Menu
1. PURPOSE :
The purpose of this policy is to ensure that information technology (IT) systems and disaster recovery and response (DRR) processes are in place to maintain business continuity, confidentiality, integrity, and availability of information assets.
2. SCOPE :
This policy applies to all IT resources, including hardware, software, networks, and data, and all employees, contractors, consultants, and others who use these resources on behalf of the society.
3. ROLES AND RESPONSIBILITIES :
The IT department is responsible for maintaining and updating the IT systems and for ensuring that appropriate security measures are in place. The DRR team is responsible for developing, implementing, and testing disaster recovery plans.
All employees are responsible for complying with this policy and for reporting any suspected security incidents or vulnerabilities to the IT department.
4. IT SECURITY :
4.1 Access Controls :
Access to the society's IT resources should be restricted to authorized personnel. User accounts should be created with the principle of least privilege, and strong passwords should be enforced.
4.2 Information Security:
Information security policies should be implemented to protect the confidentiality, integrity, and availability of the society's data. This includes regular backups, encryption, and access controls.
4.3 Network Security:
Network security policies should be implemented to protect against unauthorized access and data breaches. This includes firewalls, intrusion detection systems, and regular network scans.
4.4 Email Security:
Employees should follow best practices for email security, including not opening suspicious emails or attachments, using strong passwords, and avoiding using personal email for work purposes.
4.5 Social Media and Other Activities:
Employees should use social media and other online activities responsibly and in accordance with the society's code of conduct. Employees should avoid sharing confidential information and should not engage in activities that could harm the society's reputation.
5. DISASTER RECOVERY AND RESPONSE (DRR) :
5.1.Business Continuity Plan:
The society should have a business continuity plan that outlines procedures for responding to disasters and ensuring business continuity. The plan should be reviewed and tested regularly.
5.2.Backup and Recovery :
Regular backups should be performed to ensure that critical data is not lost in the event of a disaster. The backups should be stored securely offsite.
5.3.Incident Response Plan :
The society should have an incident response plan that outlines procedures for responding to security incidents. The plan should be reviewed and tested regularly.
5.4.Emergency Response Plan :
The society should have an emergency response plan that outlines procedures for responding to emergencies, such as natural disasters or pandemics. The plan should be reviewed and tested regularly.
6. COMPLIANCE :
The society should comply with all applicable laws and regulations related to IT security and disaster recovery and response, including but not limited to the Information Technology Act, 2000, and the Disaster Management Act, 2005.
7. TRAINING :
All employees should receive regular training on IT security and disaster recovery and response policies and procedures.
8. MONITORING AND REVIEW:
The IT department should regularly monitor the IT systems for vulnerabilities and threats and should conduct regular security assessments. The DRR team should regularly review and test disaster recovery plans. This policy should be reviewed and updated regularly to ensure its effectiveness and relevance.
