NLC - IT Policy 21.5.2015

Recommendations

Info

Draft IT Policy - NLC Ltd, Neyveli Page 2 Preface • One of the challenges facing organizations like NLC today is enabling employees to work productively while also ensuring the security of the IT network and, crucially, the data on it. Given that technology is continually changing, employees play a significant role in IT security. This policy provides a framework for users to follow when accessing IT systems and the data on them. • The IT policy of various, Indian State /Central Governments / organisations and the leading IT companies and the discussions held with the various unit level computer Department personals are taken as guidelines for the policy formulation. • The Summary of the IT policy is indicated below with the detailed policy guidelines in the subsequent pages. E Mail Policy: The purpose of this policy is to ensure the proper use of NLC email system and make users aware of what the Company deems as acceptable and unacceptable use of its email system. Some of the salient points are: • All email accounts maintained on our email systems are property of Company • Company considers email as an important means of communication and the importance of proper email content and speedy replies in conveying a professional image and delivering good customer service • Although Company’s email system is meant for business use, Company allows the reasonable use of email for personal use if certain guidelines. • It is strictly prohibited to send or forward emails containing defamatory, offensive, racist or obscene remarks. • Notwithstanding anything in the above clause, NLC for this purpose can, under exceptional circumstances request the implementing Department or e-mails / logs and correspondences in connection with matters relating to national security or abuse incidents or violations of other policies • Individuals are responsible for e-mails saved in their folders as they deem appropriate for e.g. Inbox, Sent Mail, any other folder created by the user. Internet /Intranet Usage: The internet/Intranet is a powerful tool that can bring significant benefits to NLC .However, it’s important every person at the company who uses the internet/Intranet understands how to use it responsibly, safely and legally.This internet/Intranet use policy: • Reduces the online security risks faced by NLC • Lets staff know what they can and can’t do online • Ensures employees do not view inappropriate content at work • Helps the company satisfy its legal obligations regarding internet/Intranet use
Draft IT Policy - NLC Ltd, Neyveli Page 3 Data protection policy ensures NLC: NLC needs to gather and use certain information about individuals. These can be customers, suppliers, business contacts, employees and other people the organisation has a relationship with or may need to contact. This policy describes how this personal data must be collected, handled and stored to meet the company’s data protection standards — and to comply with the law. • Complies with data protection and follow good practice • Protects the rights of staff, customers and partners • Is open about how it stores and processes individuals’ data • Protects itself from the risks of a data breach Website Privacy Policy: This website privacy policy describes how NLC protects and makes use of the information you give the company when you use the website of NLC.If you are asked to provide information when using this website, it will only be used in the ways described in this privacy policy. • NLC will always hold information securely. • To prevent unauthorised disclosure or access of information, NLC have implemented strong physical and electronic security safeguards. • NLC also follow stringent procedures to ensure NLC work with all personal data in line with the Data Protection Policy. Password Policy: The purpose of this policy is to establish a standard for creation of strong passwords, the protection of those passwords, and the frequency of change of the passwords. The scope of this policy includes all end-users and personnel who have or are responsible for an account (or any form of access that supports or requires a password) on any system/service in the NLC domain. These include personnel with their designated desktop systems. The scope also includes designers and developers of individual applications. Remote Access Policy: The purpose of this policy is to define standards for connecting to NLC's network from any host. These standards are designed to minimize the potential exposure to NLC from damages which may result from unauthorized use of NLC resources. Damages include the loss of sensitive or company confidential data, intellectual property, damage to public image, damage to critical NLC internal systems, etc. Analog / ISDN Line Security Policy This explains NLC analog and ISDN line acceptable use and approval policies and procedures. This policy covers two distinct uses of analog / ISDN lines: lines that are to be connected for the sole purpose of fax sending and receiving, and lines that are to be connected to computers. Risk Assessment Policy To empower Information Security Team to perform periodic information security risk assessments (RAs) for the purpose of determining areas of vulnerability, and to initiate appropriate remediation.Risk assessments can be conducted on any entity within NLC or any outside entity that has signed a Third Party Agreement with NLC. RAs can be conducted on any information system, to include applications, servers, and networks, and any process or procedure by which these systems are administered and/or maintained.
Page 1: INFORMATION TECHNOLOGY POLICY NEYVE
Page 5 and 6: Draft IT Policy - NLC Ltd, Neyveli
Page 53 and 54:
Draft IT Policy - NLC Ltd, Neyveli
Page 55 and 56:
Page 57 and 58:
Page 59 and 60:
Page 61 and 62:
Page 63 and 64:
Page 65 and 66:
Page 67 and 68:
Page 69 and 70:
show all

NLC - IT Policy 21.5.2015

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?