Government of India Policy on Information Technology (IT)
Government provides IT resources to its employees to enhance their efficiency and productivity. These resources are meant as tools to access and process information related to their areas of work. These resources help Government officials to remain well informed and carry out their functions in an efficient and effective manner.
This policy governs the usage of IT Resources from an end user’s perspective. This policy is applicable to all employees of GoI and employees of those State/UT Governments that use the IT Resources of GoI and also those State/UT Governments that choose to adopt this policy in future.
The objective of this policy is to ensure proper access to and usage of Government’s IT resources and prevent their misuse by the users. Use of resources provided by Government of India implies the user’s agreement to be governed by this policy.
Access to Internet and Intranet
A user shall register the client system and obtain one time approval from the competent authority before connecting the client system to the Government network.
It is strongly recommended that sensitive offices shall maintain two independent networks, i.e. Internet and Intranet. Both the networks shall not have any physical connection/devices between them. Users in such deployments shall have two access devices, i.e. desktops. One shall be connected to the internet and the other to the intranet. End point compliance shall be implemented on both the networks to prevent unauthorized access to data.
Filtering and blocking of sites
IA (Implementing agency) may block content over the Internet which is in contravention of the relevant provisions of the IT Act 2000 and other applicable laws or which may pose a security threat to the network.
IA may also block content which, in the opinion of the organization concerned, is inappropriate or may adversely affect the productivity of the users.
Monitoring and Privacy
IA/Nodal Agency, for security related reasons or for compliance with applicable laws, may access, review, copy or delete any kind of electronic communication or files stored on Government provided devices under intimation to the user. This includes items such as files, e-mails, and Internet history etc.
Use of IT Devices Issued by Government of India
IT devices issued by the Government to a user shall be primarily used for Government related purposes and in a lawful and ethical way and shall be governed by the practices defined in the document “Guidelines for Use of IT Devices on Government Network” available at http://www.deity.gov.in/content/policiesguidelines/ under the caption “Policy on Use of IT Resources”. The aforesaid document covers best practices related to use of desktop devices, portable devices, external storage media and peripherals devices such as printers and scanners.
Material accessible through the IA’s network and resources may be subject to protection under privacy, publicity, or other personal rights and intellectual property rights, including but not limited to, copyrights and laws protecting patents, trademarks, trade secrets or other proprietary information. Users shall not use the Government network and resources in any manner that would infringe, dilute, misappropriate, or otherwise violate any such rights.
Security Incident Management Process
A security incident is defined as any adverse event that can impact the availability, integrity, confidentiality and authority of Government data. IA reserves the right to deactivate/remove any device from the network if it is deemed as a threat and can lead to a compromise of a system under intimation to the competent authority of that organization.
All user organizations shall implement appropriate controls to ensure compliance with this policy by their users. Implementing Agency shall provide necessary support in this regard.
A periodic reporting mechanism to ensure the compliance of this policy shall be established by the competent authority of the organization. Nodal Officer of the user organization shall ensure resolution of all incidents related to the security aspects of this policy by their users. Implementing Agency shall provide the requisite support in this regard.
Competent Authority of the user organization shall ensure that training and awareness programs on use of IT resources are organized at regular intervals. Implementing Agency shall provide the required support in this regard.
This policy is applicable to all employees of Central and State Governments as specified in clause 2 of this document. It is mandatory for all users to adhere to the provisions of this policy.
Each organization shall be responsible for ensuring compliance with the provisions of this policy. The Implementing Agency would provide necessary technical assistance to the organizations in this regard.
In case of any threat to security of the Government systems or network from the resources being used by a user, the resources being used may be deactivated immediately by the IA.
Subsequent to such deactivation, the concerned user and the competent authority of that organization shall be informed.
Audit of NIC Network Infrastructure
The security audit of NIC network infrastructure shall be conducted periodically by an organization approved by Deity.