Security Policy

Agharkar Research Institute.

1. Purpose

The purpose of this Security Policy is to establish a comprehensive framework for protecting the physical, digital, and intellectual assets of Agharkar Research Institute. This policy outlines the principles, responsibilities, and procedures necessary to prevent unauthorized access, data breaches, theft, and damage to institutional resources.

2.Scope

This policy applies to:

• All employees, researchers, students, contractors, and visitors.
• All institutional facilities, networks, systems, and devices.

All forms of data, including research, administrative, personal, and proprietary information

3.Security Objectives

• Ensure the confidentiality, integrity, and availability of data and systems.
• Protect personnel, research assets, and infrastructure from physical and cyber threats.
• Ensure compliance with legal, regulatory, and funding agency requirements.
• Promote a culture of security awareness and responsibility across the institute.

4.Physical Security

4.1 Facility Access Control

• Access to sensitive areas (e.g., research labs, server rooms) is restricted to authorized personnel.
• Use of ID cards, biometrics, or PINs for entry where applicable.
• Visitors must be registered, escorted, and issued temporary access badges.

4.2 Surveillance and Monitoring

• CCTV systems in key areas monitored by security personnel.
• Regular patrols and inspection of facilities by security staff.

4.3 Asset Protection

• Research equipment and institutional assets must be tagged and inventoried.
• Portable devices must be stored securely when not in use.

5.Information Security5.nfoIrmation Security

5.1 User Access Control

• All users must have unique credentials and appropriate access rights.
• Access rights are reviewed periodically and revoked promptly upon role changes or departure.
• Multi-factor authentication (MFA) is required for access to critical systems.

5.2 Data Protection

• Research data and personal information must be stored securely and encrypted where appropriate.
• Data backups are performed regularly and stored in secure, offsite/cloud locations.
• Sensitive data must not be stored on unsecured personal devices or public cloud platforms without approval.

5.3 Network Security

• Firewalls, intrusion detection/prevention systems, and antivirus software must be in place and updated regularly.
• Wi-Fi networks are segregated (e.g., public vs. internal use) and protected with strong encryption.
• Regular vulnerability scans and penetration testing are conducted.

5.4 Software and System Security

• Only authorized software may be installed on institute devices.
• Operating systems and software must be regularly updated and patched.

Endpoint protection tools are mandatory on all workstations and servers.

6.Cybersecurity Awareness and Training

• Mandatory annual cybersecurity training for all staff, students, and researchers.
• Regular awareness campaigns on phishing, password hygiene, and data handling.
• Specialized training for IT staff and those handling sensitive data or systems.

7.Incident Reporting and Response

• All security incidents (physical or digital) must be reported immediately to the Security Officer or IT Department.
• A formal Incident Response Plan is in place to manage and mitigate threats.
• Breach notifications will be handled in accordance with applicable laws and institutional protocols.

8.Compliance and Legal Requirements

The institute complies with:

• Local and national data protection laws (e.g., GDPR, HIPAA where applicable).
• Research funder security policies (e.g., NIH, NSF, EU Horizon).
•  Institutional policies on ethics, intellectual property, and privacy.

Institutional policies on ethics, intellectual property, and privacy.

9.Policy Enforcement

Violations of this policy may result in disciplinary action, including suspension of access, formal investigation, and potential legal consequences.

10.Review and Updates

This policy is reviewed annually or after a major incident or change in regulatory requirements. Revisions are approved by the Institute’s Executive Leadership or Security Committee.

11.Roles and Responsibilities