IT Infra Policy

IT Policy: Use of IT Resources

Government provides IT resources to its employees to enhance their efficiency and productivity. These resources are meant as tools to access and process information related to their area of work. These resources help Government officials to remain well informed and carry out their function in an effective and efficient manner.

Every organization that uses computers, email, the internet, and software for office work and business use should have Information Technology (IT) policies in place. It is important for employees to know what is expected and required from them when using the technology provided by their employer (i.e. the department).It is very critical for an organization to protect itself by having policies to govern areas such as personal internet and email usage, social networking mediums, security, software and hardware inventory, etc.

Without written policies, there would be no standard guidelines available, that Pune Municipal Corporation (PMC) can refer to when any issue arises w.r.t improper usage of IT Resources. IT Policy protects the department and ensures uniform standards, when it comes to acceptable use of Technology at work-place (office), security of the hardware, software and office data, compliance to IT standards and delivery of helpdesk services to users.

IT Usage Policy for PMC has been formulated in accordance with best-practices followed by large-size organizations while keeping in mind the nature of business for government departmental work.

The term ‘IT Resources’ includes desktop devices, portable and mobile devices, networks including wireless networks, Internet connectivity, external storage devices and peripherals like printers and scanners and the software associated in addition to that.

It is mandatory for all employee, vendors, suppliers, contractors, users of PMC IT resources, who have been provided with IT resources (computer, internet, email, etc.), to follow and comply with this IT Policy.
 

Scope:

This policy governs the usage of IT resources from end user perspective. This policy applies to all employees of PMC and employees of other vendors, suppliers, contractors that use the IT Resources of PMC.
 

Objective

The objective of this policy is to ensure proper access to and usage of Government’s IT resources and prevent their misuse by the users. Use of resources provided by PMC implies the user's agreement to be governed by this policy.

Data Centre and Disaster Recovery

  • Augmentation of the existing servers and storage to cater future needs

  • Estimate future storage and computing needs to the most optimum level and procure accordingly

  • Infrastructure consolidation and revamp

  • Creation of a DR & BCP implementation plan

  • Necessary support to the infrastructure setup in the DC and DR

Client Infrastructure

  • Provide latest configuration desktop, printers, scanners, etc. for remaining 30% cases where old hardware is being used

  • Procurement of IT infrastructure with min. Three years maintenance provided

  • Ensure proper maintenance of the existing client infrastructure through AMCs (if not existing)

  • Client asset management

  • Bandwidth augmentation to better cater peak loads

  • Check feasibility of MPLS or broadband connectivity

  • Ensure appropriate LAN setup in the office (structured cabling)

  • Undertake a network planning exercise to gauge the current bottlenecks and future needs

Network Connectivity

  • Eliminate old servers and OS

  • Procurement of required database and OS licenses

  • Application rationalization along with IT infrastructure usage by these applications

  • Software license management

IT Policies

  • Password Policy: Passwords are an important aspect of computer security. They are the front line of protection ensuring logical access controls on applications, devices, security devices, laptops and desktops. A poorly chosen password may result in the compromise of PMC network. As such, all PMC users (including third party personnel having access to PMC information systems) are responsible for taking the appropriate precautions/ steps, as outlined below, to select and secure their passwords.
     

  • Email Policy: Enterprise email system is an important communication service provided to the Organization users for carrying out day to day business related tasks. Mail Systems that are not protected from internal and external threats such as SPAM, Virus, etc. due to inadequate protection, can lead to system outage and performance issues and could bring down the entire mail system. Also, improper use of email by users can lead to unauthorized information disclosure and could bring the Organization to disrepute.
     

  • Laptop security policy

Internet access policy: Protecting the network infrastructure against threats originating from external and internal networks is of prime importance to an organization. Absence of proper access control protection can lead to attacks that include unauthorized access from the Internet; spread of virus, worms, malware, etc. Traffic can be sniffed in transit on the network that can lead to unauthorized access to critical and sensitive information.

The purpose of this policy is to ensure authorized and secure access to the PMC network
internally and from external networks, provide adequate redundancy for critical IT assets
and establish effective management of the network infrastructure.

 

  • Security Log and Event Management: The purpose of this standard is to establish Security Log / Event Management as an integral part of the Facility Management service (FMS) at PMC. Its implementation is mandatory to enhance the Incident Management, Security Alert Monitoring and Compliance related capabilities at PMC.
     

  • Antivirus policy: All servers, desktops, laptops and network access points of the Organization must be protected against malicious code using enterprise level Anti-Virus solutions. The solution suite must ensure early detection, efficient containment and eradication of malicious code.
     

  • Change Management: Unauthorized changes and unstructured implementation of information assets can lead to system downtime and cause denial of service to users who need access to the system. Major or minor changes to any information asset should be carried out such that proper analysis is done, approvals are taken prior to implementation and the entire process is documented and maintained post implementation. The purpose of this policy is to establish an effective process to manage changes to all information assets of Organization.