English | Hindi

Department of Science and Technology
Agharkar Research Institute
ARI-MACS

Security Policy

Agharkar Research Institute.

1. Purpose

The purpose of this Security Policy is to establish a comprehensive framework for protecting the physical, digital, and intellectual assets of Agharkar Research Institute. This policy outlines the principles, responsibilities, and procedures necessary to prevent unauthorized access, data breaches, theft, and damage to institutional resources.

2. Scope

This policy applies to:

  • All employees, researchers, students, contractors, and visitors.
  • All institutional facilities, networks, systems, and devices.

3. Security Objectives

  • Ensure the confidentiality, integrity, and availability of data and systems.
  • Protect personnel, research assets, and infrastructure from physical and cyber threats.
  • Ensure compliance with legal, regulatory, and funding agency requirements.
  • Promote a culture of security awareness and responsibility across the institute.
4. Physical Security

4.1. Facility Access Control

  • Access to sensitive areas (e.g., research labs, server rooms) is restricted to authorized personnel.
  • Use of ID cards, biometrics, or PINs for entry where applicable.
4.2. Surveillance and Monitoring
  • CCTV systems in key areas are monitored by security personnel.
  • Regular patrols and inspections of facilities by security staff.
4.3. Asset Protection
  • Research equipment and institutional assets must be tagged and inventoried.
  • Portable devices must be stored securely when not in use.
5. Information Security
5.1. User Access Control
  • All users must have unique credentials and appropriate access rights.
  • Access rights are reviewed periodically and revoked promptly upon role changes or departure.
  • Multi-factor authentication (MFA) is required for access to critical systems.
5.2. Data Protection
  • Research data and personal information must be stored securely and encrypted where appropriate.
  • Data backups are performed regularly and stored in secure, off-site/cloud locations.
  • Sensitive data must not be stored on unsecured personal devices or public cloud platforms without approval.
5.3. Network Security
  • Firewalls, intrusion detection/prevention systems, and antivirus software must be in place and updated regularly.
  • Wi-Fi networks are segregated (e.g., public vs. internal use) and protected with strong encryption.
  • Regular vulnerability scans and penetration testing are conducted.
5.4. Software and System Security
  • Only authorized software may be installed on institute devices.
  • Operating systems and software must be regularly updated and patched.

Endpoint protection tools are mandatory on all workstations and servers.

6. Data Protection and Storage

  • All research data must be stored on approved servers or secure cloud environments.

  • Backups are performed regularly and stored offsite.

  • Encryption is mandatory for portable devices and sensitive data in transit.

7. Incident Response

  • Any suspected security incident (e.g., data breach, malware) must be reported immediately to the IT Security Team via [contact method].

  • The institute maintains an Incident Response Plan to handle and mitigate breaches.

8. User Responsibilities

  • Users must not share passwords or allow unauthorized access.

  • Personal devices connected to institute systems must comply with security requirements.

  • Phishing awareness and regular cybersecurity training are mandatory.

9. Compliance

  • Non-compliance with this policy may result in disciplinary action, loss of access privileges, or legal consequences.

  • This policy is subject to review annually or in response to significant security events.