Government OF Telangana: Information Technology, Electronics & Communications (Infra) Department
Government OF Telangana: Information Technology, Electronics & Communications (Infra) Department
Government OF Telangana: Information Technology, Electronics & Communications (Infra) Department
ABSTRACT
ORDER:
1. Introduction
1.2 This policy of Government of Telangana lays down the guidelines with
respect to use of e-mail services. GoTS email policy has been
prepared complying with the Government of India (GoI) email policy
vide 1st read above, as per clause 2.2 of the GoI policy, notified in
Gazette of India, Extraordinary No. 44, dated 18.02.2015.
[2]
1.3 The Implementing Agency (IA) for the GoTS e-mail service
shall be National Informatics Centre (NIC), under the Department
of Electronics and Information Technology (DeitY), Ministry of
Communications and Information Technology, GoI.
2. Scope
2.2 This policy is applicable to all the employees of GoTS and employees
of those State Government Bodies that use the e-mail services of
GoTS and also those State Government Bodies that choose to adopt
this policy in future. The directives contained in this policy must be
followed by all of them with no exceptions.
2.3 E-mail can be used as part of the electronic file processing in GoTS.
3. Objective
3.1 The objective of this policy is to ensure secure access and usage of
GoTS e-mail services by its users. Users have the responsibility to use
this resource in an efficient, effective, lawful, and ethical manner. Use
of the GoTS e-mail service amounts to the user's agreement to be
governed by this policy.
3.2 All services under e-mail are offered free of cost to all officials under
Departments / Offices / Statutory Bodies / Autonomous bodies / all
public representatives / nominated positions (henceforth referred to
[3]
as “Organizations ” in the policy) of GoTS.
3.3 Any other policies, guidelines or instructions on e-mail previously
issued shall be superseded by this policy.
The following roles are required in each organization using the GoTS e-mail
service. The official identified for the task shall be responsible for the
management of the entire user base configured under that respective
domain.
a. Competent Authority[4] as identified by each organization
b. Designated nodal officer[5] as identified by each organization
c. Implementing Agency (IA), i.e. National Informatics Center.
5.1 Security
5.1.1 Considering the security concerns with regard to a sensitive
deployment like e-mail, apart from the service provided by the IA,
there would not be any other e-mail service under GoTS.
5.1.2 All organizations shall initiate the process of migrating their e-mail
services to the centralized deployment of the IA, in case they are
running their independent e-mail setup. For this purpose, the IA
shall prepare and communicate a calendar to all Organizations.
5.1.3 For the purpose of continuity, the e-mail address of the
organization migrating their service to the IA deployment shall be
retained as part of the migration process. Wherever it is
technically feasible, data migration shall also be done from the e-
mail service of the organization to the e-Mail service provided by
the IA.
5.1.4 From the perspective of security, the following shall be adhered to
by all users of GoTS e-mail service:
a) There are certain security related risks inherent in e-mail
communications which necessitate the adoption of requisite
precautionary measures. Use of Digital Signature Certificate
[6]
(DSC) and encryption shall , therefore, be mandatory for
sending e-mails deemed as classified and sensitive, in
accordance with the “TS Information Security Policy and
Guidelines” to be notified by the GoTS.
b) It is strongly recommended that GoTS officials on tour abroad
should only use static IP addresses/Virtual Private Networks
(VPN)[7]/One Time Password (OTP)[8] for accessing GoTS e-
mail services. This is imperative in view of the security
concerns that exist in other countries. OTP shall be delivered
using easy to access channels like SMS.
c) Updation of current mobile numbers under the personal profile
of users is mandatory for security reasons. The number would
be used only for alerts and information regarding security to
be sent by the IA. Updation of personal e-mail id (preferably
from a service provider within India), in addition to the mobile
number, shall also be mandatory in order to reach the user
through an alternate means for sending alerts.
d) Users shall not download e-mails from their official e-mail
account, configured on the GoTS mail server, by configuring
[9]
POP or IMAP[10] on any other e-mail service provider. This
implies that users should not provide their GoTS e-mail
account details (id and password) to their accounts on private
e-mail service providers.
e) Any e-mail addressed to a user, whose account has been
deactivated /deleted, shall not be redirected to another e-mail
address. Such e-mails may contain contents that belong to the
government and hence no e-mails shall be redirected.
f) Users must ensure that their access devices
(desktop/laptop/handheld, etc) have the latest operating
system, anti-virus and application patches.
g) In case a compromise of an e-mail id is detected by the IA, an
SMS alert shall be sent to the user on the registered mobile
number. In case an “attempt” to compromise the password of
an account is detected, an e-mail alert shall be sent. Both the
e-mail and the SMS shall contain details of the action to be
taken by the user. In case a user does not take the required
action even after five such alerts (indicating a compromise),
the IA reserves the right to reset the password of that
particular e-mail id under intimation to the nodal officer of that
respective organization. In case of a situation when a
compromise of a user id impacts the e-mail service or data
security, the IA shall reset the password of that user id. This
action shall be taken on an immediate basis, and the
information shall be provided to the user and nodal officer
subsequently (over phone/SMS). SMS shall be one of the
prime channels to contact a user; hence all users should
ensure that their mobile numbers are updated.
h) Forwarding of e-mail from the e-mail id provided by GoI to the
government official’s personal id outside the GoI e-mail
service is not allowed due to security reasons. Official e-mail id
provided by the IA can be used to communicate with any other
user, whether private or public. However, the user must
exercise due discretion on the contents that are being sent as
part of the e-mail.
i) Auto-save of password in the government e-mail service shall
not be permitted due to security reasons.
7. Responsibilities of Users
Material accessible through the IA’s e-mail service and resources may be
subject to protection under privacy, publicity, or other personal rights and
intellectual property rights, including but not limited to, copyrights and
laws protecting patents, trademarks, trade secrets or other proprietary
information. Users shall not use the government service and resources in
any manner that would infringe, dilute, misappropriate, or otherwise
violate any such rights.
12. Enforcement
13. Deactivation
JAYESH RANJAN
SECRETARY TO GOVERNMENT
To,
All the Departments of Secretariat
All the Districts Collectors & Magistrates, TS
All the HoDs
The SIO, National Informatics Centre, T.S. Unit
Copy to:
The Chief Minister’s Office/ CPRO to CM
The OSD to Hon’ble Minister for Information Technology, Telangana State
The PS to PFS, Telangana
The PS to OSD to Hon’ble CM, Telangana
The PS to Chief Secretary to Government of Telangana
The PS to Advisor, ITE&C, Telangana
The PA to Secretary to Government, ITE&C Department
//FORWARDED BY ORDER//
SECTION OFFICER
GLOSSARY
S.No TERM DEFINITION
2 Implementing NIC
Agency (IA)
5 Nodal Officer Officer responsible for all matters relating to this policy who
will coordinate on behalf of the organization
Secretary to Government