Uttar Pradesh State Institute of Forensic Science, Lucknow, India

Facebook-f Twitter Youtube
RTI
Skip to main content
A+
A-
UPSIFS Logo

Uttar Pradesh State Institute of Forensic Science, Lucknow, India

Affiliated with NFSU, Gandhinagar & Approved by AICTE & BCI, Government of India

Menu

Security Policy for UP State Institute of Forensic Science, Lucknow Website

Effective Date: [26/11/24]

Overview

The UP State Institute of Forensic Science, Lucknow is committed to ensuring the security and integrity of information on our official website, [https://upsifs.ac.in/], in accordance with the Government of India’s Guidelines for Indian Government Websites (GIGW). This Security Policy outlines the measures taken to protect user data, ensure the integrity of the website, and adhere to the best practices in security, privacy, and compliance.

1. Security Objectives

Our security objectives are to:

  • Protect sensitive and personal data collected through the website.
  • Safeguard the website infrastructure and digital assets from cyber threats.
  • Ensure that our users’ information is protected and processed in compliance with applicable Indian laws and international standards.
  • Comply with the GIGW Guidelines for maintaining a secure and reliable website.

2. Website Security Measures

The following technical and organizational measures are implemented to protect the website and its users:

a. Encryption and Data Protection

  • Secure Communication: We ensure all sensitive data exchanged between the user’s browser and our website is protected using SSL/TLS encryption. All pages that handle sensitive or personal data (such as login forms, contact forms, and application submissions) are encrypted to prevent unauthorized access.
  • Data Storage: Personal data and sensitive information are stored in encrypted databases. Access to such data is strictly controlled and logged to prevent unauthorized access.

b. Authentication and Access Control

  • Multi-Factor Authentication (MFA): For administrative and backend access to the website, Multi-Factor Authentication (MFA) is implemented, requiring users to provide additional verification (e.g., OTP, biometrics) to gain access.
  • Role-Based Access Control (RBAC): Different levels of access are granted based on the user’s role (e.g., general public, staff, administrators), ensuring users can only access information relevant to their role.
  • Strong Password Policies: Passwords used for accessing administrative portals or systems are required to meet strong criteria (length, complexity, and periodic changes).

c. Firewall, Intrusion Detection, and Protection

  • Firewalls: Our systems are protected by advanced firewalls that prevent unauthorized access and monitor incoming traffic for potential security threats.
  • Intrusion Detection and Prevention Systems (IDPS): We deploy IDPS to continuously monitor for any signs of malicious activity, including attempted breaches, and respond in real-time to minimize risks.
  • Regular Security Audits: Security audits are conducted periodically to identify vulnerabilities and ensure compliance with government standards, including GIGW and cybersecurity guidelines.

 

3. Compliance with GIGW (Guidelines for Indian Government Websites)

Our website strictly adheres to the GIGW standards, which include a variety of security and accessibility protocols:

  • Data Security: The website complies with data protection laws in India, including the IT Act, 2000, and relevant provisions of the Indian Penal Code regarding cybercrime and data theft.
  • Secure Coding Practices: The website’s codebase is developed following secure coding guidelines to avoid vulnerabilities such as SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF).
  • Web Content Accessibility Guidelines (WCAG): The website follows WCAG 2.0 guidelines to ensure that it is accessible to people with disabilities, which includes providing proper security for assistive technologies used by such individuals.

4. Incident Response and Reporting

In the event of a security incident or breach, the following measures are taken:

  • Incident Detection: Continuous monitoring is in place to detect and respond to security incidents such as hacking attempts, data breaches, and other suspicious activities.
  • Incident Response Plan: We have an incident response plan that includes identifying, containing, mitigating, and recovering from security breaches. The plan also covers notification procedures for affected users and authorities, as per applicable regulations.
  • Reporting to Authorities: Any significant data breach or security incident will be reported to the Indian Computer Emergency Response Team (CERT-In) and other relevant authorities promptly, as required by law.

5. User Responsibilities

To help maintain the security of the website, users are expected to:

  • Use Strong Passwords: Users should choose strong passwords and avoid using easily guessable combinations.
  • Report Suspicious Activity: Users should immediately report any suspicious or unauthorized activity observed on the website to the Institute’s IT support team.
  • Logout from Shared Devices: Users should ensure that they log out from their accounts when using shared or public devices.

6.Security Training and Awarenesss

We conduct regular security training for the Institute’s staff, administrators, and website managers to promote awareness of security risks, secure handling of sensitive information, and adherence to policies and regulations.

7. Compliance with Legal and Regulatory Requirements

The UP State Institute of Forensic Science, Lucknow Website complies with the following legal and regulatory frameworks:

  • Information Technology Act, 2000: Ensuring compliance with cyber security and data protection laws under Indian jurisdiction.
  • Personal Data Protection Bill: We align our security practices with emerging laws regarding the protection of personal data in India.
  • GIGW Guidelines: We follow the GIGW standards for website security, accessibility, and data protection.
  • National Cyber security Policy: Our website is aligned with the National Cyber security Policy of India, ensuring national standards for cyber security are followed.

8. Updates to the Security Policy

This Security Policy may be updated periodically to reflect changes in regulatory requirements, security best practices, or technical advancements. Any changes will be communicated through the website and the updated version will be effective immediately upon posting.

9. Contact Information

If you have any questions regarding this policy, or if you wish to report any security issues, please contact the IT Department at:

Website: https://upsifs.ac.in/

Contact- +91-78390-01310

Email- upsifsup@gmail.com

Address- Uttar Pradesh State Institute of Forensic Science Aurawan, P.O. Banthra, Lucknow- 226401 (U.P)

Additional Considerations for GIGW Compliance:

  • Web Analytics: If the website uses any analytics tools, ensure that they are compliant with data privacy regulations and that user data is anonymized.
  • Cookie Policy: If your website uses cookies, ensure that the cookies are listed, and users are informed of their use (especially for tracking cookies). Implement a cookie consent banner as per GIGW and data privacy laws.
  • Continuous Monitoring: Consider using tools like Google Safe Browsing and OWASP ZAP to continuously monitor and detect vulnerabilities on the site.
Scroll to Top