords must not be shared with others nor be written down.

All users will have an alphanumeric password of at least 8 characters and passwords will expire every 90 days and must be unique.

CMD and System Admin have read and write access to USB and DVD writer. Except CMD and System Admin, all employees’ workstations and laptops will have no access to USB and DVD.

Employees cannot carry any DVD/CD and Pen Drives inside the organisation.

Printer should be used judiciously for business purpose only. No print outs should be left on the printer.

The HR Department will notify the IT Department of all employees leaving the organisation’s employment. The IT Department will then remove the employees’ rights to all systems.

The internet service should be used primarily for official purposes.

Users should not access any non-business-related internet sites. Doing so can lead to disciplinary action up to and including termination of employment.

User should not download any software including freeware without prior permission from the IT Department.

User should not involve Hacking into unauthorised websites.

Internet access is limited to job-related activities only and personal use is not permitted.

The email service must be used primarily for official purposes.

User should not share the company’s confidential information outside of the company.

Viewing or sending pornography is considered sexual harassment.

The company owns any communication sent via email. Management and authorized staff can access any material in email or computer.

No defamatory content allowed. No chain letters, solicitations, or non-business emails.

IT Department ensures proper licenses.

No pirated software.

No unauthorized installations.

Contractors must be supervised.

Weekend work must be informed.

Logout when leaving workstation.

Switch off unused systems.

Servers kept locked.

Daily fingerprint mandatory.

Access card required. Lost card must be reported.

Missing swipe considered loss of pay.

Employees provided with company laptops are responsible for their physical security and maintenance.

Antivirus software must be kept up-to-date at all times.

Regular backups of business data must be maintained.

In case of damage or loss, it must be reported immediately to the IT Department.