Process

Owner

Information Security Policy

Systems Admin

Approved By
Page

Rajnish Kumar
1 of 3

Information Security Policy

Objective: To ensure information protection by use of adequate protection mechanisms
Scope: Systems Access, Virus/Firewall Protection
Participants: IDSS, Sys Admin
Process/Procedure:
Computer accounts, passwords, and other types of authorization that are
assigned to individual users should not be shared with others.
Passwords need to be Changed on a Quarterly Basis
Login Access to SWING needs to be reviewed on a quarterly basis
Login access of employees who have left the organization needs to
be deleted
The user should assign an obscure account password and change it
frequently.

Users are responsible for selecting quality passwords with a minimum of 6

characters that are:

easy to remember;

not based on anything someone else could easily guess or obtain

using person related information, e.g. logon ID, email address,
names, telephone numbers, and dates of birth, etc.;

diverse: a combination of non-repeating numbers and letters;

different from the passwords used to access personal accounts on

the Public Internet.
Users are responsible for keeping their passwords confidential.

The computer user should be aware of computer viruses and other

destructive computer programs, and take steps to avoid being a victim or
unwitting distributor of these processes.
Virus Definitions have to be updated on a fortnightly basis on
every system
Systems Virus Scanning has to be done once every month. . Using
the virus scanning software tools installed on the computer, users
MUST scan files and software downloaded from the Internet or
from any external source, regardless of its origin. Users must scan

Confidential

Page 1

10/31/2015

Process
Owner

Information Security Policy

Systems Admin

Approved By
Page

Rajnish Kumar
2 of 3

ALL removable media if it has been used any place other than their
own workstation.
A user that suspects that his/her workstation has been infected by a
computer virus must IMMEDIATELY POWER OFF the computer
and notify their Network Administrator or designated contact
person to coordinate virus removal operations.

Users should not leave diskettes in the computer when not needed.
A PC can become infected from a diskette left accidentally in a PC
if the PC reboots due to an error or the power goes off
momentarily. The PC will attempt to boot from the diskette in the
drive. This can immediately infect the hard disk if a boot sector
virus is present on the diskette, even if the boot process is not
successful.
Systems Scandisk has to be run once every month on every PC
Database Systems Integrity Checks have to be run daily, first thing in the
morning
Login IDs to SWING with Date of Creation, User Name, Function, Role
needs to be created, published & reviewed on a monthly basis.

Responsibilities of the Distributor

The Distributor along with the Systems Admin is responsible for providing central
system and network security and for taking reasonable steps to protect central
systems and networks and the information stored thereon from excessive or
inappropriate use, damage, or destruction. These responsibilities include:
Instructing, encouraging, and, for critical systems, forcing users to select
reasonably secure passwords and to change them periodically;
Implementing measures to protect systems from hacking, invasion,
viruses, Trojan horses, and similar threats, and maintaining these measures
at a reasonably current level;
Installing Anti-virus packages with UP-TO-DATE Virus definitions
Removing any viruses or other malicious software that may be found on
central systems;
Monitoring use of systems and networks for traffic volume, log activity, or
other symptoms of excessive or unauthorized use;
Promptly taking appropriate measures to halt unauthorized or
inappropriate use including, if necessary, imposing appropriate resource
allocations or restrictions;
Performing regular backups(as per backup policy) of centrally-stored
information and maintaining these backups for a reasonable length of
time;
Periodically removing selected backups to a safe off-site location;
Periodically ensuring systems safety using mechanisms like:
Scandisk
Disk Defragmentation

Confidential

Page 2

10/31/2015

Process
Owner

Information Security Policy

Systems Admin

Confidential

Approved By
Page

Rajnish Kumar
3 of 3

Installation of Firewall Package on every PC having an internet

connection
Installation of Updated Anti-virus Package with latest Virus
Definitions (Virus scanning software MUST be installed, updated,
and used regularly on servers, workstations, portable computers
(and any other computers being used to connect to the network
remotely))

Page 3

10/31/2015