Purpose
This policy outlines the security measures adopted by IASST to protect its website, digital assets, and user data from unauthorized access, misuse, and cyber threats. It ensures compliance with national cyber security standards and promotes safe digital engagement.
Scope
Applies to all users, administrators, developers, and third-party service providers interacting with the IASST website and its associated systems.
Data Protection and Privacy
- All personal data collected via the website (e.g., contact forms, recruitment portals) is encrypted during transmission using HTTPS.
- Data is stored very securely and only accessed by authorized personnel.
- No sensitive personal information is shared with third parties without explicit consent, except as required by law.
Access Control
- Administrative access to the website backend is restricted to designated IASST IT staff.
- Role-based access controls (RBAC) are enforced to limit privileges based on job responsibilities and roles.
- Multi-factor authentication (MFA) is mandatory for all administrative logins.
System Monitoring and Logging
- All access and changes to the website are logged and monitored continuously.
- Logs are retained for a minimum of 12 months and reviewed periodically for anomalies.
- Intrusion detection systems (IDS) are deployed to identify and respond to suspicious activities.
Software and Patch Management
- The website platform and associated plugins are updated regularly to mitigate known vulnerabilities.
- Security patches are applied within 48 hours of release for critical updates.
- Deprecated or unsupported software components are removed promptly.
Incident Response
- A strictly formal incident response plan is in place to address security breaches, including containment, investigation, and recovery.
- All incidents are thoroughly documented and reported to the relevant authorities in accordance with government guidelines.
- Affected users are notified promptly in case of data compromise.
Third-Party Integrations
- All third-party services (e.g., analytics, payment gateways) are vetted for security compliance before integration.
- Data sharing with the third parties is governed by strict contractual and legal safeguards.
User Responsibilities
- Users must avoid sharing login credentials or sensitive information via unsecured channels.
- Suspicious activity or vulnerabilities should be reported immediately to the IASST IT Cell via registrar@iasst.gov.in.
Compliance
- This policy aligns with the guidelines of the Ministry of Science & Technology and the Indian Computer Emergency Response Team (CERT-In).
- Regular audits are thoroughly conducted to ensure adherence to national cyber security standards.
Review and Updates
The security policy is reviewed bi-annually or upon significant changes to the website infrastructure.
Updates are communicated to stakeholders and published on the IASST website.




