IT Policy

INFORMATION TECHNOLOGY INFRASTRUCTURE USAGE POLICY

Introduction

Students, Teaching and Non – Teaching Staff, Management and visiting Guests and Research Fellowship Members of SGTU availing computing, networking, and IT facilities are expected to abide by the following rules, which are intended to preserve the utility and flexibility of the system and protect the privacy and work of students and faculty.

General Rules

  • Students, Teaching and Non – Teaching Staff, Management and visiting Guests and Research Fellowship Members are authorized to use the computing, networking, and other IT facilities for academic purposes, official university business, and for personal purposes as long as such use does not violate any law or any university policy
  • The University prohibits its users from gaining or enabling unauthorized access to forbidden IT resource on the University network. Any such attempt will not only be the violation of University Policy but may also violate national and international cyber laws, provisions under The Information Technology Act of India and infringe the principals of National Cyber Security Policy, and subject the user to both civil and criminal liability. However, the University reserves all the rights to access and analyze the IT resource and Information for any legal and/ or institutionally provisioned operation, on its own or through its affiliates
  • The University prohibits its users from sending, viewing or downloading fraudulent, harassing, obscene (i.e., pornographic), threatening, or other messages or material that are a violation of applicable law or University policy. Therefore, user’s inhibitive discretion is solicited where category of certain content could be doubtful e.g. when such content is received through e-Mail etc. As a generalized policy, any contribution towards the destruction or distortion of congenial academic or work environment is prohibited.
  • Users must not violate various IPR and copyright law(s), and licensing policies as associated with copyrighted materials and software. Any unlawful file- sharing, use of any form of illegal or pirated or un-licensed software, on the University’s IT resources (including individually owned IT resource being used under Institutional IT privileges) is strictly prohibited and any such act shall constitute a violation of the University policy.
  • University also recommends its students, faculty and office staff, to use Open Source Operating Systems (OS) and Processing Software (PS) such as Ubuntu/ CentOS or other and Libra Office/ OpenOffice/ WPS Office, respectively. Further, users of the computers sponsored directly or indirectly by SGTU should migrate on the recommended OS & PS as their primary software and should generate expertise on it. In case of technical limitation in such adaptation, relaxation may be requested from competent authority on valid grounds
  • By agreeing to abide by the terms of use of various online media forums, the users are expected to adhere with the norms as prescribed by respective social networking websites, mailing lists, chat rooms, blogs, Unless a user has proper authorization, no user should attempt to gain access to information and disclose the same to self or other unauthorized users. The broader concept of data privacy must be honored by each user.
  • No user should attempt to vandalize, damage or change any data inappropriately, whether by accident or deliberately. The basic notion of trustworthiness of information resources must be preserved by all of its users. Any interference, disruption or encroachment in the University IT resources shall be a clear violation of the University policy.
  • No user should attempt to affect the availability of IT resource, whether accidently or deliberately
  • As a part of certain investigation procedures, the University may be required to provide its IT information, resource and/ or records, in parts or full, to third parties. Also, for proper monitoring and optimal utilization of University IT resources, the University may review, analyse and audit its information records, without any prior notice to its Users. Further, the University may also seek services from third-party service providers. Accordingly, the users can only have reasonable expectation of privacy on the University’s IT resources.
  • Users are expected to take proper care of equipment, and are expected to report any malfunction to the staff on duty or to the in-charge of the facility. Users should not attempt to move, repair, reconfigure, modify, or attach external devices to the systems.
  • No food or drink is permitted in the laboratories. Also making noise either through games/music/movies or talking and/ or singing loudly (the list is not exhaustive) is prohibited.
  • Violations of policy will be treated as academic misconduct, misdemeanor, or indiscipline as appropriate. Depending upon the nature of the violation, the University authorities may take an action.
  • The policy may change as and when it is considered appropriate and new policies or the changes in policy will take effect immediately after a brief announcement by any means, e-mail, printed notices, or through the news groups.

Website Policy

The Website Policy outlines guidelines for the acceptable use, management, and security of the University's official website(s). This policy applies to all University departments, faculty, staff, students, and external collaborators involved in creating, updating, and maintaining University web content.

Authorized Use

  • Only authorized personnel, including webmasters, IT staff, and department heads, may upload, update, or modify content on the official University website(s). Unauthorized access or changes to the website are strictly prohibited and may lead to disciplinary actions.
  • The website content should reflect University values and uphold academic standards. Inappropriate content, including offensive language, unverified information, or any material that could damage the University’s reputation, is prohibited.

Content Management

  • Content must be kept current, accurate, and relevant. Each department is responsible for periodically reviewing and updating their respective sections.
  • Sensitive data, including personal information, should be handled in compliance with privacy policies and should only be displayed if necessary and authorized.

Security and Compliance

  • The website must comply with security best practices, including regular vulnerability assessments and updates to prevent unauthorized access, data breaches, or malware infiltration.
  • The University will enforce regular monitoring and may conduct audits of website content and security practices to ensure adherence to this policy.

External Links and Third-party Content

  • External links must be verified and relevant to the academic and professional mission of the University. The University does not endorse external sites unless explicitly stated.
  • All third-party content must comply with copyright regulations and University standards.

Accessibility

  • The website should strive to be accessible to all, following established guidelines such as WCAG (Web Content Accessibility Guidelines) to accommodate users with disabilities.

Asset Policy

The Asset Policy governs the acquisition, usage, maintenance, and disposal of physical and digital assets owned by the University. This policy applies to all faculty, staff, and students utilizing University assets, including computing equipment, software, and IT infrastructure.

Asset Acquisition and Registration

  • All IT and electronic assets must be approved and registered with the University's IT Department upon acquisition. This includes computers, mobile devices, networking equipment, and software licenses.
  • Only licensed and University-approved software may be installed on University-owned assets.

Usage and Maintenance

  • University assets are to be used solely for educational, research, and official purposes. Any unauthorized personal use or modification of these assets without explicit permission is prohibited.
  • Users are responsible for the upkeep of assets assigned to them. Malfunctions or damages should be promptly reported to the IT or relevant facilities team.

Security and Asset Protection

  • Users must take appropriate measures to secure and protect University assets, including adhering to physical security guidelines and reporting any loss or theft immediately.
  • Passwords and access credentials associated with University assets must be kept secure, and users should comply with cybersecurity policies to prevent unauthorized access.

Disposal of Assets

  • When assets reach the end of their lifecycle, they must be disposed of in a secure and environmentally responsible manner, as outlined by the University’s disposal procedures.
  • Sensitive data must be erased or rendered irretrievable before asset disposal, following data sanitization standards.

Violation of Asset Policy

  • Misuse, theft, or damage of University assets may result in disciplinary actions, financial liability for repairs or replacements, or criminal charges depending on the severity of the violation.

University IT Policy for Website Use

Purpose and Scope

  • This IT Policy outlines the acceptable use, security standards, and responsibilities of students, staff, and parents in accessing and interacting with the university’s website.
  • The policy applies to all users, including students, faculty, staff, parents, and authorized third parties who engage with or contribute content to the university website.

Website Access and User Roles

  • Student Access : Students may access the university website for information on courses, grades, announcements, and other resources. They must follow security protocols to protect personal information.
  • Staff Access : Staff members are granted access based on their job role. Specific roles such as content managers and IT support staff are responsible for content updates, security, and maintenance.
  • Parent Access : Parents may access specific sections of the website (such as admission and academic information) and are encouraged to follow secure browsing practices.
  • Third-Party Access : Any external contractors or vendors with website access must sign confidentiality agreements and follow university security standards.

Content Management and Approval Process

  • Content Accuracy and Updates : All content on the website must be current, accurate, and aligned with the university’s values and objectives. Staff responsible for content must regularly review it for relevance and accuracy.
  • Approval Protocols : Content updates must go through an approval process before publication. Only authorized staff can make changes, ensuring compliance with internal guidelines.
  • Privacy of Student and Staff Data : No personal data (e.g., student or staff records) should be shared publicly on the website unless consent is obtained and security measures are in place.

Cybersecurity Guidelines

    User Authentication and Access Control

    • Password Security : All users accessing the website's internal or sensitive areas must use strong passwords, with regular updates encouraged. Staff should follow university guidelines for password complexity and renewal.
    • Multi-Factor Authentication (MFA) : For access to sensitive areas or administrative functions, MFA should be enabled where possible.
    • Session Management : Users should log out after each session, especially when using shared or public computers.

Website Security Measures

  • Encryption : Sensitive data transmitted via the website must be encrypted using HTTPS and SSL/TLS protocols.
  • Security Audits and Vulnerability Assessments : Regular security audits, including vulnerability scans, must be performed to identify and mitigate potential threats.
  • Firewalls and Intrusion Detection : Network firewalls and intrusion detection/prevention systems should protect against unauthorized access and potential cyber-attacks.

Data Privacy and Protection

  • Personal Data Security : Any data collected from students, staff, or parents must comply with data privacy laws (e.g., GDPR, CCPA) and be stored securely.
  • Data Access Restrictions : Only authorized personnel should access sensitive information. Measures like data encryption, regular access reviews, and monitoring should be enforced.
  • Incident Response : In the event of a data breach, the IT Department must follow a defined incident response plan, including notifying affected parties and regulatory bodies as required.

Anti-Phishing and Malware Protection

  • User Awareness Training : Staff, students, and parents should be educated on recognizing phishing emails and avoiding malicious websites.
  • Regular Malware Scanning : The IT Department should ensure regular scanning and removal of malware from servers and user devices, particularly those accessing sensitive areas of the website.
  • Browser Security : Encourage users to keep their browsers and devices updated with the latest security patches and avoid using outdated or unsupported browsers.

Acceptable Use Policy

For Students : Students should use the website responsibly and refrain from engaging in activities that compromise the website’s security or other users’ privacy. Misuse, such as attempting to access unauthorized sections, may lead to disciplinary action.

For Staff : Staff members must use the website strictly for university-related activities and follow guidelines to maintain confidentiality, especially when dealing with sensitive information.

For Parents : Parents are encouraged to access public areas only, to avoid sharing personal login credentials, and to respect the privacy of student information.

Prohibited Activities :

  • Unauthorized access to restricted sections.
  • Downloading, uploading, or sharing harmful content.
  • Attempting to bypass security measures.
  • Misusing or tampering with any data or website functionality.

Accessibility and Compliance

  • Web Accessibility Standards : The university website must comply with the Web Content Accessibility Guidelines (WCAG) to ensure content is accessible to users with disabilities.
  • Regulatory Compliance : The website must meet legal standards such as data privacy (GDPR, CCPA) and intellectual property laws. All digital resources, such as images and text, must have appropriate licensing and attribution.

Monitoring, Analytics and Privacy

  • Analytics Collection : Data collected through website analytics should focus solely on website performance and user experience improvement. Personal data should not be collected or analyzed without explicit consent.
  • Usage Monitoring : The university reserves the right to monitor website activity to maintain security and performance, while respecting user privacy.
  • Data Retention : All personal data should be stored only as long as necessary and in accordance with data privacy regulations.

Backup and Disaster Recovery

  • Data Backups : Regular backups of all website data, including databases and media, must be conducted. Backups should be stored securely and tested periodically for data integrity.
  • Disaster Recovery : A disaster recovery plan must be in place to restore website services in the event of a technical failure or data breach. The plan should include recovery time objectives and regular testing.

Reporting and Addressing Issues

  • User Responsibility : Users (students, staff, parents) are encouraged to report any suspicious activity, security issues, or inappropriate content on the website.
  • Contact Points : Users should contact the IT Department directly through provided channels for support, inquiries, or reporting incidents.
  • Response Protocol : Reported issues should be addressed promptly, with IT support available to assess and mitigate potential security threats.

Policy Review and Updates

  • Regular Review : This policy must be reviewed annually to incorporate technological advancements, regulatory changes, and feedback from the university community.
  • Amendments : Updates to the policy should be communicated to all users, with training provided if significant changes impact their interactions with the website.

Note : This draft policy of Sikkim Global Technical University (SGTU) is subject to change in line with regulatory updates, institutional needs, and evolving best practices in education. SGTU remains dedicated to aligning with University Grants Commission (UGC) standards and Sikkim State guidelines to foster a supportive, inclusive, and academically excellent environment. Policy updates will be shared promptly, ensuring all stakeholders are informed and aligned with SGTU’s commitment to innovation, ethics, and growth.