information technology: POLICY MANUAL

 

  

About the Information Technology Guidelines. 1 

1.          Purchase. 1

2.          Employee Training. 1

3.          IT Support 1

Personal Computer (PC) Standards. 1

1.          Objective. 1

2.          General Guidelines. 1

3.          Network Access. 1

4.          Antivirus Software. 1

Internet Usage Guidelines. 1

1.          Objective. 1

2.          General Guidelines. 1

Information Security Guidelines. 1

1.          Objective. 1

2.          General Guidelines. 1

3.          Access Control 1

4.          Virus Prevention. 1

5.          Intrusion Detection. 1

Email & Chat Guidelines. 1

1.          Objective. 1

2.          General Guidelines. 1

3.          Ownership. 1

4.          Confidentiality. 1

5.          Email Security. 1

6.          Inappropriate Use. 1

Software Usage guidelines. 1

1.          Objective. 1

2.          General Guidelines. 1

3.          Compliance. 1

 

 

 

 

1.  About the Information Technology Guidelines

 

The IT guideline  is to define and exercise the working of IT infrastructure of the institution for smooth working and data protection. This will be imposed on all the stakeholders of the institution for uniformity and effective implementation of the same.

 

2.  Purchase

 

The guidelines prescribed by Purchase Committee will be followed for purchase of new technological equipment, services or software for official purposes.

 

3.  Employee Training

 

Basic IT training and guidance will be provided on requirement basis to employees about using and maintaining their Personal Computer (PC), peripheral devices and equipment in the institution, accessing the institution network and using application software.

 

4.  IT Support

 

1.     The College will provide IT Support to its employees and students as and when required.

2.     Periodic inventory audits will be carried out to validate the inventory and make sure all assets are up-to-date and in proper working condition as required for maximum efficiency and productivity.

 

5.  Personal Computer (PC) Standards

 

1.    Objective

 

The main aim of this guideline is to maintain standard configurations of PC hardware and software purchased by the institution and provided to employees for official work. The hardware standards will help maintain optimum work productivity, computer health & security and provide timely and effective support in troubleshooting PC problems. The software standards will ensure better system administration, effective tracking of software licenses and efficient technical support.

 

2.    General Guidelines

1.     Configurations of hardware and software for PCs owned by the institution would be decided and modified at any point in time as required in consultation with IT Department, by the Purchase Committee.

2.     Only in exceptional cases, when none of the standard configurations satisfy the work requirements, can an employee request a non-standard PC configuration. Valid reasons need to be provided for the request and written approval of the Reporting Manager(s) is required for the same.

 

3.    Network Access

 

1.     All PCs being used in the institution are enabled to connect to the institution’s Local Area Network as well as the Internet.

2.     Network security is enabled in all PCs through Firewall, Web Security and Email Security software.

 

4.    Antivirus Software

a.        Anti-virus software pre-approved by the authorities should be installed in the laptop/desktop provided to a new employee after joining the institution.

b.        All employees in the institution are expected to make sure they have anti-virus software installed in their laptops/desktops (personal or official) used for office work.

c.Institution will bear responsibility for providing, installing, updating and maintaining records for anti-virus for the official computer/ laptop provided by the institution. The employee is responsible for installing good quality anti-virus software in their personal laptop/desktop used for office work.

d.        Employees are prohibited from disabling the anti-virus software on institution- provided laptops/desktops.

e.        Employees should make sure their anti-virus is regularly updated and not out of date.

 

 

6.  Internet Usage Guidelines

 

1.    Objective

 

To provide guidelines for acceptable use of the institution’s Internet network to devote Internet usage to enhance work productivity and efficiency and ensure safety and security of the Internet network, institutional data and the employees.

 

 

2.    General Guidelines

 

1.     The institution reserves the right to monitor, examine, block or delete any/all incoming or outgoing internet connections on the institution’s network.

2.     The institution has systems in place to monitor and record all Internet usage on the institution’s network including each website visit, and each email sent or received.

3.     The institution has installed an Internet Firewall to assure safety and security of the institutional network. Any employee who attempts to disable, defeat or circumvent the Firewall will be subject to strict disciplinary action.

 

 

7.  Information Security Guidelines

 

1.    Objective

 

Information security means protection of the institution’s data, applications, networks and computer systems from unauthorized access, alteration, and destruction. The guidelines help to protect data integrity based on data classification and secure the institution’s information systems.

 

 

2.    General Guidelines

 

1.         Various methods like access control, authentication, monitoring and review will be used to ensure data security in the institution.

2.        Security reviews of servers, firewalls, routers and monitoring systems will be conducted on a regular basis. These reviews should include monitoring of access logs and intrusion detection software logs.

3.         Appropriate training will be provided to data owners, data users, and network & system administrators to ensure data security.

 

3.    Access Control

 

 

1.      Access to the network, servers and systems in the institution will be achieved by individual logins and will require authentication. Authentication includes the use of passwords, biometrics or other recognized forms of authentication.

2.      All users of systems which contain high or medium risk data must have a strong password  as defined in the IT guideline.

3.      Default passwords on all systems must be changed after installation.

4.      Where possible and financially feasible, more than one person must have full rights to any institution-owned server storing or transmitting high risk and medium risk data.

 

4.    Virus Prevention

1.         Virus prevention for personal computers and email usage has been described previously.

2.        Apart from that, all servers and workstations that connect to the network must be protected with licensed anti-virus software. The software must be kept up-to-date.

3.         Whenever feasible, system/network administrators must inform users when a virus/ other vulnerability has been detected in the network or systems.

 

5.    Intrusion Detection

1.         Intrusion detection must be implemented on all servers and workstations containing high and medium risk data.

2.        Operating system and application software logging process must be enabled on all systems.

3.         Server, firewall and critical system logs must be reviewed frequently.

 

8.  Email & Chat Guidelines

 

1.    Objective

This guideline provides information about acceptable usage, ownership, confidentiality and security while using electronic messaging systems and chat platforms provided or approved by the institution. The policy applies to all electronic messages sent or received via the above-mentioned messaging systems and chat platforms by all official employees of the institution.

 

2.    General Guidelines

 

1.     The institution reserves the right to approve or disapprove which electronic messaging systems and chat platforms would be used for official purposes. It is strictly advised to use the pre-approved messaging systems and platforms for office use only.

2.     An employee who, upon joining the institution, is provided with an official email address should use it for official purposes only.

3.     Any email security breach must be notified to the authorities immediately.

4.     Upon termination, resignation or retirement from the institution, the institution will deny all access to electronic messaging platforms owned/provided by the institution.

5.     All messages composed and/or sent using the pre-approved messaging systems and platforms need to comply with the Institutions guidelines of acceptable communication.

6.     Electronic mails and messages should be sent after careful consideration since they are inadequate in conveying the mood and context of the situation or sender and might be interpreted wrongly.

7.     All email signatures must have appropriate designations of employees and must be in the format approved by the Management Committee.

 

3.    Ownership

 

1.     The official electronic messaging system used by the institution is the property of the institution and not the employee. All emails, chats and electronic messages stored, composed, sent and received by any employee or non-employee in the official electronic messaging systems are the property of the institution.

2.     The institution reserves the right to intercept, monitor, read and disclose any messages stored, composed, sent or received using the official electronic messaging systems.

3.     The institution reserves the right to alter, modify, re-route or block messages as deemed appropriate.

4.     IT Administrator can change the email system password and monitor email usage of any employee for security purposes.

 


4.    Confidentiality

 

1.     Proprietary, confidential, and sensitive information about the institution or its employees should not be exchanged via electronic messaging systems unless pre-approved by the Reporting Authority and/or the Management Committee.

2.     Caution and proper judgment should be used to decide whether to deliver a message in person, on phone or via email/electronic messaging systems.

3.     Before composing or sending any message, it should be noted that electronic messages can be used as evidence in a court of law.

4.     Unauthorized copying and distributing of copyrighted content of the institution is prohibited.

5.     As soon as the employee retires or leaves the institution he/she has to surrender the email account take data back up if need but under the supervision of the IT administrator

 

5.    Email Security

 

Safe Email Usage:

         Following precautions must be taken to maintain email security:

a.        Do not to open emails and/or attachments from unknown or suspicious sources unless anticipated by you.

b.        In case of doubts about emails/ attachments from known senders, confirm from them about the legitimacy of the email/attachment.

c.         Use Email spam filters to filter out spam emails.

 

 

6.    Inappropriate Use

1.     Official Email platforms or electronic messaging systems including but not limited to chat platforms and instant messaging systems should not be used to send messages containing pornographic, defamatory, derogatory, sexual, racist, harassing or offensive material.

2.     Official Email platforms or electronic messaging systems should not be used for personal work, personal gain or the promotion or publication of one’s religious, social or political views.

3.     Spam/ bulk/junk messages should not be forwarded or sent to anyone from the official email ID unless for an officially approved purpose.

 

 


9.  Software Usage guidelines

 

1.    Objective

The Software Usage guidelines provide appropriate installation, usage and maintenance of software products installed in institution-owned computers.

 

2.    General Guidelines

 

1.     Third-party software (free as well as purchased) required for day-to-day work will be pre- installed onto all Institution systems before handing them over to employees. A designated person in the IT Dept. can be contacted to add to/delete from the list of pre-installed software on institutional computers.

2.     No other third-party software – free or licensed can be installed onto a computer system owned or provided to an employee by the institution, without prior approval of the IT Dept.

3.     To request installation of software onto a personal computing device, an employee needs to send a written request via IT Support Email.

4.     Any software developed & copyrighted by the institution belongs to the institution. Any unauthorized use, storage, duplication, or distribution of such software is illegal and subject to strict disciplinary action.

 

3.    Compliance

1.     No employee is allowed to install pirated software on official computing systems.

2.     Software purchased by the institution or installed on institutional computer systems must be used within the terms of its license agreement.

3.     Any duplication, illegal reproduction or unauthorized creation, use and distribution of licensed software within or outside the institution is strictly prohibited. Any such act will be subject to strict disciplinary action.

4.     Any employee who notices misuse or improper use of software within the institution must inform the authorities.