Central Mine Planning & Design Institute Limited, CMPDI (A Mini Ratna Company), India has a responsibility to protect from disclosure to unauthorized parties the personally identifiable information (name, address, date of birth, social security number, etc.) of its website users. Therefore, the Central Mine Planning & Design Institute Limited, CMPDI (A Mini Ratna Company), India has adopted and implemented a website security policy to protect the account information of its website users.
Notice and Disclosures:
Central Mine Planning & Design Institute Limited, CMPDI (A Mini Ratna Company), India will not sell, trade, nor disclose the personally identifiable information of its website users to any unauthorized third parties.
Data Quality and Access:
Central Mine Planning & Design Institute Limited, CMPDI (A Mini Ratna Company), India takes all steps possible to ensure that the data on the website is accurate. If something is found to be inaccurate Central Mine Planning & Design Institute Limited, CMPDI (A Mini Ratna Company), India will make every effort to correct said information as quickly as possible. If it is found to be an inaccuracy with the entire system Central Mine Planning & Design Institute Limited, CMPDI (A Mini Ratna Company), India will work swiftly to correct the problem so that your web experience is as trouble-free as possible.
Application Security Audit:
A Drupal CMS is used in CMPDI’s website for displaying the information dynamically as per the users’ requests. The application has been security audited for the known application level vulnerabilities as per Top 10 OWASP and the application security vulnerabilities have been addressed before the launch of the Portal The website will be audited by Cert-in empanelled agency periodically. The periodicity shall be one year from the date of issue of certificate or additional changes in the dynamic content carried out whichever is earlier. A periodic check on the requirement of a security certificate is recommended to the web information manager in case there are changes in the functionality or any other environmental changes.
Server Audit :
The Applications and database servers hosting CMPDI’s website and Databases have been security audited. The hardening of the server has been done. The access to the server is restricted both physically and through the network as far as possible. The Logs are being maintained for authorized physical access to CMPDI. The servers have been placed behind the Application firewall in order to make them hidden to the outside public. All the development work is done on separate development environment and well tested on the staging server before updating it on the production server. The contents are first checked by approval authority before publishing on the website. All contents of the web pages are checked for intentional or unintentional malicious content before final upload of the same on the website. Audit and Log of all activities referring to the operating system, access to the system and access to applications are maintained and archived. All rejected accesses and services are logged and listed in exception reports for further scrutiny. All newly released system software patches, bug fixes and upgrades are deployed regularly and reviewed. The Antivirus has been deployed on the servers and is updated online.
Website Access Rights :
Website is accessible in India only and necessary firewall rule has been applied in the system.