Information Security Policy
Content
NOVATIUM SOLUTIONS (P) LTD. TYPE OF DOCUMENT TITLE DATE OF PRINTOUT FILED UNDER Human Resources Policies & Procedure Manual Information Security Policy August 1, 2008 Page 1 of 5 C:\Users\George\Documents\Novatium MyD\HR-Policies\Information Security Policy.DOC
LOCATIONS AUTHOR/ SIGNATURE APPROVED BY DATE OF ESTABLISHMENT VERSION/ EFFECTIVE DATE REVISION/REVIEWING FREQUENCY NEXT REVIEW / BY WHOM
Novatium Solutions (P) Ltd., Chennai HR – Head/ VP - CIM CEO August 2008 Version 1 / Effective August 2008 Annually August 2009 / VP - CIM & Head – HR
Introduction
Novatium is a product & solution development Company focusing on thin client, network computing, and security solutions. Therefore systems and Internet form part of the daily routine of the employees. This policy aims to define the DO's and DONT's for each employee while working on the premises of the company or while being connected to any utility of the company. Every employee of Novatium Solution Private Limited is expected to be aware of and follow the guidelines mentioned in this document. If they have any doubt regarding any of the points mentioned in this document, they should get it clarified from the Tech Ops/ CIM department. Any violation of the policies may lead to severe disciplinary action.
Overview
This company provides access to the vast information resources of the Internet to help you do your job faster and smarter, and be a well-informed business citizen. The facilities to provide that access represent a considerable commitment of company resources for telecommunications, networking, software, storage, etc. This Internet usage policy is designed to help you understand our expectations for the use of those resources in the particular conditions of the Internet, and to help you use those resources wisely. While we have set forth explicit requirements for Internet usage below, we would like to start by describing our Internet usage policy. First and foremost, the Internet for this company is a business tool, provided to you at significant cost. That means we expect you to use your Internet access [primarily] for business-related purposes, i.e., to communicate with customers and partners, to research relevant topics and obtain useful business information [except as outlined below]. We insist that you conduct yourself honestly and appropriately on the Internet, and respect the copyrights, software licensing rules, property rights, privacy and prerogatives of others. To be absolutely clear on this point, all existing company policies apply to your conduct on the Internet, especially (but not exclusively) those that deal with intellectual property protection, privacy, misuse of company resources, sexual harassment, information and data security, and confidentiality. Unnecessary or unauthorized Internet usage causes network and server congestion. It slows other users, takes away from work time, consumes supplies, and ties up printers and other shared resources. Unlawful Internet usage may also garner negative publicity for the company and expose the firm to significant legal liabilities.
“Novatium Confidential” Hard Copies Are Uncontrolled Unless With Signature & Stamp.
NOVATIUM SOLUTIONS (P) LTD. TYPE OF DOCUMENT TITLE DATE OF PRINTOUT FILED UNDER Human Resources Policies & Procedure Manual Information Security Policy August 1, 2008 Page 2 of 5 C:\Users\George\Documents\Novatium MyD\HR-Policies\Information Security Policy.DOC
While our direct connection to the Internet offers vast information of potential benefits, it can also open the door to some significant risks to our data and systems if we do not follow appropriate security discipline. As presented in greater detail below, that may mean preventing machines with sensitive data or applications from connecting to the Internet entirely, or it may mean that certain users must be prevented from using certain Internet features like file transfers. The overriding principle is that security is to be everyone's first concern. An Internet user can be held accountable for any breaches of security or confidentiality.
Systems Management, Internet Usage:
1. The company has software and systems in place that can record all Internet usage.
Our security systems are capable of recording (for each and every user) each World Wide Web site visit, each Jabber chat, news groups or email message, and each file transfer into and out of our internal networks, and we reserve the right to do so at any time. Our managers could review Internet activity and analyze usage patterns, and they may choose to publicize this data to assure that company Internet resources are devoted to maintaining the highest levels of productivity. We reserve the right to inspect any and all files stored in private areas of our network in order to assure compliance with policy.
2. Any software or files downloaded via the Internet into the company network become
the property of the company. Any such files or software may be used only in ways that are consistent with their licenses or copyrights.
3. No employee should use company facilities knowingly to download or distribute
pirated software or data.
4. No employee should use the company's Internet facilities to deliberately propagate
any virus, worm, or any other code with malicious intent.
5. Employees may use their Internet facilities for common browsing or information
search during mealtime or other breaks, or outside of work hours, provided that all other usage policies are adhered to.
6. Employees with Internet access may download only software with direct business
use, and must arrange to have such software properly licensed and registered. Downloaded software must be used only under the terms of its license.
7. Employees with Internet access should not use company Internet facilities to
download entertainment software or games, or to play games against opponents over the Internet.
8. Internet may used for reading newspapers or magazines in leisure time. 9. All software used to access the Internet shall be configured to use the firewall http
proxy.
10. Port scanning or security scanning is expressly prohibited, if project work demands
for such test, it should be informed to systems and networking department with all details of the work.
“Novatium Confidential” Hard Copies Are Uncontrolled Unless With Signature & Stamp.
NOVATIUM SOLUTIONS (P) LTD. TYPE OF DOCUMENT TITLE DATE OF PRINTOUT FILED UNDER Human Resources Policies & Procedure Manual Information Security Policy August 1, 2008 Page 3 of 5 C:\Users\George\Documents\Novatium MyD\HR-Policies\Information Security Policy.DOC
11. The following are strictly prohibited and violation of the same would attract
disciplinary action
a) Making fraudulent offers of products, items, or services originating from any
Novatium Solution Group account.
b) Effecting security breaches or disruptions of network communication.
Security breaches include, but are not limited to, accessing data of which the employee is not an intended recipient or logging into a server or account that the employee is not expressly authorized to access, unless these duties are within the scope of regular duties. For purposes of this section, "disruption" includes, but is not limited to, network sniffing, pinged floods, packet spoofing, denial of service, and forged routing information for malicious purposes.
c) Executing any form of network monitoring which will intercept data not
intended for the employee's host, unless this activity is a part of the employee's normal job.
d) Circumventing user authentication or security of any host, network or
account.
e) Interfering with or denying service to any user other than the employee's
host (for example, denial of service attack)
f) Using any program/script/command, or sending messages of any kind, with
the intent to interfere with, or disable, a user's terminal session, via any means, locally or via the Internet/Intranet/Extranet.
Official Email Usage:
1. Evolution is the company's preferred email client, and all employees provided with
@novatium.com accounts are expected to use this software for accessing their mails.
2. Always add descriptive subjects for emails. It is a good practice to add the name of
the project or the issue being discussed in the mail.
3. Harassment, whether through language, frequency, or size of messages, is
prohibited.
4. Employees may not forward or otherwise propagate chain letters / pyramid letters,
whether or not the recipient wishes to receive such mailings.
5. Malicious email, including but not limited to "mailbombing" (flooding a user or site
with very large or numerous pieces of email) and "trolling" (posting outrageous messages to generate numerous responses) is prohibited.
6. Forging of header or any other information is not permitted.
“Novatium Confidential” Hard Copies Are Uncontrolled Unless With Signature & Stamp.
NOVATIUM SOLUTIONS (P) LTD. TYPE OF DOCUMENT TITLE DATE OF PRINTOUT FILED UNDER Human Resources Policies & Procedure Manual Information Security Policy August 1, 2008 Page 4 of 5 C:\Users\George\Documents\Novatium MyD\HR-Policies\Information Security Policy.DOC
7. Employees are advised not to send email attachments that are more than 1MB of
size [For any exception for individual for any official purpose, it has to be granted by reporting managers].
8. Emails that contain pornographic, racist, politically incorrect content are forbidden. 9. No employee may access or attempt to access electronic mail sent to another
employee, without the permission of that user, except when necessary as part of that person's duties in respect of the operation of the electronic mail system.
10. Sending unsolicited email messages, including the sending of "junk mail" or other
advertising material to individuals who did not specifically request such material (email spam).
User Accounts, Passwords, Privacy Security:
1. Associates must use only those server accounts that have been authorized for their
use.
2. Choose a password that would be hard to guess. 3. Associate should share his iFolder, gforge, [Desktop], Server Authentication, etc to
his manager.
4. Employees must identify their computing work with their own names so that
responsibility for the work can be determined and Employees can be contacted in unusual situations.
5. Employees must use their computer accounts only for the purposes for which they
are authorized.
6. Employees must not attempt to modify system facilities by any means. 7. Employees must not attempt to subvert the restrictions associated with their
computer accounts.
8. Employees are responsible for the usage of their computing server accounts. They
should maintain secure passwords for systems that support them and take precautions against others obtaining access to their computer resources. Each user is responsible for all transactions made under the authorization of his or her system account.
9. Revealing username(s) / password(s) to colleagues through email, phone is strictly
prohibited.
Thin client / Desktop / Software Usage:
1. No employee should install / un-install any software without the knowledge of the
Facilities Senior Associates or higher authority.
“Novatium Confidential” Hard Copies Are Uncontrolled Unless With Signature & Stamp.
NOVATIUM SOLUTIONS (P) LTD. TYPE OF DOCUMENT TITLE DATE OF PRINTOUT FILED UNDER Human Resources Policies & Procedure Manual Information Security Policy August 1, 2008 Page 5 of 5 C:\Users\George\Documents\Novatium MyD\HR-Policies\Information Security Policy.DOC
2. All use of software provided by Novatium Solution and all use of computer and
license agreements, this policy statement, and applicable laws govern telecommunications equipment. Employees agree to comply with all such restrictions.
3. Inform Systems Dept. immediately if you think that your workstation may have a
virus.
4. Compact Discs and other media should not be brought in to the Company by any
individual, the same would be procured by the company and they should be checked for viruses by Systems Dept. before use.
5. USB Sticks & external Hard discs are strictly prohibited with the exception of the
ones being used in projects. These should be duly authorised by the Functional Head & the Tech – Ops team and be duly marked and endorsed in the Assets register.
6. Protect equipment from theft and keep it away from food and drinks. It is suggested
that food and drinks not be brought to workstations.
7. Anyone having Laptop is susceptible to spot checking from system department for
inspection.
8. Employee's user login, development-PC will be audited periodically 9. Logins to, and use of the Company's network are monitored and audited 10. Power off the thin client and/or computer when it is required to be.
Note: No Storage device (USB Sticks/Hard drives/ CD/ DVD) is to move out of the Company premises without the written approval of HR – Head/ CFO/ COO. Violation of the same would amount to Data being stolen and would attract severe disciplinary action.
Company Data Confidentiality:
Novatium Solution core data generation comes for software production, all code; documents created by developers are the sole property of Novatium Solution. Revealing source code / documents to outsiders through email or any other means is strictly prohibited. Document covers just about any kind of file that can be read on a computer screen as if it were a printed page, including the so-called HTML files read in an Internet browser, any file meant to be accessed by a word processing or desk-top publishing program or its viewer, or the files prepared for the Adobe Acrobat reader and other electronic publishing tools. Hard copies of source code / documents shall not be taken out of the premises without written consent. If any code or specification has to be sent to an employee of Novatium Solution's client, verify with the management, if it is appropriate.
“Novatium Confidential” Hard Copies Are Uncontrolled Unless With Signature & Stamp.
LOCATIONS AUTHOR/ SIGNATURE APPROVED BY DATE OF ESTABLISHMENT VERSION/ EFFECTIVE DATE REVISION/REVIEWING FREQUENCY NEXT REVIEW / BY WHOM
Novatium Solutions (P) Ltd., Chennai HR – Head/ VP - CIM CEO August 2008 Version 1 / Effective August 2008 Annually August 2009 / VP - CIM & Head – HR
Introduction
Novatium is a product & solution development Company focusing on thin client, network computing, and security solutions. Therefore systems and Internet form part of the daily routine of the employees. This policy aims to define the DO's and DONT's for each employee while working on the premises of the company or while being connected to any utility of the company. Every employee of Novatium Solution Private Limited is expected to be aware of and follow the guidelines mentioned in this document. If they have any doubt regarding any of the points mentioned in this document, they should get it clarified from the Tech Ops/ CIM department. Any violation of the policies may lead to severe disciplinary action.
Overview
This company provides access to the vast information resources of the Internet to help you do your job faster and smarter, and be a well-informed business citizen. The facilities to provide that access represent a considerable commitment of company resources for telecommunications, networking, software, storage, etc. This Internet usage policy is designed to help you understand our expectations for the use of those resources in the particular conditions of the Internet, and to help you use those resources wisely. While we have set forth explicit requirements for Internet usage below, we would like to start by describing our Internet usage policy. First and foremost, the Internet for this company is a business tool, provided to you at significant cost. That means we expect you to use your Internet access [primarily] for business-related purposes, i.e., to communicate with customers and partners, to research relevant topics and obtain useful business information [except as outlined below]. We insist that you conduct yourself honestly and appropriately on the Internet, and respect the copyrights, software licensing rules, property rights, privacy and prerogatives of others. To be absolutely clear on this point, all existing company policies apply to your conduct on the Internet, especially (but not exclusively) those that deal with intellectual property protection, privacy, misuse of company resources, sexual harassment, information and data security, and confidentiality. Unnecessary or unauthorized Internet usage causes network and server congestion. It slows other users, takes away from work time, consumes supplies, and ties up printers and other shared resources. Unlawful Internet usage may also garner negative publicity for the company and expose the firm to significant legal liabilities.
“Novatium Confidential” Hard Copies Are Uncontrolled Unless With Signature & Stamp.
NOVATIUM SOLUTIONS (P) LTD. TYPE OF DOCUMENT TITLE DATE OF PRINTOUT FILED UNDER Human Resources Policies & Procedure Manual Information Security Policy August 1, 2008 Page 2 of 5 C:\Users\George\Documents\Novatium MyD\HR-Policies\Information Security Policy.DOC
While our direct connection to the Internet offers vast information of potential benefits, it can also open the door to some significant risks to our data and systems if we do not follow appropriate security discipline. As presented in greater detail below, that may mean preventing machines with sensitive data or applications from connecting to the Internet entirely, or it may mean that certain users must be prevented from using certain Internet features like file transfers. The overriding principle is that security is to be everyone's first concern. An Internet user can be held accountable for any breaches of security or confidentiality.
Systems Management, Internet Usage:
1. The company has software and systems in place that can record all Internet usage.
Our security systems are capable of recording (for each and every user) each World Wide Web site visit, each Jabber chat, news groups or email message, and each file transfer into and out of our internal networks, and we reserve the right to do so at any time. Our managers could review Internet activity and analyze usage patterns, and they may choose to publicize this data to assure that company Internet resources are devoted to maintaining the highest levels of productivity. We reserve the right to inspect any and all files stored in private areas of our network in order to assure compliance with policy.
2. Any software or files downloaded via the Internet into the company network become
the property of the company. Any such files or software may be used only in ways that are consistent with their licenses or copyrights.
3. No employee should use company facilities knowingly to download or distribute
pirated software or data.
4. No employee should use the company's Internet facilities to deliberately propagate
any virus, worm, or any other code with malicious intent.
5. Employees may use their Internet facilities for common browsing or information
search during mealtime or other breaks, or outside of work hours, provided that all other usage policies are adhered to.
6. Employees with Internet access may download only software with direct business
use, and must arrange to have such software properly licensed and registered. Downloaded software must be used only under the terms of its license.
7. Employees with Internet access should not use company Internet facilities to
download entertainment software or games, or to play games against opponents over the Internet.
8. Internet may used for reading newspapers or magazines in leisure time. 9. All software used to access the Internet shall be configured to use the firewall http
proxy.
10. Port scanning or security scanning is expressly prohibited, if project work demands
for such test, it should be informed to systems and networking department with all details of the work.
“Novatium Confidential” Hard Copies Are Uncontrolled Unless With Signature & Stamp.
NOVATIUM SOLUTIONS (P) LTD. TYPE OF DOCUMENT TITLE DATE OF PRINTOUT FILED UNDER Human Resources Policies & Procedure Manual Information Security Policy August 1, 2008 Page 3 of 5 C:\Users\George\Documents\Novatium MyD\HR-Policies\Information Security Policy.DOC
11. The following are strictly prohibited and violation of the same would attract
disciplinary action
a) Making fraudulent offers of products, items, or services originating from any
Novatium Solution Group account.
b) Effecting security breaches or disruptions of network communication.
Security breaches include, but are not limited to, accessing data of which the employee is not an intended recipient or logging into a server or account that the employee is not expressly authorized to access, unless these duties are within the scope of regular duties. For purposes of this section, "disruption" includes, but is not limited to, network sniffing, pinged floods, packet spoofing, denial of service, and forged routing information for malicious purposes.
c) Executing any form of network monitoring which will intercept data not
intended for the employee's host, unless this activity is a part of the employee's normal job.
d) Circumventing user authentication or security of any host, network or
account.
e) Interfering with or denying service to any user other than the employee's
host (for example, denial of service attack)
f) Using any program/script/command, or sending messages of any kind, with
the intent to interfere with, or disable, a user's terminal session, via any means, locally or via the Internet/Intranet/Extranet.
Official Email Usage:
1. Evolution is the company's preferred email client, and all employees provided with
@novatium.com accounts are expected to use this software for accessing their mails.
2. Always add descriptive subjects for emails. It is a good practice to add the name of
the project or the issue being discussed in the mail.
3. Harassment, whether through language, frequency, or size of messages, is
prohibited.
4. Employees may not forward or otherwise propagate chain letters / pyramid letters,
whether or not the recipient wishes to receive such mailings.
5. Malicious email, including but not limited to "mailbombing" (flooding a user or site
with very large or numerous pieces of email) and "trolling" (posting outrageous messages to generate numerous responses) is prohibited.
6. Forging of header or any other information is not permitted.
“Novatium Confidential” Hard Copies Are Uncontrolled Unless With Signature & Stamp.
NOVATIUM SOLUTIONS (P) LTD. TYPE OF DOCUMENT TITLE DATE OF PRINTOUT FILED UNDER Human Resources Policies & Procedure Manual Information Security Policy August 1, 2008 Page 4 of 5 C:\Users\George\Documents\Novatium MyD\HR-Policies\Information Security Policy.DOC
7. Employees are advised not to send email attachments that are more than 1MB of
size [For any exception for individual for any official purpose, it has to be granted by reporting managers].
8. Emails that contain pornographic, racist, politically incorrect content are forbidden. 9. No employee may access or attempt to access electronic mail sent to another
employee, without the permission of that user, except when necessary as part of that person's duties in respect of the operation of the electronic mail system.
10. Sending unsolicited email messages, including the sending of "junk mail" or other
advertising material to individuals who did not specifically request such material (email spam).
User Accounts, Passwords, Privacy Security:
1. Associates must use only those server accounts that have been authorized for their
use.
2. Choose a password that would be hard to guess. 3. Associate should share his iFolder, gforge, [Desktop], Server Authentication, etc to
his manager.
4. Employees must identify their computing work with their own names so that
responsibility for the work can be determined and Employees can be contacted in unusual situations.
5. Employees must use their computer accounts only for the purposes for which they
are authorized.
6. Employees must not attempt to modify system facilities by any means. 7. Employees must not attempt to subvert the restrictions associated with their
computer accounts.
8. Employees are responsible for the usage of their computing server accounts. They
should maintain secure passwords for systems that support them and take precautions against others obtaining access to their computer resources. Each user is responsible for all transactions made under the authorization of his or her system account.
9. Revealing username(s) / password(s) to colleagues through email, phone is strictly
prohibited.
Thin client / Desktop / Software Usage:
1. No employee should install / un-install any software without the knowledge of the
Facilities Senior Associates or higher authority.
“Novatium Confidential” Hard Copies Are Uncontrolled Unless With Signature & Stamp.
NOVATIUM SOLUTIONS (P) LTD. TYPE OF DOCUMENT TITLE DATE OF PRINTOUT FILED UNDER Human Resources Policies & Procedure Manual Information Security Policy August 1, 2008 Page 5 of 5 C:\Users\George\Documents\Novatium MyD\HR-Policies\Information Security Policy.DOC
2. All use of software provided by Novatium Solution and all use of computer and
license agreements, this policy statement, and applicable laws govern telecommunications equipment. Employees agree to comply with all such restrictions.
3. Inform Systems Dept. immediately if you think that your workstation may have a
virus.
4. Compact Discs and other media should not be brought in to the Company by any
individual, the same would be procured by the company and they should be checked for viruses by Systems Dept. before use.
5. USB Sticks & external Hard discs are strictly prohibited with the exception of the
ones being used in projects. These should be duly authorised by the Functional Head & the Tech – Ops team and be duly marked and endorsed in the Assets register.
6. Protect equipment from theft and keep it away from food and drinks. It is suggested
that food and drinks not be brought to workstations.
7. Anyone having Laptop is susceptible to spot checking from system department for
inspection.
8. Employee's user login, development-PC will be audited periodically 9. Logins to, and use of the Company's network are monitored and audited 10. Power off the thin client and/or computer when it is required to be.
Note: No Storage device (USB Sticks/Hard drives/ CD/ DVD) is to move out of the Company premises without the written approval of HR – Head/ CFO/ COO. Violation of the same would amount to Data being stolen and would attract severe disciplinary action.
Company Data Confidentiality:
Novatium Solution core data generation comes for software production, all code; documents created by developers are the sole property of Novatium Solution. Revealing source code / documents to outsiders through email or any other means is strictly prohibited. Document covers just about any kind of file that can be read on a computer screen as if it were a printed page, including the so-called HTML files read in an Internet browser, any file meant to be accessed by a word processing or desk-top publishing program or its viewer, or the files prepared for the Adobe Acrobat reader and other electronic publishing tools. Hard copies of source code / documents shall not be taken out of the premises without written consent. If any code or specification has to be sent to an employee of Novatium Solution's client, verify with the management, if it is appropriate.
“Novatium Confidential” Hard Copies Are Uncontrolled Unless With Signature & Stamp.
