information technology (it) policy

Version 1.0.0 Date: 15.09.2018 of 37 .

BRAHMAPUTRA CRACKER AND POLYMER LIMITED

Information Technology (IT) Policy

Information Classification: Confidential

Distribution: Internal Distribution Only

Access: Internal Use Only

Brahmaputra Cracker and Polymer Limited


Version 1.0.0 Date: 15.09.2018 of 37 .

TABLE OF CONTENTS

DOCUMENT VERSION CONTROL INFORMATION ................................................................ 5

REVISION / AMENDMENT CHART .................................................................................. 6

1 PURPOSE OF DOCUMENT ..................................................................................... 7

2 INTRODUCTION ................................................................................................. 7

3 SCOPE ............................................................................................................. 9

4 ORGANIZATION AND PLANNING ............................................................................ 11

4.1 IT PROCESSES, ORGANIZATION AND RELATIONSHIPS ......................................................................... 11

4.1.1 Role of IT Department ..................................................................................................... 11

4.1.2 Role of IT Department in Software Development .......................................................... 12

4.1.3 Role of process owner in Software Development ........................................................... 12

4.1.4 Role of IT Functional Team ............................................................................................. 12

4.2 IT BUDGET .............................................................................................................................. 13

4.3 COMMUNICATION OF MANAGEMENT AIMS AND DIRECTION .................................................................. 13

4.4 MANAGEMENT OF IT HUMAN RESOURCES ....................................................................................... 13

4.5 MANAGEMENT OF QUALITY .......................................................................................................... 13

4.6 ASSESSMENT AND MANAGEMENT OF IT RISKS .................................................................................. 14

4.7 MANAGEMENT OF PROJECTS ........................................................................................................ 14

5 ACQUISITION AND IMPLEMENTATION ..................................................................... 14

5.1 IDENTIFICATION OF AUTOMATED SOLUTIONS ................................................................................... 14

5.1.1 Software Development .................................................................................................... 15

5.1.2 Criteria for In-house Development ................................................................................. 15

5.1.3 System Software .............................................................................................................. 15

5.2 ACQUISITION AND MAINTENANCE OF APPLICATION SOFTWARE ............................................................ 15

5.2.1 Application Software Procurement/Development ......................................................... 15

5.2.2 BCPL E- Business .............................................................................................................. 17

5.2.3 CONNECT Portal .............................................................................................................. 17

5.2.4 Hosting of Company Web Sites ....................................................................................... 17

5.2.5 Software Maintenance and Support ................................................................................ 17

5.2.6 Documentation of Business Application Packages .......................................................... 17

5.3 ACQUISITION AND MAINTENANCE OF TECHNOLOGY INFRASTRUCTURE ................................................... 18



Version 1.0.0 Date: 15.09.2018 of 37 .

5.3.1 PC..................................................................................................................................... 18

5.3.2 Printer, UPS, Scanner and other Peripherals.................................................................. 19

5.3.3 Notebook PCs ................................................................................................................... 19

5.3.4 Scanners .......................................................................................................................... 19

5.3.5 Projectors ........................................................................................................................ 19

5.3.6 Servers ............................................................................................................................. 20

5.3.7 Network Connectivity ...................................................................................................... 20

5.3.8 Internet Connectivity ...................................................................................................... 20

5.3.9 Video Conferencing Systems ........................................................................................... 20

5.3.10 Spares .............................................................................................................................. 21

5.3.11 Storage for Spares ........................................................................................................... 21

5.3.12 Asset Identification & Management ................................................................................ 21

5.3.13 Insurance ......................................................................................................................... 21

5.3.14 Specialized Plant Systems ............................................................................................... 21

5.4 ENABLING OPERATION AND USE ................................................................................................... 21

5.4.1 Site Preparation .............................................................................................................. 21

5.4.2 IT Operations ................................................................................................................... 23

5.4.3 Help Desk ......................................................................................................................... 24

5.5 PROCUREMENT OF IT RESOURCES ................................................................................................. 24

5.5.1 Procurement of IT Assets ................................................................................................ 24

5.5.2 Warranty .......................................................................................................................... 25

5.5.3 Miscellaneous Budget ...................................................................................................... 25

5.6 MANAGEMENT OF CHANGES ......................................................................................................... 25

5.7 INSTALLATION AND ACCREDITATION OF SOLUTIONS AND CHANGES ....................................................... 25

5.8 DECLARATION OF EMERGENCY ..................................................................................................... 26

6 DELIVERY AND SUPPORT ..................................................................................... 26

6.1 DEFINITION AND MANAGEMENT OF SERVICE LEVELS .......................................................................... 26

6.2 MANAGEMENT OF THIRD-PARTY SERVICES ...................................................................................... 26

6.2.1 IT Partner / Consultancy ................................................................................................. 26

6.3 MANAGEMENT OF PERFORMANCE AND CAPACITY .............................................................................. 26

6.3.1 Application Tuning .......................................................................................................... 26

6.3.2 IT and ERP Infrastructure Upgrade ................................................................................. 26

6.3.3 Hardware Life .................................................................................................................. 27

6.4 ENSURING CONTINUOUS SERVICE .................................................................................................. 28

6.5 ENSURING SYSTEMS SECURITY ...................................................................................................... 28



Version 1.0.0 Date: 15.09.2018 of 37 .

6.6 EDUCATION AND TRAINING OF USERS ............................................................................................ 28

6.6.1 Training Program ............................................................................................................. 28

6.7 MANAGEMENT OF SERVICE DESK AND INCIDENTS .............................................................................. 29

6.8 MANAGEMENT OF THE CONFIGURATION ......................................................................................... 29

6.9 MANAGEMENT OF PROBLEMS ........................................................................................................ 29

6.10 MANAGEMENT OF DATA .............................................................................................................. 29

6.11 MANAGEMENT OF THE PHYSICAL ENVIRONMENT ............................................................................... 29

6.12 MANAGEMENT OF OPERATIONS ..................................................................................................... 30

7 MONITORING AND EVALUATION ............................................................................ 30

7.1 MONITORING AND EVALUATION IT PERFORMANCE ............................................................................ 30

7.2 MONITORING AND EVALUATION OF INTERNAL CONTROL .................................................................... 30

7.3 ENSURING REGULATORY COMPLIANCE ........................................................................................... 30

7.4 PROVISION OF IT GOVERNANCE .................................................................................................... 30

8 RESPONSIBILITIES OF IT USERS ............................................................................. 30

9 COMPETENT AUTHORITY TO APPROVE FOR REQUIREMENTS NOT COVERED IN IT POLICY .... 33

10 REVIEW OF BCPL IT POLICY ................................................................................. 33

11 ANNEXURE ...................................................................................................... 34

11.1 ANNEXURE 1 (IT SERVICES) ................................................................................................... 34

11.2 ANNEXURE 2 (PC TRANSFER POLICY) .................................................................................... 35

11.3 ANNEXURE 3 (MAJOR LOCATIONS) ........................................................................................ 35

11.4 ANNEXURE 4 ...................................................................................................................... 36



Version 1.0.0 Date: 15.09.2018 of 37 .

Document Version Control Information

Document Name Information Technology Policy

Current Version

A.B.C A: 1 or greater indicates approved IT Policy and is under change control. B: incremented for all changes of contents, i.e. enhancements, corrections, updates, etc. C: incremented when editorial only changes have been incorporated in the IT policy

Document Storage Intranet

First Published 15.09.2018

Document Owner IT Department

Classification Internal Distribution Only

Approved By Company Board of Directors



Version 1.0.0 Date: 15.09.2018 of 37 .

Revision / Amendment Chart

S.No. Revision

No.

Amendment

No.

Amendment

date

Amendment

type

Clause

No.

Informed to

Board on

initial



Version 1.0.0 Date: 15.09.2018 of 37 .

1 Purpose of Document

This Information Technology (IT) Policy document endeavours to outline a strategy for

harnessing the opportunities and the resources offered by IT for meeting BCPL (hereafter

referred to as ‘company’ or ‘BCPL’) business objectives by integrating and institutionalizing

good practices. This document aims to help in linking business goals to IT goals and

identification of the associated responsibilities of business and IT process owners.

The objectives of the IT policy are to provide directives for:

a. Entitlement of MD, Functional Directors, COO and employees for various IT assets like

PC, Notebook, and peripherals;

b. Entitlement of MD, Functional Directors, COO and employees for various IT services like

Internet and E-Mail;

c. Procurement and deployment of IT assets;

d. Methodologies to be adopted for development of customized software and procurement

of readymade software for deployment in various functional areas;

e. Role and responsibilities of IT department for ensuring up-keep and high availability of

IT services;

f. Role and responsibilities of functional departments;

g. Role and responsibilities of IT users;

h. Information security;

i. Continuity of IT services;

j. Information Systems (IS) Audit periodically for adopting best IT practices; and

k. Identification of IT training needs of users and IT personnel.

2 Introduction

Information Technology provides synergy, learning, increased productivity, competitive

advantage, new opportunities, faster and correct decision-making and generally enables a

better control for achieving organization's objectives by integrating business processes. IT

leverages the availability of information and speeds up decision-making process of the

organization. However, IT carries risks - it is costly to implement and very prone to failures if

not managed properly. With the computerization of more and more business processes of the

organization, IT has become integral to working. For the quality IT infrastructure / systems, to



Version 1.0.0 Date: 15.09.2018 of 37 .

be timely developed, implemented, maintained and put to use, requires a sound IT Policy in

organization.

Current proposed policy is the first IT policy of BCPL since its inception in 2007. Company has

implemented SAP R/3 as the Enterprise Resource Planning (ERP) software in April’2015. ERP

System at BCPL has been implemented with the following objectives:

a. Prompt & Uniform availability of information;

b. Faster decision-making;

c. Reduction in IT system maintenance cost;

d. Improving inventory visibility across locations/project to reduce duplicate purchases;

e. Increase in efficiency & productivity across all business functions;

f. Easier corporate consolidation/Strategic Business Unit (SBU);

g. Providing solutions to plant maintenance, production planning, product costing, supply

chain management, customer relationship management, e-procurement, Internet sales,

human resource development and Project management;

h. Integration of single agency system with other applications;

i. Provide e-procurement solutions; and

j. Reduction in software engineer’s manning concentration at remote location.

BCPL IT Department has been assigned responsibility for managing and providing information

technology services to the organization. The department has also been provided responsibility

for maintenance and updating of the IT Policy. This policy applies to all employees (including

those on deputation) and contractors of the company, and third party/outsourced service

provider staff involved in providing or managing Information Technology services to the

organization as a part of their business activities for the company. The IT Policy of the company

has been aligned with the internationally accepted Control Objectives for Information and

related Technology (COBIT) framework. COBIT is an IT governance framework and supporting

toolset that allows managers to bridge the gap between control requirements, technical issues

and business risks. COBIT enables clear policy development and good practice for IT control

throughout organizations. COBIT emphasizes regulatory compliance, helps organizations to

increase the value attained from IT, enables alignment and simplifies implementation of the

COBIT framework.



Version 1.0.0 Date: 15.09.2018 of 37 .

The policy is subject to further amendment. In case of major changes, the revision of IT policy

shall be reviewed by committee and approved by MD.

3 Scope

IT policy shall span the entire IT life cycle as per the COBIT framework covering the 4 major

heads:

a. Organization and Planning:

This covers strategy and tactics, and concerns the identification of the ways IT can best

contribute to achieve the business objectives. The realization of this strategic vision needs to

be planned, communicated and managed effectively & efficiently. This will require proper

organization as well as putting in place the technological infrastructure. It covers:

IT PROCESSES, ORGANIZATION AND RELATIONSHIPS

IT BUDGET

COMMUNICATION OF MANAGEMENT AIMS AND DIRECTION

MANAGEMENT OF IT HUMAN RESOURCES

MANAGEMENT OF QUALITY

ASSESSMENT AND MANAGEMENT OF IT RISKS

MANAGEMENT OF PROJECTS

b. Acquisition and Implementation:

To realize the IT strategy, IT solutions need to be identified, developed or acquired,

implemented and integrated into the business processes. This should also cover maintenance,

changes, obsolescence and upgrade of existing systems to ensure that the life cycle is continued

for IT systems till such time it is economic & efficient to manage. It covers:

IDENTIFICATION OF AUTOMATED SOLUTIONS

ACQUISITION AND MAINTENANCE OF APPLICATION SOFTWARE

ACQUISITION AND MAINTENANCE OF TECHNOLOGY INFRASTRUCTURE

ENABLING OPERATION AND USE

PROCUREMENT OF IT RESOURCES

MANAGEMENT OF CHANGES



Version 1.0.0 Date: 15.09.2018 of 37 .

INSTALLATION AND ACCREDITATION OF SOLUTIONS AND CHANGES

c. Delivery and Support:

This covers the actual delivery of required services, which range from traditional operation,

security and services continuity aspects to training. In order to deliver services, the necessary

support processes must be set up. It covers:

DEFINITION AND MANAGEMENT OF SERVICE LEVELS

MANAGEMENT OF THIRD-PARTY SERVICES

MANAGEMENT OF PERFORMANCE AND CAPACITY

ENSURING CONTINUOUS SERVICE

ENSURING SYSTEMS SECURITY

EDUCATION AND TRAINING OF USERS

MANAGEMENT OF SERVICE DESK AND INCIDENTS

MANAGEMENT OF THE CONFIGURATION

MANAGEMENT OF PROBLEMS

MANAGEMENT OF DATA

MANAGEMENT OF THE PHYSICAL ENVIRONMENT

MANAGEMENT OF OPERATIONS

d. Monitoring:

This covers the need for regular assessment of all IT processes. All IT processes must be

assessed for their quality, efficiency and compliance with the policy requirements. This

provides for independent assurance provided by internal and external audits. This provides for

the feedback mechanism for taking timely corrective actions. It covers:

MONITORING AND EVALUATION OF IT PERFORMANCE

MONITORING AND EVALUATION OF INTERNAL CONTROL

ENSURING REGULATORY COMPLIANCE

PROVISION OF IT GOVERNANCE



Version 1.0.0 Date: 15.09.2018 of 37 .

4 Organization and Planning

4.1 IT Processes, Organization and Relationships

Company will have a formal IT team structure that will develop the management framework

for information technology and will ensure the success and sustainability of enterprise wide

Information technology deployment and management.

The IT team structure will be as depicted in Annexure 1.

4.1.1 Role of IT Department

The roles and responsibilities of the IT Team will be as mentioned below:

a. Shall be responsible for planning of IT systems.

b. Shall be the custodian of company’s electronic data. For the data residing in individual

PC/laptop, concerned user shall take regular backup.

c. Shall ensure availability of IT applications on 24x7 basis to enable the users across

Company.

d. Shall develop and/or outsource application software for data capture and for information

processing for all functions.

e. Shall provide state-of-the-art IT infrastructure for use by all departments.

f. Shall develop solutions for operational requirements and decision support, using advanced

techniques.

g. Shall be responsible for skill upgrade for IT officers, with a view to improve the IT

knowledge base.

h. Shall collect user requirements for designing, developing and implementation of

application software.

i. Group responsible for new initiative shall scan state-of-the-art technology for identifying

cost effective, appropriate and feasible information systems solutions.

j. Shall prepare comprehensive proposals and schemes along with process owners for

implementation of IT solutions and obtain administrative & financial approvals.

k. Shall monitor implementation of the schemes while ensuring that the required knowledge

and inputs are provided to the users.

l. Shall organize replication of proven systems.

m. Shall improve quality, profitability & productivity as a business enabler.



Version 1.0.0 Date: 15.09.2018 of 37 .

n. Shall explore avenues of providing IT solutions / support to other similar organizations,

using its pool of expertise and software development efforts.

4.1.2 Role of IT Department in Software Development

a. Software Development by In-house team or external software development agency

identified by IT.

b. Provision and control of Budget for the software development expenses.

c. Association in preparation of System Requirement Study (SRS) along with Functional

Department(s).

d. Identification of technologies & platforms for development and deployment.

e. Involvement in Factory Acceptance Testing (FAT) and Site Acceptance Testing (SAT) along

with Functional Department(s).

f. Preparation of system design document for any change request in the SAP environment and

development of the change. This shall be carried out in the development environment of

SAP landscape implemented in company.

g. IT department shall provide a centralised portal for user department/unit to submit the

requirement of a customized application software.

4.1.3 Role of process owner in Software Development

a. Nomination of coordinator and functional experts from their department to supervise and

assist SDA in the software development and arranging for necessary approvals and award

of contract to Software Development Agencies following Company procedures.

b. Develop concept note for the development of new software and modifications in the

existing software with due approval of functional head(s).

c. Involvement and lead role in preparation & finalization of SRS being developed by SDA.

d. Approve the SRS.

e. Play the lead role in testing of software with respect to approved SRS during FAT, which

shall be conducted.

f. Play the lead role in testing of software with respect to approved SRS during SAT, which

shall be conducted.

g. Any additional requirement identified by Functional Department(s) during FAT and/or SAT

shall not be considered under the current scope of work. The additional requirements may

have additional time implication with/without cost implication mutually agreed with SDA.

4.1.4 Role of IT Functional Team

a. Performing feasibility study of the change requests received from users.

b. Preparation of business blue print documents for approval from process owners.



Version 1.0.0 Date: 15.09.2018 of 37 .

c. Mapping the requirement of the user in the development environment.

d. Performing testing of the change in the quality/ development environment.

e. Transporting the change to the production environment.

f. Creation of roles and authorizations for various activities.

g. Support and periodic training to end-users.

4.2 IT Budget

Department shall propose centralized annual budgetary estimates for management approval

during companywide budget exercise. The approved centralized IT budget shall be allocated

to respective sites as per their requirement OR used for central procurement and thereafter

transferring the IT assets to respective sites.

For the requirement of department specific specialized software packages, the budget

provision shall be made by the respective department.

4.3 Communication of Management Aims and Direction

The IT Department will be responsible for ensuring conduct of periodic awareness trainings in

co-ordination with the training department, to ensure that the employees, relevant

contractors and third parties are aware of information technology policies and procedures at

the company. The IT Department is also responsible for defining initiatives that promote

awareness of good practices of information technology within the company. Company

employees/ third parties shall comply with the information technology policy set out in this

document and disciplinary action shall be taken as per company policy for the same. IT Incident

handling and resolution shall be the responsibility of the IT Department.

4.4 Management of IT Human Resources

Company shall acquire, maintain and motivate a competent IT workforce for creation and

delivery of IT services to the business. Company shall follow defined and agreed practices

supporting recruitment, training and performance evaluation.

Company shall also deploy the services of third parties for management of IT Services and

provision of consultancy services. The performance of these third parties shall be regularly

monitored and measured against defined service levels. Regular review meetings shall be held

with third parties to discuss their performance and initiate required corrective actions, if any.

4.5 Management of Quality

Company shall establish and maintain a Quality Management System that provides a standard

and ongoing approach to quality management that is aligned with the business requirements.



Version 1.0.0 Date: 15.09.2018 of 37 .

The QMS shall identify quality requirements and criteria, and help in establishing the policies

and methods for defining, detecting, correcting and preventing nonconformity.

4.6 Assessment and Management of IT Risks

Company shall establish an IT Risk Management framework to identify and mitigate the IT risks

and assign responsibilities for implementation and monitoring of the IT risks. Any potential

impact on the goals of Company caused by an unplanned event shall be identified, analyzed

and assessed.

Company shall encourage participation of key IT department personnel in forums such as IT

seminars, workshops, and conferences to increase awareness about the latest IT threats and

IT innovations to mitigate these threats.

IT Risk management shall be carried out every year and a risk register with quantification of

various risks along with risk mitigation measures shall be maintained by the IT department.

4.7 Management of Projects

Company shall ensure the correct prioritization and coordination of all IT projects. All projects

shall include a master plan defining the timelines and an Activity Breakdown Structure,

assignment of resources, definition of deliverables, approval by users wherever possible, a

phased approach to delivery, quality assurance, a formal test plan, and testing and post-

implementation review after installation to ensure project risk management and value delivery

to the business.

5 Acquisition and Implementation

Company shall adopt standardized practices for acquiring IT solutions across all company

locations.

5.1 Identification of Automated Solutions

To ensure that the business requirements are met in an effective and timely manner, Company

shall conduct an analysis before making the decision of acquisition or creation of a new

application. All the business requirements for IT enabled solutions/ functionalities for

computerization shall be communicated to the IT department. IT department shall evaluate

such proposals with respect to the following:

a. Consideration and evaluation of alternative sources

b. Urgency of the requirement

c. Review of technological and economic feasibility

d. Risk Assessment

e. Cost Benefit Analysis



Version 1.0.0 Date: 15.09.2018 of 37 .

f. Technology to be used

g. Development methodology

h. Implementation philosophy

5.1.1 Software Development

Based on the inputs from the user department, IT department shall initiate the action for

development of software (either in-house or through third party). Such software shall be rolled

out across the company depending on the functional needs. No software shall be developed in

isolation by any individual / functional department at any Company site as this may lead to

redundancy, non-uniformity, duplication of data & efforts.

5.1.2 Criteria for In-house Development

The following criteria shall be used for in-house software development:

a. Availability of in-house skills.

b. Projects needed for competitive leadership and/or secrecy.

c. Availability of sufficient personnel with the required skill set.

In case of non-fulfilment of any of the above, software development shall be assigned to

external Software Development Agencies (SDAs).

5.1.3 System Software

It shall be the responsibility of site IT in charge to make a copy of the original system software

and use this copy for day-to-day activities preserving the original media.

Company shall ensure that all software deployed in the organization are licensed and

authorized by the IT department for use. Company shall define, maintain and control usage of

licensed software to adhere to legal and regulatory requirements and to have effective and

optimal usage of existing licenses.

5.2 Acquisition and Maintenance of Application Software

a. Development / procurement of application software packages shall be done on need basis

through reputed vendors with suitable customizations specified by company.

b. All the application software packages shall be Graphical User Interface (GUI) based and menu

driven.

c. All new software developed by SDA shall be under warranty for at least 2year.

5.2.1 Application Software Procurement/Development

The software being purchased / developed through an external agency shall be broadly

classified into two categories as mentioned below.

5.2.1.1 Readymade Software



Version 1.0.0 Date: 15.09.2018 of 37 .

Readymade Software is defined as already available commercially developed software, which

is purchased and used without any customizations. BCPL has deployed a number of readymade

software like Microsoft Office and Microsoft Outlook for supporting business functions. The IT

Department shall review time to time all such software being used and upgrade to the current

version as per the BCPL business requirements.

5.2.1.2 Customized Software

Customized software is defined as already available commercially developed software, which

is adopted with minor modifications to meet specific business requirements. BCPL has

implemented SAP R/3 as the Enterprise Resource Planning Software across all locations with

required customizations. Currently, BCPL has SAP R/3 version 6.0 with ESS and ITS 6.20. FI/CO,

MM, SD, HR, PP, QM, HSE and PS modules of SAP R/3 have been implemented. BCPL has an End

User Value License Agreement (EUVLA) from M/S SAP India Private Limited and fresh EULA will

be signed for new licenses / platform change / new module.

a. Company has an Annual Maintenance Contract (AMC) from M/S SAP India Private Limited

for provision of released support packs and Online Support and Services (OSS) and the

maintenance charges shall be paid to M/s SAP India Private Limited in line with agreement.

b. For OSS, M/S SAP India Private Limited shall be provided remote access to the SAP systems.

Limited period access including SAP_ALL to their personnel for online access to ensure

timely resolution of the problem shall be provided as required.

c. For all items not covered by the standard AMC, expert services shall be hired by the

company for problem resolution.

d. Additional licenses shall be obtained for various SAP components from M/S SAP India Private

Limited after assessment of future company requirements.

e. BCPL shall maintain an additional up to 5% licenses to meet any contingent requirements.

f. Authorization from the COO shall be required for the allocation of a SAP professional user

access except for transactional users from service department (i.e F&A, HR, C&P,

Marketing, PTD and Laboratory)

g. IT Department shall review and plan for the up gradation of various SAP components one

year before the expiry of support for the current versions. The IT Department shall also

consider up gradation/ scaling of supporting hardware to meet future requirements.

h. IT Department shall review new product releases from M/S SAP India Private Limited and

evaluate the need for deployment of the same in the company.

i. IT department shall ensure that 24X7 Facility Management Services are in place for

providing support to the SAP setup.



Version 1.0.0 Date: 15.09.2018 of 37 .

5.2.2 BCPL E- Business

Company shall encourage use of E-business models to cut down the cost of business operations

and to increase competitiveness. Therefore, to carry out business in this model, the business

applications procured or developed by the company shall be web based.

Company shall use E-Tendering process for procurements valued above a limit decided by

management from time to time. All tenders published on the E-tendering website shall be

digitally signed by the concerned Contracts and Procurement (C&P) personnel. Company shall

procure ‘Class 2’ digital signature certificates from a Controller of Certifying Authorities (CCA)

authorized Certifying Authority (CA) only.

5.2.3 CONNECT Portal

CONNECT Portal shall host the latest information for use by the company employees’

community across Company. Corporate Intranet shall also host interviews with senior officers,

Directors and MD on specific areas and on special occasions from time to time.

Heads of Departments (HODs) and Heads of the work centres shall ensure that the latest

information / updates on their respective areas are sent to the concerned IT officer at

Lepetkata Data Centre for hosting on the company Intranet.

5.2.4 Hosting of Company Web Sites

Company shall host its web sites internally following norms of Government directives. All

information hosted on the Company website shall be approved by the Corporate Communication

(CC) department with the exclusion of tender documents that shall be uploaded by the

concerned C&P personnel.

5.2.5 Software Maintenance and Support

IT Department is responsible for maintenance and support of all business application packages,

Intranet and company web sites. In-house development team maintain and support of company

web sites, web applications and intranet.

OEM/Authorized partners/Service providers shall be provided remote access to the respective

IT systems for a limited period on need basis to ensure timely resolution of the problem.

5.2.6 Documentation of Business Application Packages

a. Designated IT officer responsible for maintenance of an application package shall also be

responsible for maintaining complete, adequate & up to date documentation (both system



Version 1.0.0 Date: 15.09.2018 of 37 .

manual as well as user manual). The officer shall also be responsible for regular update of

the documentation post modifications/enhancements/bug fixing in the application

packages.

b. The application system manuals shall be propagated to the IT coordinators responsible for

maintenance of business applications at all company locations.

c. Users of the application packages shall be provided with the hard copy of user manuals of

application packages being used by them.

d. Master copy of documentation of each application package (both soft & hard) shall be

maintained by the IT department and shall be version controlled.

Company shall ensure that the technical literature, periodicals, magazines, technical papers,

standards, relating to the company business areas is available centrally on file servers for access

by the employees on the network.

5.3 Acquisition and Maintenance of Technology Infrastructure

5.3.1 PC

a. PC shall be provided to employee in phased manner in E2 Grade and above. PC shall be

provided to external agencies (e.g. CISF personnel, personnel on deputation, apprentices,

contract employees, schools, cooperative societies, etc.) with the approval of HOD.

b. Common PCs (for use by employees not provided with a PC for exclusive use) shall be provided at strategic locations (Conference Room, Control Room, Library, Central DAK, Visitors Pass Section, Reception, etc.) so that personnel could use the facility of Intranet, Internet, SAP ESS, SAP Logon, E-Mail, etc. Security aspects of such PCs shall be taken care of by HR/Security departments.

c. The shift engineers/officers sitting in the Control Room shall use Common PCs available there.

d. Training facilities shall be equipped with the latest & adequate IT infrastructure including various specialized software.

e. Lepetkata Data Centre shall be equipped with adequate IT infrastructure required for test bed to experiment with new technologies, interfaces and patches etc.

f. In case of transfer of an employee either from one location to another within India or from one section to another within a department or from one department to another at a location, the PC shall be shifted to the new place of posting as defined in Annexure 2. However, overall shifting of IT assets shall be kept to minimum.

g. High-end PC, multifunctional LCD / TFT Monitor with broadband connectivity and

associated peripherals such as printers, scanners and UPS shall be provided at office and

residence office of MD, Functional Directors & CVO. At the time of superannuation, the MD,

Functional Directors & CVO shall have the option to either return the allocated IT assets at

their residence office to BCPL or buyback the same at book value. Proper record of asset

issued as above will be maintained by IT in system.



Version 1.0.0 Date: 15.09.2018 of 37 .

5.3.2 Printer, UPS, Scanner and other Peripherals

a. Company shall encourage the concept of resource sharing.

b. High-end networked laser printers shall be provided on each floor / block for sharing by a

group of employees at each location.

c. Standalone Black & White Laser printer shall be provided to DGM and above. Standalone

Black & White Laser printer shall be provided to executives below DGM on need basis with

recommendation / justification from the Head at work centres.

d. Colour Laser printer shall be provided in controlled environment at respective work centres

for its limited use.

e. Dot Matrix and line printers shall be provided to users on need basis.

f. UPS shall be provided with each Desktop PC.

g. UPS supply of adequate power rating shall be provided for powering the servers based on

the power condition of the location.

h. All networking equipment shall be powered with UPS of 30 minutes backup time.

5.3.3 Notebook PCs

a. MD, Functional Directors and COO shall be provided with a PC Notebook. Notebook PC may

also be provided to other officers on need basis. To this effect, the proposal with proper

justification shall be put up for approval by concerned Director, through HOD / Heads of

the concerned work centre. In case a Notebook PC is issued to an employee below the level

of CGM, no Desktop PC shall be provided.

b. Notebook PC shall be provided to IT department of respective location for diagnosis and

testing of connectivity and business applications.

c. Notebook PC shall also be provisioned with IT department for common use i.e. presentation

by other departments to Management or external agencies.

5.3.4 Scanners

a. Scanner shall be provided to DGM & above. Same shall be provided to others also on need

basis with recommendation from the HODs and Heads of work centres.

5.3.5 Projectors

a. One portable projector shall be provided at all training facilities.



Version 1.0.0 Date: 15.09.2018 of 37 .

5.3.6 Servers

5.3.6.1 Database / SAP Server

a. Uniform environments shall be maintained for entire landscape (Development, Quality,

Training, Production and DR site) of the SAP business application.

b. Database servers of all centralized business applications shall be installed at Lepetkata,

Data Centre.

5.3.6.2 E-Mail/Internet/Intranet/Security

a. Internet, Intranet & email access shall be provided to all employees for official use.

b. Broadband Internet services with unlimited access facility or Internet Data Cards shall be

provided at the residence of MD, Functional Directors & COO from third party service

providers depending upon the availability of service providers.

5.3.7 Network Connectivity

5.3.7.1 Local Area Network (LAN)

a. LAN shall be established at all offices of BCPL.

b. All PCs shall be connected to LAN.

c. Structured cabling shall be done at all the new buildings across BCPL as part of interior

decoration of the building.

d. Wi-Fi connectivity shall be established in BCPL offices on need basis.

5.3.7.2 Wide Area Network (WAN)

a. Broadband Internet connectivity shall be allowed on need basis to those locations wherein

Lease circuit are not available, with the approval of HOD (IT).

5.3.8 Internet Connectivity

Company shall take the internet services from minimum two different service providers to

ensure high availability and continuity of business services.

5.3.9 Video Conferencing Systems

a. Management considers Video conferencing systems as an important communication tool

especially for remote sites. High Definition and IP based VC systems at all major locations

shall be provisioned.



Version 1.0.0 Date: 15.09.2018 of 37 .

5.3.10 Spares

High availability of IT resources is critical for providing quality IT services to the IT users’

community. Therefore, company shall have a provision of critical spares to ensure high

availability of IT services.

5.3.11 Storage for Spares

Spares at all locations shall be housed in a secure place preferably in a store room of adequate

size, under the custody of IT department.

5.3.12 Asset Identification & Management

IT department shall be the custodian of all IT assets such as PCs, Servers, Storage Systems,

Routers, Switches, Hubs, Modems, Racks, Computer furniture, IOs, Notebook PCs, , Printers,

UPSs for IT equipment, , Scanners, LCD-Projectors, Plotters, VC Systems, Digital Cameras, LCD-

TVs and Software etc.

IT shall maintain asset details like status of Warranty/MC, details of configuration like HDD,

RAM, LAN card details, IP/MAC Address, etc. to ensure maintenance of assets.

5.3.13 Insurance

All IT assets shall be insured as per company policy. All new IT asset procurements shall be

communicated to the Finance Department along with the details of the assets & the date of

acceptance to insure the equipment for that financial year. The insurance application shall

include the list of items, quantity of items and the value.

Movable IT Assets like Notebook PC, Portable Projectors / Printers, software (original media)

shall also be suitably insured.

Any IT assets being transferred from one location to another shall be covered under transit

insurance by F&A department upon intimation by IT department. Any theft / loss of IT Assets

shall be reported to Security department by individual with information to IT department and

claim from insurance company shall be coordinated with Finance department.

5.3.14 Specialized Plant Systems

a. Specialized hardware and software systems and their licenses, AMC requirements shall be

assessed by the concerned unit/department.

5.4 Enabling Operation and Use

5.4.1 Site Preparation

5.4.1.1 Site



Version 1.0.0 Date: 15.09.2018 of 37 .

Before installing the IT equipment, readiness of the site shall be ensured by IT In-charge at

respective sites. The delivered equipment shall be installed preferably as per manufacturer’s

specifications and recommendations.

5.4.1.2 Power Supply

Each company location shall have UPS power as defined below:

Input AC Voltage : 230 V + 5%

Earth-Neutral Voltage : Preferably < 1 V

Frequency : 50 Hz + 1%

The input power points shall have 3 pin 6A / 16A sockets and Earthing to all the points shall be

ensured. Electrical/Civil department shall make arrangements of providing the AC power

points/extension power boards. The UPS shall preferably be On-line/ Line Interactive type.

Lighting

Server rooms at each location shall be well lit with sufficient f lights and the lighting fixture

used shall be of anti-glare type. Arrangement shall be made for emergency lighting in the

computer centre/Server room.

5.4.1.3 Air conditioning

The server room area shall be dust free and air-conditioned. The following temperature shall

be ensured before installation of any equipment:

Servers : 22 degrees (+5%)

PCs : 28 degrees (+10%)

Peripherals : 28 degrees (+10%)

All the server rooms shall have a temperature and humidity indicator so as to keep a check on

environmental conditions during the day.

5.4.1.4 Furniture

The Servers shall be procured along with their mounting racks. The other IT equipment like

Modems, Routers shall be mounted on racks. The peripherals shall be kept either on their

pedestals or alternatively on tables of appropriate size. The power/signal cables shall

preferably be fixed with cable ties.

5.4.1.5 Fire Fighting



Version 1.0.0 Date: 15.09.2018 of 37 .

All the IT equipment is prone to fire and shall be well protected. Areas hosting critical IT

equipment shall have hand held fire extinguishers of CO2 type. Data centres at Lepetkata and

DR site, BCPL, Noida shall be provided with automatic gas based flooding system. Sufficient

number of smoke/ heat detectors along with audio Fire Alarm for indications shall be provided

in the server rooms at each site. Necessary indications for emergency exit in server room at

each site as per safety regulations byelaws shall be provided for any emergency evacuations.

IT Department shall ensure the fire and safety drill exercise in coordination with fire and safety

dept.

5.4.1.6 Communication Facility

Adequate communication facilities shall be made available to IT In-charge at each site to be

able to communicate to various vendors and to Company locations including IT department for

system support.

5.4.2 IT Operations

5.4.2.1 Manning of Data Centres

Primary Data centre and DR data centre shall be manned 24X7 including holidays and weekends

for the following:

a. To provide user support for the SAP and IT Setup

b. To provide necessary technical support to other sites if the need arises.

c. To ensure the uninterrupted availability of IT services to other sites of Company extended

from these sites.

5.4.2.2 Availability of Servers / IT Equipment

a. All Databases, messaging and SAP servers shall be available on 24 hours x 365 days basis

to enable the users across Company to use various applications as and when required.

b. Domain Administrator and Exchange Administrator rights shall be centralized at the

Lepetkata data centre. Systems Availability/ Status Report

a. Health check of IT equipment: The IT In-charge shall be responsible for preparing health

check reports for all database and e mail servers, SAP Servers, routers including WAN link,

switches, Oracle database, messaging system, etc on daily basis. Daily morning and evening

health check-up reports for the IT and ERP setup shall be provided by the respective

helpdesks.



Version 1.0.0 Date: 15.09.2018 of 37 .

b. Reporting of systems availability: Each site IT In-charge shall on monthly basis compute the

percentage availability of critical IT infrastructure and submit the report to respective IT

group head responsible for different areas by first week of the following month.

IT group head responsible for systems installed at primary data centre will ensure percentage

availability of ERP and IT infrastructure including SAP servers, LAN and WAN devices, legacy

application database server(s), messaging servers and other servers.

5.4.2.3 Consumables

IT department shall consolidate and obtain approval for procurement of required consumables in

every 2 year for existing / under procurement new equipment / peripherals. For printers, only OEM

make genuine printer cartridges shall be used.

5.4.2.4 Facility Management and Maintenance Contract

Maintenance of IT Infrastructure across BCPL shall be through Facility Management Services and

Maintenance Support Services with third party vendors. Facility Management Services shall cover

Maintenance and repair of IT Systems, including all kind of breakdown and Preventive

Maintenance and replacement of parts, sub-parts, modules, sub-modules and the like.

5.4.3 Help Desk

An IT helpdesk and an ERP helpdesk shall be setup at Lepetkata for enabling the users to register

support calls. All help-desk calls shall be logged with details like affected user’s name, problem

description, date & time of call. The helpdesk personnel shall be responsible for routing the call

to appropriate parties for resolution. Call severity shall be defined for all calls and resolution

times shall be defined. Company shall also define escalation procedures for calls that are not

resolved within the resolution times. The call shall be closed only after getting the user feedback

regarding the resolution of the problem.

5.5 Procurement of IT Resources

5.5.1 Procurement of IT Assets

a. The IT Department, Lepetkata, shall consolidate the requirements of IT needs of BCPL and

put up the consolidated requirements for approval by Competent Authority as per Delegation

of Powers (DOP) for centralised procurement from Lepetkata.

b. PCs/Peripherals shall be allotted to new entrants on need basis, if available, from the spare

stock, maintained at various company locations.

c. The requirement of servers, software and networking devices shall be consolidated by IT

department, Lepetkata, and the procurement on outright purchase basis shall be carried out

centrally following company purchase procedures.



Version 1.0.0 Date: 15.09.2018 of 37 .

d. In case of new location/terminal is coming up where LAN/WAN is required, necessary LAN

cabling, LAN I/O termination shall be included as part of construction work by concerned

project/civil/construction group.

e. IT department shall be responsible to take procurement action to ensure for timely

replacement of all the IT assets across company, having lived their useful lives as defined in

this policy.

5.5.2 Warranty

a. All the hardware equipment shall be procured with three years on-site warranty. However,

if three years onsite warranty is not available from OEM/Supplier, then standard

OEM/Supplier warranty support may be taken.

b. All the system software shall be procured with three years warranty support pertaining to re-

installation, re-configuration, etc in case of server/HDD media failure.

c. All the system software shall be procured with 90 days warranty on media from date of

purchase from Original Equipment Manufacturer (OEM) by the vendor. In case of media failure

beyond 90 days, the media with the software can be obtained from the software OEM against

payment as per the policy of the software OEM.

5.5.3 Miscellaneous Budget

A budget amounting to minimum 2% of the annual IT budget shall be maintained as miscellaneous

budget.

5.6 Management of Changes

Company shall manage all changes, including emergency maintenance and patches, relating to

infrastructure and applications within the production environment in a controlled manner. All

changes shall be logged, assessed, tested and authorized prior to being implemented in

production systems.

5.7 Installation and Accreditation of Solutions and Changes

Company shall ensure that any new systems are tested in a dedicated test environment that has

relevant and appropriate test data, rollout instructions are defined and a post implementation

review is conducted. Company shall also ensure that rollback strategies are defined for major

rollouts.



Version 1.0.0 Date: 15.09.2018 of 37 .

5.8 Declaration of Emergency

In case of any eventuality resulting into disruption of IT services or likelihood of disruption of IT

services, emergency situation shall be declared by the HOD (IT) and powers under the emergency

clause in DOP shall be used for restoration of the systems.

6 Delivery and Support

6.1 Definition and Management of Service Levels

Company shall ensure that a definition and agreement of IT services and ERP services and service

levels are reached between the IT management and business users. Company shall ensure

monitoring and timely reporting to stakeholders on the accomplishment of service levels.

6.2 Management of Third-party Services

6.2.1 IT Partner / Consultancy

a. Strategic Partnership shall be developed with various reputed companies for systems

specifications, white papers on various solutions & leveraging existing infrastructure,

development & implementation of solutions, technology areas etc.

b. One IT Strategy partner shall be contracted for identifying the latest technological trends

and their applicability to Company environment & business processes along with providing

consultancy on the ongoing / envisaged IT initiatives of the company. The strategy partner

shall also assist in consolidation, redeployment and sizing of the IT and ERP infrastructure to

ensure lower cost of ownership and increase in return on investment. IT department shall

initiate the requirement for appointment of IT partner / consultant and shall ensure

uninterrupted availability of IT partner / consultant for keeping the IT and ERP infrastructure

/ systems latest with the technology for meeting company requirement.

c. The contract shall be for a period of minimum two years.

6.3 Management of Performance and Capacity

Company shall ensure conduct of periodic reviews of current performance and capacity of IT

resources.

6.3.1 Application Tuning

Concerned IT officer responsible for maintenance of application package shall ensure proper

response time for OLTP (On line Transaction Processing) and report processing.

6.3.2 IT and ERP Infrastructure Upgrade

a. IT and ERP Infrastructure upgrade will be carried out based on the performance bottleneck

observed in the systems, stoppage of support from OEM/technology obsolescence,



Version 1.0.0 Date: 15.09.2018 of 37 .

technological advancement from time to time.

b. If the maximum utilization of Internet bandwidth exceeds 80% for 1 hour a day continuously

over a period of one month, the same shall be analyzed and upgraded in multiple of 2 Mbps,

if required.

c. If the maximum utilization of internal link between two locations exceeds 80% for 1 hour a

day continuously over a period of one month, the same shall be analyzed and upgraded, if

required.

d. All the operating system, office automation software, database, development tools,

messaging software shall be upgraded with the latest, version on periodic basis by the IT

Department.

e. Specialized software shall be upgraded on need basis.

6.3.3 Hardware Life

Company has defined useful life of IT equipment as follows, after which these IT systems shall

be examined and assessed about its usefulness and unserviceability and decision for replacement

would be taken.

SN ITEM USEFUL LIFE

1.

2.

3.

4.

5.

6.

7.

8.

9.

10.

11.

Desktop PC

Server / Storage

Notebook PC

Peripherals (Printer, UPS & Scanner)

Projector

Switch

Router

Video Conferencing System

Firewall

Intrusion Detection System (IDS)

/ Intrusion Prevention System (IPS)

Others IT Assets

4 Years

5 Years

3 Years

4 Years

5 Years

5 Years

5 Years

5 Years

4 Years

4

5 Years



Version 1.0.0 Date: 15.09.2018 of 37 .

IT department shall initiate necessary procurement action on completion of useful life of IT

equipment as defined above while allowing sufficient time to port the existing systems to run

under new environments.

6.4 Ensuring Continuous Service

Company shall develop, maintain and test IT continuity plans, endure offsite backup storage and

organize periodic continuity plan training to minimize the probability and impact of a major IT

service interruption on key business functions and processes.

6.5 Ensuring Systems Security

Company shall establish and maintain IT security roles and responsibilities, policies, procedures

and guidelines, and perform continuous security monitoring.

6.6 Education and Training of Users

6.6.1 Training Program

Company shall establish a formalized and structured training program for employees to ensure

that they have adequate knowledge necessary to securely perform their duties. The training

program shall focus on developing:

a. Relevant and needed IT knowledge and skills within the workforce

b. Training supporting competency development and helping personnel understand and learn

how to perform their IT roles and responsibilities.

c. Trainings that are tailored to the specific needs of each group of people who have been

identified as having significant responsibilities for IT in the company.

d. SAP related training courses for IT employees working in the ERP setup.

The tools and channels used for the training programs shall be decided in coordination with HR

and may include but will not be limited to:

a. Class-room training sessions;

b. Intranet based training;

c. Self-paced computer based training;

d. External training sessions.

The training requirements shall be identified by the Head of Department of IT on an annual basis

and shall be forwarded to HR for inclusion in annual training calendar. Feedback shall also be

sought from the IT employees for any specific IT training needs. The requirement of any



Version 1.0.0 Date: 15.09.2018 of 37 .

specialized technical trainings shall also be sent by HOD IT to HR whenever such requirements

arise.

In those cases where it will meet training objectives in a more efficient manner, the company

may opt to obtain commercial off-the-shelf training material or services from external trainers.

The IT Department shall also evaluate enrolment of key employees for relevant certification

courses including those for IT Security like CISA, CISSP, CEH, ITIL, ISO 27001 LA and the like. The

IT Department shall nominate the core team members of SAP for getting various SAP trainings,

seminars, conferences and workshops for professional development of these personnel.

6.7 Management of Service Desk and Incidents

IT Department shall set up an IT service desk function for both the ERP and the IT setup to

register, escalate, analyze and resolve IT problems.

6.8 Management of the Configuration

Company shall establish and maintain an accurate and complete configuration repository of all

hardware and software configurations. Company shall ensure that all configuration information

is stored in the repository, baselines are established and the repository is updated as and when

required.

6.9 Management of Problems

Company shall establish problem management processes to identify, classify, analyze and resolve

IT related problems. The problem management process shall include identification of

recommendations for improvement, maintenance of problem records and review of the status of

corrective actions.

6.10 Management of Data

Company shall establish procedures to manage the media library, backup and recovery of data,

and proper disposal of media.

Company shall implement an electronic and physical records retention schedule to maintain

records for a period of 7 yrs as per statutory requirements, to ensure that company adheres to

existing recordkeeping regulations and requirements and does so consistently. Company shall

formulate a process of systematically determining which records need to be captured and how

long they need to be retained in the company.

6.11 Management of the Physical Environment

Company shall ensure regular monitoring of physical environmental factors and management of

physical access to computer processing facilities in order to reduce business interruptions from

damage to computer equipment and personnel.



Version 1.0.0 Date: 15.09.2018 of 37 .

6.12 Management of Operations

Company shall define policies and procedures for IT Operations for effective management of

scheduled processes, monitoring of infrastructure and preventive maintenance of hardware in

order to help maintain data integrity and reduce business delays.

7 Monitoring and Evaluation

7.1 Monitoring and Evaluation IT Performance

Company shall develop a mechanism for conduct of risk assessment and shall monitor and

periodically report key activities.

7.2 Monitoring and Evaluation of Internal Control

Company shall establish and maintain a process including conducting self-assessments, third

party reviews to monitor the internal controls over IT.

Company shall conduct an SAP functional audit and a technical audit covering the entire

IT Infrastructure at least once in every two years.

7.3 Ensuring Regulatory Compliance

Company shall establish a review process to ensure IT compliance to relevant laws and

regulations.

7.4 Provision of IT Governance

Company shall define and periodically review IT Organizational structures, processes and IT

personnel’s roles and responsibilities to ensure that enterprise IT investments are aligned

and delivered in accordance with enterprise strategies and objectives.

8 Responsibilities of IT Users

Following shall be responsibilities of IT users for better up keeping, protection and high

availability of their system/data.

Security and Password Policy

a. Users will have valid, authorized accounts and will only use the computing resources for

which they are specifically authorized.

b. Shall not permit other individuals’ access to their accounts or other user accounts.

c. Shall not share their passwords with anyone (not even administrators); shall change their

passwords frequently and/or if there is an indication of a compromise and will be

responsible to maintain the confidentiality of passwords.



Version 1.0.0 Date: 15.09.2018 of 37 .

d. Shall not write down the password and store in the work place.

e. Shall protect the personal computers and terminals with adequate controls when not in

use and will log off / shut down when leaving the office.

f. Shall log off from the terminals after the completion of a session.

g. Active sessions shall be secured by an appropriate locking mechanism, such as locking

the workstation, password protected screen saver, etc.

h. Shall follow all antivirus awareness guidance from the IT Department.

i. If users obtain malicious software alerts, they will immediately disconnect from all

networks and cease further use of the affected computer, and call the IT Help Desk for

technical assistance and will make no attempt to eradicate the virus.

j. Individuals in the possession of portable computers, laptop, mobile phones and other

transportable computer or storage media containing non-public information will not leave

the equipment unattended at any time unless the information has been properly

safeguarded. Such individuals take full responsibility for the equipment and the data it

retains.

E-mail Usages Policy

k. E-mail users will be personally responsible for taking all reasonable steps to prevent

unauthorized use of their e-mail facility and will be held accountable for all the activities

performed using their mailboxes.

l. Users will not employ any electronic mail addresses other than official BCPL electronic

mail addresses for all company business matters.

m. Users will be prohibited from the following:

Blanket forwarding of unofficial e-mail messages to any address.

Originating or distributing chain letters by e-mail and any offensive, junk, or unsolicited e-

mail received from any other user or external network.

Sending, storing, and distributing or subscribing to any illegal, defamatory, obscene,

pornographic, offensive, damaging messages, or which may be considered by others to cause

distress, sexual, racial or other harassment and/ or discrimination.



Version 1.0.0 Date: 15.09.2018 of 37 .

Automatic forwarding of e-mails from external addresses to company’s e-mail system to

protect from threats, such as, mail bombs, Trojan horse, virus attacks etc; and users will

treat unsolicited e-mails with caution and shall not open / respond to such mails.

Internet Usages Policy

n. BCPL Users must be aware that access to the Internet will be logged and monitored. The

management retains the right to inspect any and all World Wide Web site visits,

newsgroup, email messages and files stored on or transmitted over its network assets

(including but not limited to, local storage media, memory, and mail files) for the purpose

of investigating suspected violations of its business policies or non-compliance with local

regulations.

o. Employees shall not use the company provided internet facilities to

Upload, publish or share any confidential materials in any form owned by BCPL.

Publish or share any copyrighted software or materials owned by third parties unless

permitted by the third party.

Download illegal copies of music, films, games or the software by any means.

Perform any task which may involve breach of copyright law.

View or distribute any inappropriate contents.

p. Employees shall not upload, publish or share company data/matters through online media

in any form.

q. Employees shall refrain from spreading un-authentic or false information / rumours

pertaining to company matters on all types of social media.

Software Licences Policy

r. Unlicensed and unauthorized software from any third party shall not be accepted for

installation and use at BCPL.

Others

s. Shall not be permitted to establish independent external network connections unless the

same has been expressly authorized by the IT Department.

t. Employees will keep information assets like printouts of project deliverables, notepads

containing sensitive data etc. in a secured place when not in use, especially after working

hours.



Version 1.0.0 Date: 15.09.2018 of 37 .

u. Shall not use BCPL information systems to engage in hacking activities that include, but

are not limited to, gaining unauthorized access to any other information systems

damaging, altering, or disrupting the operations of any other information systems and

capturing or otherwise obtaining passwords, encryption keys, or any other access control

mechanism that could permit unauthorized access.

v. To ensure enabling of Auto-protect option of anti-virus.

w. Not to shift the PC/Peripherals allotted to him/her from the installed location to any other

location without the knowledge of IT department.

x. To register support call at the help desk wherever the same is available

9 Competent Authority to approve for requirements not covered in IT policy

COO shall be the Competent Authority to approve for any IT requirements arises that is not

covered in this IT policy.

10 Review of BCPL IT Policy

The IT policy shall be reviewed in every two years.



Version 1.0.0 Date: 15.09.2018 of 37 .

11 Annexure

11.1 ANNEXURE 1 (IT SERVICES)

HOD (IT)

Maintenance

Support & Video

Conferencing

Backup

Activities, DR

Site Operations

& IT

Infrastructure

SAP

Enhancements /

Software

Development /

Information

Services

Email/ Internet/ IT

Support for

Lepetkata, and site

offices

Datacenter

Services at

Lepetkata &

Noida

New Initiatives &

Procurement

Services



Version 1.0.0 Date: 15.09.2018 of 37 .

11.2 ANNEXURE 2 (PC TRANSFER POLICY)

a) After publication of transfer list, concerned IT personnel of respective sites shall communicate to

IT-Lepetkata the detail of PC installed with transferred employees from his location. Accordingly,

the concerned IT officer at Lepetkata shall prepare various lists like (i) One-to-one interchange of PC

between employees of same location (No shifting), (ii) One-to-one interchange of PCs between two

locations (No shifting), (iii) No interchange possible (PC shifting required). The consolidated list shall

be approved by the head of IT. After this, the site IT in-charge shall coordinate the PC shifting based

on these lists only.

b) In case of PC shifting, the concerned user shall hand-over the PC to IT site in-charge who in turn

in coordination with HR department shall make all necessary arrangements for shifting of PCs. The

formalities with regard to shifting of PCs etc. shall be completed following the C&P procedure for

material transfer including the transit insurance.

c) After receiving PC at the transferred location, the concerned user shall inform to concerned IT

department for inspection of the IT assets. After inspection, IT department shall inform concerned

C&P department for updating asset register in SAP.

d) The PCs (which are not to be shifted) shall be handed over to IT department by the concerned

transferred employees. Scanners and Printers may be shifted after the approval of the concerned

Officer-In-Charge/ Head of Department

e) Employees transferred to JVs or on deputation to other organizations can shift his/her

Notebook/PC and UPS (If required) with the approval of HOD IT.

11.3 ANNEXURE 3 (MAJOR LOCATIONS)

Location Type Areas

Main Plant Office Lepetkata, Dibrugarh, Assam

Data Centre Lepetkata, Noida

Branch Offices Duliajan, Lakwa, Guwahati, Noida

Plant Locations Lepetkata, Lakwa, Duliajan



Version 1.0.0 Date: 15.09.2018 of 37 .

11.4 ANNEXURE 4

Discipline to be observed by BCPL E-mail users

On one occasion, an e-mail user may send e-mail to a maximum of 25 addressees. However, this will not

apply to the users who are specifically authorized to send e-mail to a large population in terms of the

scope detailed below. Authorized users shall be required to create separate e-mail IDs in the name of their

present position in BCPL / Department / Work Group for sending various official messages to a large

population in coordination with the IT department.

SN

From

Nature of

Message

To

All E-mail

users

Dedicated E-

Mail ID of

Work Group /

Department

OR Dealing Official

Standard

Mailing

Groups##

I individual

E-mail User

(Other than

the Dealing

Official)

a Any E-mail

User(by name)

Any

Message*

No Yes No Yes

b

Any E-mail

User(by name)

Official

Reports /

information

/ Proposals

No Yes No No

c MD/MD Cell

COO/ COO

Cell/Directors/

Director Cell

Any Message Yes Yes Yes Yes

d Head of

Departments

Official

Message**

Yes Yes Yes Yes

e Head of

Departments at

Work Centers

Official

Message**

Yes

(of the

work

Centre

only)

Yes No Yes

f Heads of the

work centres

Official

Message**

Yes

(of the

work

Centre

only)

Yes No Yes

g Heads of the

work centres

Official

Message**

No Yes No Yes

h Control Rooms** Official

Message**

Yes Yes Yes Yes

i Doctors/

Security**

Official

Message**

Yes Yes Yes Yes



Version 1.0.0 Date: 15.09.2018 of 37 .

j IT System

Administrators

Official

Message**

Yes Yes Yes Yes

k E-mail IDs in the

name of

Department/

Work Group

Official

Message**

Yes Yes Yes Yes

l E-mail IDs in

the name of

Department/

Work Group at

Work Centre/

Office

Official

Message**

Yes

(of the

work

centre

only)

Yes Yes Yes

m E-mail ID

in the name of

the Work

Centre/ Office

e.g.

BCPL Duliajan

etc.

Official

Message**

Yes

(of the

work

centre

only)

Yes Yes Yes

*: Personal messages be avoided.

**: in areas pertaining to their field of activity. #: For example - Control Room, Technical Cell etc. ##: Like SMs, CMs, DGMs etc.

information technology (it) policy

Documents