Department of Science and Technology
Agharkar Research Institute
AGHARKAR RESEARCH INSTITUTE

Security Policy

1. Purpose

This policy outlines the security requirements and protocols to protect the data, infrastructure, and intellectual property of [Institute Name]. It ensures the confidentiality, integrity, and availability of research information and institutional resources.

2. Scope

This policy applies to all staff, researchers, students, visiting scholars, contractors, and any third parties who have access to the institute’s IT systems or data.

3. Information Classification

  • Public: Freely available information (e.g., published papers).

  • Internal: Non-sensitive operational data (e.g., internal memos).

  • Confidential: Sensitive research data, grant proposals, and personal information.

  • Restricted: High-security research data, classified projects, and legal documents.

4. Access Control

  • Users are granted access based on the principle of least privilege.

  • Access to confidential or restricted data must be authorized by the project lead or department head.

5. Network and System Security

  • Firewalls, antivirus, and intrusion detection systems (IDS) are in place and actively maintained.

  • All software and operating systems must be updated with the latest security patches.

  • Remote access to institute systems must use a secure VPN connection.

6. Data Protection and Storage

  • All research data must be stored on approved servers or secure cloud environments.

  • Backups are performed regularly and stored offsite.

  • Encryption is mandatory for portable devices and sensitive data in transit.

7. Incident Response

  • Any suspected security incident (e.g., data breach, malware) must be reported immediately to the IT Security Team via [contact method].

  • The institute maintains an Incident Response Plan to handle and mitigate breaches.

8. User Responsibilities

  • Users must not share passwords or allow unauthorized access.

  • Personal devices connected to institute systems must comply with security requirements.

  • Phishing awareness and regular cybersecurity training are mandatory.

9. Compliance

  • Non-compliance with this policy may result in disciplinary action, loss of access privileges, or legal consequences.

  • This policy is subject to review annually or in response to significant security events.

Skip to content