The purpose of this IT Policy is to outline the proper use, management, and protection of Arown Academy's information technology resources. This policy aims to ensure that IT resources are used efficiently, securely, and in compliance with applicable laws and regulations, including the Information Technology Act, 2000, and its relevant sections.
This policy applies to all employees, contractors, and third-party service providers who have access to the Academy’s IT systems and data.
Section 43: Prohibits unauthorized access, downloading, or introducing malicious software. Violations attract penalties.
Section 43A: Requires implementation of reasonable security practices when handling sensitive personal data; non-compliance may result in compensation claims.
Section 65: Tampering with electronic records is punishable with up to 3 years’ imprisonment or a fine of up to ₹2 lakhs, or both.
Section 66: Offenses under Section 43 with dishonest intent are punishable with up to 3 years’ imprisonment, a ₹5 lakh fine, or both.
Section 66A: Sending offensive or menacing communication is a punishable offense.
Section 66B: Dishonestly receiving stolen computer resources is punishable by up to 3 years' imprisonment, ₹1 lakh fine, or both.
Section 66C: Identity theft is punishable by up to 3 years’ imprisonment, ₹1 lakh fine, or both.
Section 66D: Cheating by personation via computer is punishable by up to 3 years’ imprisonment, ₹1 lakh fine, or both.
Section 66E: Violating privacy through unauthorized image capture or transmission is punishable by up to 3 years’ imprisonment, ₹2 lakhs fine, or both.
Section 66F: Cyber terrorism is punishable by life imprisonment.
Section 67: Transmission of obscene content in electronic form is punishable by up to 5 years’ imprisonment and ₹10 lakhs fine.
Sections 67A & 67B: Transmission of sexually explicit material, especially involving children, is punishable by up to 7 years’ imprisonment and ₹10 lakhs fine.
Section 67C: Failure to retain electronic records is punishable by up to 3 years’ imprisonment and a fine.
Authorized Use: IT resources must be used strictly for work-related purposes. Personal use should be minimal and must not interfere with productivity or operations.
Prohibited Activities: Usage of IT systems for illegal activities, accessing inappropriate content, or harming the institution’s reputation or IT infrastructure is strictly prohibited.
Access Controls: Access is role-based. Users must create and maintain strong passwords and change them regularly.
Data Protection: Sensitive data must be encrypted and stored securely. Breaches must be reported immediately.
Device Security: All devices must have updated antivirus software and the latest security patches.
Network Access: Access to networks requires secure authentication. Unauthorized access is prohibited.
System Maintenance: IT systems are to be regularly maintained with updates and security patches to ensure efficiency and safety.
Reporting Procedures: All security breaches or suspicious activities must be reported to the IT Department immediately.
Response Plan: The IT team will investigate and take necessary measures to resolve incidents and prevent recurrence.
Legal Requirements: All users must adhere to the IT Act 2000 and relevant data protection laws.
Policy Review: This policy will be reviewed and updated periodically for relevance and compliance.
Employees: Must understand and comply with this policy. Any doubts should be clarified with the IT department.
IT Department: Responsible for enforcing the policy and providing necessary support and training.
Violations may result in:
Disciplinary actions (e.g., warnings, suspension, termination)
Legal consequences under applicable IT laws
All employees must sign an acknowledgment form confirming that they have read, understood, and agreed to comply with this policy.
Effective Date: ______________________
Acknowledged By (Name & Signature): ______________________
Date: ______________________