E-gov Asset Handling and Labelling Guidelines

Transcription

1 Asset Handling Labeling guidelines for e-governance Draft DEPARTMENT OF ELECTRONICS AND INFORMATION TECHNOLOGY Ministry of Communication and Information Technology, Government of India.

2 Document Control S/L Type of Information Document Data 1. Document Title 2. Document Code 3. Date of Release 4. Next Review Date 5. Document Revision Number 6. Document Owner 7. Document Author(s) 8. Document Reference Document Approval Sr. No. Document Approver Approver Designation Approver ID Document Change History Version Revision Date Nature of Change Date of Approval No. For Internal Use Only Page 2 of 11

3 Table of Contents 1. INTRODUCTION SCOPE PURPOSE INFORMATION ASSETS PAPER HANDLING GUIDELINES ELECTRONIC DOCUMENT HANDLING GUIDELINES ELECTRONIC INFORMATION PHYSICAL ASSETS PEOPLE ASSETS REVIEW AND UPDATE REFERENCES INTRODUCTION For Internal Use Only Page 3 of 11

4 Proper handling and labelling of information assets in e-gov service delivery is extremely important and therefore, it becomes essential to define and follow Asset Handling and Labelling guidelines to ensure that organisation s information assets are provided adequate level of protection at all levels. These guidelines define the following: Assigning a unique Asset ID to each asset by which it can be identified. Identifying the asset owners and custodians; Appropriately classifying and reclassifying the information asset. 2. SCOPE This guideline is applicable to all kinds of assets identified for e-gov service delivery. 3. PURPOSE The objective of this document is to provide general guidelines for protecting and labelling all information assets in e-gov service delivery environment. For Internal Use Only Page 4 of 11

5 4. INFORMATION ASSETS 4.1 PAPER HANDLING GUIDELINES Usage Restricted Confidential Internal Public Labelling Numbering Mailing Marked as Restricted on bottom of each page. carry name of owner Date of creation and/ or last updation mentioned on All pages ensure that no page is missing mailed. Marked as Confidential on bottom of each page. carry name of owner/author Date of creation and/ or last updation mentioned on All pages ensure that no page is missing Mailing allowed as per owner; No classification marking on external envelope; Confidential marking on cover sheet; Receiver should May be marked as Internal on bottom of each page. carry name of author/owner. Date of creation and/ or last updation should be mentioned on All pages ensure that no page is missing Mailing allowed as per owner; Inter-office mailing of documents is permitted May be marked as Public on First page of document Document should carry name of dept/group Date of creation and/ or last updation mentioned on All pages ensure that no page is missing Mailing allowed as per owner; Interoffice mails are permitted For Internal Use Only Page 5 of 11

6 Usage Restricted Confidential Internal Public Printing and Duplication Guidelines Storage and Read Access printed without Owner. Information Owner should ensure that printed pages are being attended by authorised person done as per Media Procedure Locked when not in use and Master copy secured against destruction Owner should establish access rules. available to e-gov users without prior authorisation. provide the confirmation of receipt of information to information owner printed without Owner. Information Owner should ensure that printed pages are being attended by authorised person done as per Media Procedure Master copy should be secured against destruction available to e-gov users without prior authorisation. printed without Owner.Information Owner should ensure that printed pages are being attended by authorised person done as per Media Procedure Master copy secured against destruction Widely available to all users within the system only. requirements done as per Media Procedure Master copy secured against destruction Widely available to all users within the system only. For Internal Use Only Page 6 of 11

7 4.2 ELECTRONIC DOCUMENT HANDLING GUIDELINES Usage Restricted Confidential Internal Public Labelling Numbering Mailing Marked as Restricted on top of each page carry name of owner Disclaimer / warning Date of creation and/ or last updation mentioned on All pages ensure that no page is missing e- mailed. Marked as Confidential on top of each page carry name of owner Disclaimer / warning Date of creation and/ or last updation mentioned on All pages should be ensure that no page is missing ing allowed as per permission of owner; Confidential marking on cover sheet; Receiver should provide the confirmation of receipt of information to information owner May be marked as Internal on top of each page Document should carry name of dept/group Disclaimer / warning Date of creation and/ or last updation mentioned on All pages ensure that no page is missing ing allowed as per owner; Inter-office e- mailing of documents is permitted May be marked as Public on First page of document Document should carry name of dept/group Disclaimer / warning Date of creation and/ or last updation mentioned on All pages ensure that no page is missing ing allowed as per owner; Interoffice mails permitted are For Internal Use Only Page 7 of 11

8 Usage Restricted Confidential Internal Public Printing and Duplication Guidelines Storage and Read Access printed without Owner. Information Owner should ensure that printed pages are being attended by authorised person done as per Media Procedure Documents should be backed up and stored in a storage media under lock. be password protected and uneditable. Owner should establish access rules on the Should not be available to e-gov users without prior authorisation. printed without Owner. Information Owner should ensure that printed pages are being attended by authorised person done as per Media Procedure Documents should be backed up and stored in a storage media under lock. be password protected and uneditable. available to e-gov users without prior authorisation. printed without Owner. Information Owner should ensure that printed pages are being attended by authorised person done as per Media Procedure Documents backed up and stored in a storage media under lock. Document uneditable. Widely available to all users within the system only. requirements done as per Media Procedure Documents backed up and stored in a storage media under lock. Document uneditable. For Internal Use Only Page 8 of 11

9 4.3 ELECTRONIC INFORMATION Usage Restricted Confidential Internal Public FAX Internal External By Voice Mail FAX. Receipt confirmation required. Encryption Recommended e- mailed Not to be sent by voice mail FAX. Receipt confirmation required. Encryption Recommended e- mailed. Not to be sent by voice mail FAX, until authorised by information owner. Receipt confirmation required. Encryption optional e- mailed, until authorised by information owner. Not to be sent by voice mail requirements requirement requirement requirement For Internal Use Only Page 9 of 11

10 5. PHYSICAL ASSETS An asset inventory created for tracking all physical assets. Asset Manager is responsible for identifying, capturing and maintaining the following details for assets Asset Title Asset Id Owner of asset Custodian, if any Users of asset Back-up details An asset manager approves asset requests and manages the properties of the assets in the system, such as location, condition, manufacturer, model, current owner, and estimated value etc. Every physical asset should have a label with the asset ID on it. Nomenclature of all physical asset IDs uniform across assets and able to identify and segregate different types of physical assets. 6. PEOPLE ASSETS For every organization, people assets (employees) are one of the most important assets. As a practice, every individual should have a unique employee ID and a corresponding ID card. The card should contain information sufficient to identify and verify the individual. 7. REVIEW AND UPDATE Each Information asset owner should review the information, which needs to be archived and purged on semi-annual basis. For Internal Use Only Page 10 of 11

11 Physical assets should also be reviewed on a regular basis. Asset owner should inform to asset manager to update the asset register in case of any addition or removal of assets. 8. REFERENCES e-gov Configuration Management policy Asset Management Procedure For Internal Use Only Page 11 of 11