Rajs Than

Download as pdf or txt
Download as pdf or txt
You are on page 1of 38

Rajasthan

E-Governance
IT & ITeS
Policy 2015
Government of Rajasthan
Department of Information Technology &
Communication

Rajasthan E-Governance
IT & ITeS Policy 2015

October, 2015
INDEX
Definitions 05
1. Stratum of Digital Rajasthan 11
1.1. Preamble 11
1.2. Rajasthan e-Governance & IT Mandate 12
2. e-Governance for All 15
2.1. Service Delivery – e-Governance and m-Governance 15
2.2. Office Automation 16
2.3. IT Infrastructure 17
3. Bridging Human Capital Divide 19
3.1. Capacity and Skill Building 19
4. Inclusive Industry Promotion 21
4.1. IT/ITeS Industry Development 21
4.2. General Incentives 29
5. Green IT 30
5.1. Condemnation and Disposal of IT Equipment 30
5.2. List of ICT Equipment 38
6. Digitally Secure Rajasthan 42
6.1. Information Security Policy 42
6.2. Asset Management 46
6.3. Data and Information Security 47
6.4. Physical & Environmental Security 50
6.5. Communication & Operations Management 53
6.6. Access Control 59
6.7. Information Security Incident Management 62
6.8. Compliance 64
6.9. Internet Security 66
6.10. E-mail-Security 68
7. Rajasthan e-Governance Architecture 72
Definitions

Definitions
1. “IT Sector” means manufacturing of hardware and software for Information
Technology other than ESDM, and shall include development of IT software, IT
services, IT enabled services, IT infrastructure, IT training institutions and robotics
centre.
2. “IT Industries” include IT hardware & software industries. IT software industries include
IT software, IT services, IT enabled services, IT infrastructure and IT training
institutions. The “IT Industry” shall cover development, production and services related
to IT products. Here IT includes IT & Telecommunications.
a. “IT Software” is defined as any representation of instructions, data, sound or
image, including source code and object code recorded in a machine readable
form, and capable of being manipulated for providing interconnectivity to a user,
by means of an automatic data processing machine falling under heading “IT
Products”, but does not include “non-IT products”.
b. “IT Products” are defined as computer, digital-data communication and digital-
data broadcasting products as notified by the Ministry of Finance, Government of
India or Central Board of Excise & Customs.
c. “IT Service” is defined as any IT-based service which results from the use of any IT
system for realizing value addition.
d. “IT Enabled Service” is defined as any product or service that is provided or
delivered using the resources of Information and Communication Technology.
e. “IT Training Institution” means an institution imparting training in the field of IT, IT
Enabled Service and IT Services and having an accreditation / affiliation from
NIELIT (GOI) or any University established by Law in India or any Institution which
has a Deemed University status as per the UGC Act.
f. “IT Infrastructure” means the physical infrastructure built by a firm or a builder
and sold / leased or transferred on lease-cum-sale to an IT industry for its use or
the infrastructure built by an IT industry for its own use.
g. “Telecommunications” means telecommunications companies including Basic
Telecom Service Providers, VSAT, Cellular (Mobile) companies, Telecom

05
Rajasthan E-Governance IT & ITeS Policy 2015 Definitions

Infrastructure Companies, LAN, ISPs and any other value added services licensed the date of handing over of possession to the first unit in the park.
by Ministry of Communications & IT, Government of India. c. For revival of sick industrial enterprise, the date on which the enterprise issues the
3. “Electronic System Design Manufacturing (ESDM)” means electronic hardware design first sale bill of the goods manufactured after its revival;
and manufacturing (which shall include embedded software) for information 7. “Conversion Charges” means the conversion charges payable to Government for
technology, telecommunications, defense, medical, industrial automotive, robotics, change in land use and shall include any part of such charges payable to local bodies;
consumer product, applications and components, part and accessories required for the 8. “Electricity Duty” means the duty payable under the Rajasthan Electricity (Duty) Act,
aforesaid product and applications; 1962;
a. “Robotics Enterprise” means an industrial undertaking or a business concern or 9. “Eligible Units”: New units will be eligible for availing of incentives under this Policy.
any other establishment, by whatever name called, engaged in manufacturing, in Existing units carrying out expansion/ diversification during the operative period of this
any manner, or engaged in providing or rendering of service or services pertaining Policy will be eligible for one-time incentives.
to robots, i.e. an automatically controlled, reprogrammable, multipurpose 10. “Employment by an enterprise” means to employ any person, other than the directors,
manipulator programmable in three or more axes; promoters, owners and partners, for wages or salary to do any manual, unskilled,
4. “Backward Area” means an area as the Government may so notify by an order; skilled, technical or operational work, in or in connection with the work of an enterprise
5. “CST” means tax payable under the Central Sales Tax Act, 1956 to the Government of and who works either in the premises of the enterprise or engaged in Rajasthan outside
Rajasthan; the premises of enterprise and gets his/her wages or salary either directly from the
6. “Commencement of Commercial Production/Operation” means: enterprise or whose wages or salary is reimbursed by the enterprise;
a. For a new enterprise, the date on which the enterprise issues: 11. “Enterprise” means an industrial undertaking or a business concern or any other
• the first sale bill of the goods manufactured related to the investment made establishment, by whatever name called, engaged in manufacture of goods, in any
under this Policy; or manner, or engaged in providing or rendering of service or services, as may be
• the first bill of commercial transaction related to the investment made under specified by an order by the State Government;
this Policy; or 12. “Existing Enterprise” means a manufacturing or service enterprise that is engaged in
• the first receipt of deposit of fee/charges etc. for providing any service with commercial production or operation during the operative period of the Scheme;
respect to facilities set up related to investment under this Policy; or 13. “Existing Unit” means a manufacturing/service unit which is active with minimum 20
Provided that investment made in development of an industrial park, it shall mean direct employees at the time of implementing expansion.
the date of handing over of possession to the first unit in the park. 14. “Expansion” means creation of additional capacity for production of goods or
b. For an existing enterprise making investment for expansion, the date on which the operational capacity for service in same line of production/operation or through a new
enterprise issues: product line or new line of services by an existing enterprise provided that in case of
• the first sale bill of the goods manufactured after completion of expansion; or expansion at existing site, additional investment is more than 25% of its existing
• the first bill of commercial transaction after completion of expansion; or investment on the date of initiating expansion at that site;
• the first receipt of deposit of fee/charges etc. for providing any service with 15. “Investment” or “Eligible Fixed Capital Investment (EFCI)” means investment made by
respect to facilities set up after completion of expansion: an enterprise in fixed assets, in the following, up to the date of commencement of
Provided that investment made in development of an industrial park, it shall mean commercial production:

06 07
Rajasthan E-Governance IT & ITeS Policy 2015 Definitions

a. price paid for the land; under any State Act including Provident Fund separately;
b. cost of new factory sheds and other new industrial buildings; 22. “Person with disability (PwD)” means a person suffering from not less than forty per
c. price paid for new plant and machinery or equipment; cent of any of the following disabilities:
d. other investment made in new fixed assets essential for production of the unit as a. blindness;
approved by the Screening Committee; and b. low vision;
e. technical know-how fees or drawing fee paid in lump-sum to foreign collaborators c. leprosy-cured;
or foreign suppliers or paid to laboratories recognized by the State Government or d. hearing impairment;
the Government of India; e. locomotor disability;
f. However investment made in land in excess of 30% of the total investment/EFCI f. mental retardation;
made and expenditure in purchase of existing factory sheds, industrial buildings g. mental illness
and old plant and machinery by the Enterprise shall not be included in as certified by a Medical Authority i.e. any hospital or institution specified for this
investment/EFCI; purpose by the Government of Rajasthan under the Persons with Disabilities (Equal
16. “Land Tax” means the tax payable under chapter VII of the Rajasthan Finance Act, Opportunities, Protection of Rights and Full Participation) Act, 1995;
2006; 23. “Revival of a Sick Industrial Enterprise” means, in case the sick industrial enterprise was
17. “Large Enterprise” means a manufacturing enterprise other than Micro, Small and lying closed due to sickness, re-commencement of commercial production, and in case
Medium Enterprises; of a running sick industrial enterprise, enhancement of production level due to infusion
18. “Manufacturing Enterprise” means an enterprise employing plant and machinery in of fresh funds for change in production process/technology/product line, subject to
processing of goods which brings into existence a commercially different and distinct condition that the enterprise provides employment to the extent of 50% in the first two
commodity and shall include an enterprise in the production of Commercial off-the- years and 100% within five years from the date of commencement of commercial
shelf software, but shall not include such processing as may be specified by the State production of the maximum employment attained in any month of the 3 preceding
Government by an order; years from the date of its declaration as a sick industrial enterprise;
19. “Micro, Small or Medium Enterprise (MSME)” means a manufacturing enterprise 24. “Service Enterprise” means an enterprise engaged in providing or rendering of services
notified as such under the Micro, Small and Medium Enterprises Development Act, including custom made software development and related services, as the Government
2006; in the Finance Department may notify by an order;
20. “Most Backward Area” means a block, which is more backward than backward area 25. “Sick Industrial Enterprise”means:
and is notified as such by the Government in the Finance Department, by an order; a. A manufacturing enterprise which has been declared sick before the
21. “New Unit” means a new manufacturing or service enterprise set up by making commencement or during the operative period of this Policy by the competent
investment within the meaning of clause 14 and includes a new unit set up by an authority under the provisions the Sick Industrial Companies (Special Provision)
existing enterprise at a site other than the existing site for manufacturing products or Act, 1985; or
providing services which are different from those being manufactured or provided by it b. A manufacturing enterprise, which has been taken over before the
in the State, by making investment within the meaning of clause 14 and having commencement or during the operative period of this Policy and sold during the
separately identifiable books of accounts and depositing the taxes and duties leviable operative period of the Scheme to a new management by RIICO/RFC/Central

08 09
Rajasthan E-Governance IT & ITeS Policy 2015 Stratum of Digital Rajasthan

Financial Institutions/Banks;
26. “Sick Industrial Enterprise” means:
SECTION 1
a. A manufacturing enterprise which has been declared sick before the Stratum of Digital Rajasthan
commencement or during the operative period of this Policy by the competent
authority under the provisions the Sick Industrial Companies (Special Provision)
Act, 1985; or 1.1 Preamble
b. A manufacturing enterprise, which has been taken over before the e-Governance in Rajasthan has steadily evolved from computerization of Government
commencement or during the operative period of this Policy and sold during the departments to fragmented initiatives aimed at speeding up e-Governance implementation
operative period of the Policy to a new management by RIICO/RFC/Central across the various arms of the Government at the State and local levels. These fragmented
Financial Institutions/Banks; initiatives are being unified into a common vision and strategy under the Rajasthan
27. “Stamp Duty” means the duty defined as stamp duty payable under the Rajasthan e-Governance Framework leveraging the Rajasthan e-Governance Architecture.
Stamp Act, 1998; Rajasthan takes a holistic view of e-Governance initiatives across the State and
28. “State Empowered Committee (SEC)” means the State Empowered Committee departments, integrating them into a collective vision and a shared cause. Around this idea,
constituted under Section 3 of the Rajasthan Enterprises Single Window Enabling and a magnanimous State-wide infrastructure reaching down to the remotest of villages is
Clearance Act, 2011; evolving, and large-scale e-Governance initiatives are taking place to enable easy, reliable
29. “Women/Schedule Caste (SC)/Schedule Tribe (ST)/Person with disability (PwD) access of people to the Government the e-Way.
enterprise” means an enterprise other than a Company constituted under the Over the last few decades, evolutions in the Information Technology & Electronics (ITE)
Companies Act, 1956 and other association of persons by whatsoever name it may be arena have emerged as the most significant enablers for improving efficiency &
called, having: effectiveness of the Government & non-government organisations. Rajasthan recognizes
a. Women/Schedule Caste (SC)/Schedule Tribe (ST)/Person with disability (PwD) as the enormous potential of Electronics and Information technology and has made significant
proprietor, in case of proprietorship enterprise; or efforts to ensure that the benefits of these sectors percolate to its citizens.
b. majority of partners who are Women/Schedule Caste (SC)/Schedule Tribe Rajasthan’s multicultural population of 6.86 crore lives and works on a land area of
(ST)/Person with disability (PwD) and such partners are working partner(s) having 342239 square kilometres, and has learned to combine skills and diligence with education
more than 50% investment in the capital of the enterprise, in case of partnership and technology to sustain the momentum of economic growth. There is a recognition that
including limited liability partnerships; information technology is needed to leverage Rajasthan’s intellectual capital for the State to
30. “VAT” means the tax payable under the Rajasthan Value Added Tax Act, 2003; be the leader and benchmark for e-Governance. A concerted effort to harness computer
31. “Year” means financial year (From 1st April to 31st March) and quarter means the power began in the early 1980s, and in a manner that has become a state formula, the
period of three months ending on 30th June, 30th September, 31st December and Government has taken the leadership reins of the race.
31st March; e-Governance is seen as a key element of the Rajasthan’s governance and administrative
reform agenda. The Rajasthan e-Governance Framework and Architecture has the
potential to enable huge savings in costs through the sharing of core and support

10 11
Rajasthan E-Governance IT & ITeS Policy 2015 Stratum of Digital Rajasthan

infrastructure, enabling interoperability through standards, and of presenting a seamless Centric IT and e-Governance for the residents of Rajasthan
view of Government to citizens. The ultimate objective is to bring public services closer to b) Branding Rajasthan on the IT Landscape
citizens. i. Establishing 7 Smart Cities in Rajasthan by 2020
Rajasthan emphasises that creating digital opportunities in the 21st century is not ii. Positioning Rajasthan as Best IT Investment Destination
something that happens after addressing “core” development challenges, but it is rather a iii. Positioning and Branding Jaipur as IT, ITeS and R&D Hub in North and West
key component of addressing those challenges. There are three key challenges in stepping India
up e-Governance: investments in and access to ICTs, capacity building to utilize c) Improvement in the environment for IT Industry in Rajasthan.
e-Governance services, and promoting people’s participation in e-democracy. It is hoped
that improved access to information and services will provide economic and social C. Objectives
development opportunities, facilitate participation and communication in policy and a) Till 2025:
decision-making processes, and promote the empowerment of the marginalised groups. i. Achievement of up to 500,000 direct employable professionals in the ICT
In its continuing endeavour of development, the Rajasthan e-Governance, IT & ITES Policy sector vide implementation of ICT/ESDM initiatives in Rajasthan with
2015 envisages promoting citizen access to ICTs for encouraging their participation in establishment of Rajasthan Skills Registry.
e-Governance. The Policy is for the people, by the people. Though the 33 districts of ii. Development of at least 2,000 technology startups in the State and
Rajasthan are at various stages of development, the Policy attempts to highlight the prioritization of IT/ITeS/ESDM sector under Rajasthan Venture Capital Fund
possibilities for other districts that are similar to capital in levels of development. To promote with specific capital for development of IT/ITeS/ESDM startups in Rajasthan.
the IT / ITES Industry in the city, this Policy attempts to develop a more modern and vibrant iii. Increase in the current investment in
ecosystem for Electronics and IT industry to support electronic governance initiatives of the IT/ITeS sector by 10 times. Objectives
Government of India and attract investment and talent to such industries in Rajasthan. Key iv. Increase in the IT turnover to INR Till 2025:
focus areas of the policy include pioneering e-Governance initiatives, research & 50,000 crore. Ÿ Make two individuals (at least
development in Electronic System Design and manufacturing, support of the Micro Small & v. Increase in IT exports from the State one female) in every household
Medium Enterprises and promotion of entrepreneurship that harnesses the huge talent pool e-literate
to INR 5000 crore.
Ÿ Achieve up to 5,00,000 direct
of the people of Rajasthan, and ensuring inclusive growth – for one and for all. vi. Making two individuals (at least one employable professionals in the
female) in every household e-literate ICT sector
1.2 Rajasthan e-Governance & IT Mandate so as to bridge the digital divide. Ÿ Develop at least 2,000
technology startups
A. Vision b) Improvement in delivery of public services
Ÿ Prioritize IT/ITeS/ESDM sector
To achieve good governance and facilitate inclusive growth, harnessing ICT and by leveraging e-Governance and Ÿ Increase in the current
evolving e-Governance with improvement in delivery of services, bridging the digital m-Governance to achieve Efficiency, investment in IT/ITeS sector,
Effectiveness, Economy, Transparency, Increase IT turnover to INR
divide and evolving Digital Rajasthan.
50,000 crore. and Increase in IT
Accountability and Reliability in service
exports from the State to INR
delivery across all departments and 5000 crore.
B. Mission
functions and Re-engineer the
a) Establishing complete participatory & transparent open Governance and Citizen
12 13
Rajasthan E-Governance IT & ITeS Policy 2015 e-Governance for All

Government business practices and rules


to ensure hassle-free service delivery. Objectives SECTION 2
c) Ensuring requisite connectivity to all Ÿ Establishing Smart Cities
Ÿ Automated Service Delivery
e-Governance for All
Government offices up to Panchayat level
with automated one-time
by 2016. verification of Government
d) Creating centralized, integrated and documents 2.1 Service Delivery – e-Governance and m-Governance
unified state datasets to ensure uniformity, Ÿ Connectivity up to Panchayat
A. Enabling actions shall be taken for implementation of existing and future
de-duplication and updating. level by 2016
Ÿ Centralized, integrated and e-Governance and m-Governance projects in the State with emphasis on Service
e) Providing secure e-Space for unified State Datasets Delivery, Right to Information and Grievance Redressal.
personal/official storage with facility for Ÿ Promotion of Robotics B. e-Enablement of all public services shall be carried out, which would include
authentication and workflow to residents Ÿ Promotion of Open Source
e-Submission of forms, electronic workflows, e-Payments, Use of DSC, online/SMS-
and organizations, private or public, in Technology
based status tracking and final delivery of services through e-means. It would also
Rajasthan. include (wherever required) cross-sharing of data amongst various departments/Govt.
f) Rise in awareness among the school and college children and society as a whole agencies, and e-Authentication.
regarding environmentally sound e-Waste management and take steps for its C. Uniform and Unified Datasets, collated centrally as a Hub shall be developed to take
proper disposal. care of issues like duplication, isolation and
g) Implementation of a uniform website policy for Rajasthan Government with obsolescence. In complete adherence to the Ÿ Easy access and delivery of all
emphasis on user-friendliness of the interface for all inclusive percolation of the Government services:
State e-Governance Framework, such Ÿ Automated Unified Service
benefits of IT. Datasets shall follow a common structure, Delivery and benefits
h) Promotion of Robotics and Open Source Technology for IT initiatives in Rajasthan. shall be centrally located, controlled and transfer using e-Mitra and
managed, and shall provide complete Bhamashah
Ÿ Unrestricted and seamless
flexibility of expansion and integration using means of service delivery –
state-of-the-art technologies. Web Portals, Mobile, e-Mitra
D. Affidavits and Notary Attestation shall be Kiosks
Ÿ Automated electronic
completely removed and Datasets shall be
verifications and secure
used instead of documents for service storage – Raj eVault
delivery. Ÿ Next Generation IT
E. Individual, Family, Governmental and Infrastructure:
Ÿ Connectivity till village level
Organisational secure e-Space shall be
(RajNET)
provided to residents and organisationsto Ÿ Complete readiness for
enable them to secure their digital dialog and mobile governance

14 15
Rajasthan E-Governance IT & ITeS Policy 2015 e-Governance for All

to allow safe document storage, sharing, e-Sign and approval protocol to avoid C. Common Gateway for all citizen services
providing attestation of duplicate documents, enabling service delivery through all with corresponding required information Ÿ Automation of all Government
offices
Government departments centrally in a paperless fashion. available to public leveraging eMitra Ÿ GIS-based Decision Support
F. One Person One e-Identity shall be achieved with unique online profile for each citizen Integrated Service Delivery Platform and System with GIS Mapping
under a common framework. Bhamashah. (Rajdharaa)
G. For delivering e-Services to citizens, Government will promote the use of upcoming D. Integrated GIS-based Decision Support Ÿ Centralized Grievance
Redressal (Rajasthan
technologies like NFC, cloud computing and social media. Further, multiple channels System shall be implemented and Sampark)
like mobile phones, tablets, call centres, TV, etc. will be used for such delivery. commissioned with GIS Mapping and Ÿ Centralized Monitoring and
H. Efforts would be undertaken to provide all government services through mobile devices Layers for all respective departments, and Accountability System (RAAS
for ‘on-the-move’ service delivery. Endeavour will be to provide services ‘Anywhere, Government shall mandate the use of & iFacts)
Ÿ Unification of Government
Anytime, Any network, Any device’. only this GIS-based decision making information — creation of
I. Self-service kiosks shall be installed across the State. system by all departments. Centralized Data Repository
J. An integrated platform for reality check leveraging iFacts shall be used by the Ÿ ‘Anywhere, Anytime, Any
government to ensure end-to-end grievance redressal. network, Any device’ service
2.3 IT Infrastructure delivery through mobile phones,
K. An endeavour would be made to analyse the behaviour of the citizens in usage of A. Creation of next generation IT tablets, call centres, TV, etc.
Government portals so as to constantly improve these portals and make them more Infrastructure and up-gradation of Ÿ One Person One e-Identity with
user friendly. existing IT infrastructure shall be unique online profile for each
resident
L. Knowledge resources / Digital Library will be set-up that will maintain a repository of undertaken to bring it at par with the Ÿ Creation of next generation IT
documents for use by general public and Govt. authorities. This would include official world class state-of-the-art infrastructure. Infrastructure
gazette notifications, acts, rules, regulations, circulars, policies and scheme documents B. Further, development of IT infrastructure
for electronic access in a time-bound manner. shall be undertaken to support the
increasing requirements of Rajasthan including the rural areas to ensure that high
2.2 Office Automation speed internet connectivity reaches every citizen.
A. Government shall notify the acceptance of correspondence through emails C. Extended State Data Centre to provide ‘on-the-go’ services through an integrated
received from the public. Further, use of official email ID would be mandated by cloud-based mechanism to all the departments to minimize the overheads
Government for all official communications, which, inter alia, includes (i) associated with managing the physical infrastructure and to ensure that all the
responding to such correspondence of citizens, and (ii) for intra- and inter- components of IT infrastructure (Hardware, Software, Network, etc.) would be
departmental communication within Government and communication with Govt. available as simple and configurable services.
of India to make citizen-government interface more efficient and effective. D. Government shall endeavour to provide every state resident with high speed
B. Complete office automation in an integrated fashion shall be carried out, with internet access (wired and wireless) for creation of smart city infrastructure This
end-to-end automated office processes and workflow automation, and shall will be achieved, inter alia, through (i) making 7 Wi Fi cities in Rajasthan (ii)
ensure all government departments integrated on a common platform. creation of fibre-ready urban homes.

16 17
Rajasthan E-Governance IT & ITeS Policy 2015 Bridging Human Capital Divide

E. Government shall encourage Green IT initiatives. Departments shall be disposing


off their unusable, redundant and irreparable IT infrastructure as per the
SECTION 3
guidelines of e-Waste management. For this, guidelines on the obsolescence of IT Bridging Human Capital Divide
hardware will be formulated.
F. Rajasthan Information Security Policy shall promote public trust in Government,
with continual improvements to protect the State from cyber attacks and cyber- 3.1 Capacity and Skill Building
disruptions, thus enhancing preparedness, security and resilience. A. Rajasthan e-Governance Centre of Excellence
Ÿ Making two individuals (at least
with a mandate of IT for Jobs and
one female) in every household
Employability Assurance, Rural ICT workforce e-Literate
development and IT Education Incubation Ÿ Facilitating partnership between
Units shall be established, and shall become educational institutes and
industry
the central authority for Capacity and Skill
Ÿ Utilising Digital India and Digital
Building in IT/ITeS/ESDM/R&D fields in Rajasthan campaign for mass
Rajasthan. This CoE shall be: literacy
a) Strengthening of IT & Personality Ÿ Creating Rajasthan Skills
Repository with Data bank of
Development Program/soft skills
youth who are IT literate
curriculum with significant weightage in
overall performance/grades and
spreading of awareness about job opportunities in IT.
b) Standardized IT/ ITeS/ BPO/ KPO/ ESDM/ ITES-BPO certification for job aspirants
for the industry. The certification shall be granted by relevant authorities in
Government in association with the private sector thus adding credibility to the IT
professional skills, reducing time and cost of hiring for recruiters.
c) Facilitating training and development of IT skills as well as personality
development program for teachers and encouraging them to use IT to enhance
the effectiveness of teaching.
d) Encouraging introduction of IT Clubs for students & faculty.
e) Facilitating partnership between educational institutes and industry to provide
courses/ training on emerging IT technologies.
f) Facilitating setting up of e-Learning centres, in rural/ slum areas for promotion of
IT education along with soft skills development and spreading awareness about
job opportunities in IT.

18 19
Rajasthan E-Governance IT & ITeS Policy 2015 Inclusive Industry Promotion

g) Transforming non-IT human resource to IT specialities taking advantage of Digital


India and Digital Rajasthan campaign.
SECTION 4
h) Strive towards digital economy and knowledge based society drawing upon the Inclusive Industry Promotion
strength of Digital Rajasthan.
B. Possibility of introducing distance learning program/ vocational courses shall be
explored in this respect. This would enable “anytime anywhere” learning. 4.1 IT/ITeS Industry Development
C. Spreading awareness about job opportunities in IT and facilitating short-term job
A. Benefits to Manufacturing Enterprises
oriented certificate courses in various IT skills and Personality Development Program for
a) Investment up to Rs.5 crore
unemployed educated youth shall be done.
i. Investment subsidy of 30% of VAT and CST which have become due and have
D. Rajasthan Skills Repository with Data bank of students who are IT literate and suitable
been deposited by the enterprise for seven years.
for deployment in the IT industry would be established, maintained and shared with
ii. Employment Generation Subsidy up to 20% of VAT and CST which have
the industry. This would enable the industry to have easy access to skilled manpower.
become due and have been deposited by the enterprise, for seven years.
b) Investment more than Rs.5 crore and up to Rs.25 crore
i. Investment subsidy of 60% of VAT and CST which have become due and have
been deposited by the enterprise, for seven years.
ii. Employment Generation Subsidy up to 10% of VAT and CST which have become
due and have been deposited by the
enterprise, for seven years.
c) Investment more than Rs.25 crore Ÿ VAT/CST Incentive – Investment
& Employment Generation
I. Investment subsidy of 70% of VAT
Subsidy
and CST which have become due Ÿ Up to 80% for Manufacturing
and have been deposited by the Ÿ Up to 90% for Women, SC,
enterprise, for seven years. ST, Persons with Disability
Ÿ Up to 100% for Backward
ii. Employment Generation Subsidy up
and Most Backward Areas
to 10% of VAT and CST which have Ÿ Up to 80% of VAT
become due and have been Reimbursement for Services
deposited by the enterprise, for Industry
Ÿ Up to 50% exemption on
seven years.
Land Tax, Electricity Duty,
The total amount of subsidy as Entry Tax
mentioned above shall not exceed Ÿ Up to 100% exemption on
100% of EFCI. Stamp Duty

20 21
Rajasthan E-Governance IT & ITeS Policy 2015 Inclusive Industry Promotion

d) Exemption from payment of 50% of Electricity Duty for seven years. enterprise making an investment in a backward area, such benefits as mentioned
e) Exemption from payment of 50% of Land Tax for seven years. in below mentioned clauses b and c respectively, which are applicable for
investments in most backward areas, with a view to attract investment in the
B. Benefits to Service Enterprises backward area.
a) Reimbursement of 50% of amount of VAT paid on purchase of plant and b) A manufacturing enterprise, making investment in a most backward area shall, in
machinery or equipment for a period up to seven years from date of issuance of addition to benefits under clause a above, get additional investment subsidy of
the entitlement certificate, provided that for enterprises engaged in providing 20% of the VAT and CST which have become due and have been deposited by the
entertainment, the reimbursement shall be restricted to 25% of such amount of enterprise, for a period of seven years.
VAT paid; c) A service enterprise making investment in a backward area shall, in addition to
b) Exemption from payment of 50% of Electricity Duty for seven years benefits mentioned in other clauses of the Scheme, get
c) Exemption from payment of 50% of Land Tax for seven years. additional 10% reimbursement of VAT paid and a service
Special
enterprise making investment in a most backward area
shall, in addition to benefits mentioned in other clauses,
Customized
C. Special Provisions for Women, Scheduled Castes, Scheduled Tribes and
get additional 20% reimbursement of VAT paid on the Packages as per
Persons with Disability Enterprise RIPS 2014 and
plant and machinery or equipment for a period up to
Eligible Women/Schedule Caste (SC)/Schedule Tribe (ST)/Person with disability (PwD)
seven years from the date of issuance of the entitlement subsequent
enterprises shall in addition to the benefits specified in other clauses, be eligible to avail
the following additional benefits:
certificate for this purpose. amendments/
a) A manufacturing enterprise shall get additional Investment Subsidy to the extent of addendums
10% of VAT and CST which have become due and have been deposited by the
E. Power to Grant Customized Package
a) Notwithstanding anything contained in the Scheme, the
enterprise.
State Government, on the recommendation of State Empowered Committee
b) A service enterprise shall get additional 10% reimbursement of VAT paid on the
(SEC), may grant a customized package under section 11 of the Rajasthan
plant and machinery or equipment for a period up to seven years from date of
Enterprises Single Window Enabling and Clearance Act, 2011, to the
issuance of the entitlement certificate for this purpose.
manufacturing enterprises investing more than Rs.200 crore or providing
employment to more than 400 persons.
D. Benefits to Enterprises in Backward and Most Backward Areas
b) Notwithstanding anything contained in the Scheme, the State Government may
a) An eligible enterprise, making investment in a backward area or a most backward
grant a customized package to the service enterprises investing more than Rs.200
area shall be granted the same benefits as would have been applicable if the
crore or providing employment to more than 500 persons.
enterprise was located elsewhere in the State but the period of benefit, except for
interest subsidy, shall be extended to ten years.
Provided that the State Government may, on the recommendation of the State
F. MSME Sector
Manufacturing enterprises in the MSME sector shall, in addition to benefits mentioned
Empowered Committee (SEC), grant to a manufacturing enterprise and a service
above, if applicable, be granted the following benefits:

22 23
Rajasthan E-Governance IT & ITeS Policy 2015 Inclusive Industry Promotion

a) For micro and small enterprises in rural areas, 75% exemption from payment of robotics by casting the vision, and supporting the
electricity duty in place of 50% exemption from payment of electricity duty, as technology of robotics through Robotics enterprise Interest
provided in notification number F.12(99)FD/Tax/07-56 of 15.10.2009, as promotion in Rajasthan. On investments of Rs.50 crore or subvention on
amended from time to time. more for establishment of such centres, Interest Subsidy of investment upto
b) Reduced CST of 1%, against C Form, on sale of goods for a period of ten years, 5% on term loan taken from State Financial Rs.50 crore for
for micro and small enterprises as provided in notification number Institution/Finance Institution/banks recognized by RBI
Robotics
F.12(99)FD/Tax/07-66 of 14.02.2008 as amended from time to time; subject to a maximum of Rs.10 lakh per year for a period
c) 50% exemption from payment of Entry Tax on raw and processing materials and up to 5 years or up to the period of repayment of loan,
packaging materials excluding fuel as provided in notification number whichever is earlier, from the date of commencement of the centre shall be provided.
F.12(99)FD/Tax/07-65 of 14.02.2008 as amended from time to time; and
d) Reduced Stamp Duty of Rs.100 per document in case of loan agreements and I. Benefits for Internet Connectivity
deposit of title deed and lease contract and Rs.500 per document in case of ' Subsidy on Bandwidth for Connectivity (for BPOs/KPOs)
simple mortgage with or without transfer of possession of property executed for 25% subsidy on Bandwidth for connectivity paid to Internet Service Provider (ISP),
taking loan for setting up of micro, small or medium enterprises or enhancing subject to maximum of Rs.5 lakh per annum, shall be available for a period of two
credit facilities or transfer of loan account from one bank to another by MSME as years from the date of starting commercial production/operation. The subsidy
provided in notification number F.2 (97)FD/Tax/2010- 11 of 25.04.2011. amount will be determined on the basic benchmark prices to be declared by
Government separately.
G. ESDM Sector ' Gateway and High Bandwidth Backbone
Enterprises making a minimum investment of Rs.25 lakh rupees in the ESDM sector The State Government shall encourage private sector to become ISPs in the districts
shall, be granted the following benefits: and set up international gateways in the State. The State Government shall
a) Investment Subsidy of 75% for first four years, 60% for next three years and 50% facilitate and promote the establishment of
for the last three years, of VAT and CST which have become due and have been broadband digital network (both wired and
wireless) in the State. Ÿ 25% subsidy on Internet
deposited by the enterprise, for ten years;
Bandwidth
b) Employment Generation Subsidy up to 10% of VAT and CST which have become Ÿ Venture Capital
due and have been deposited by the enterprise, for ten years; and J. Rajasthan Venture Capital Fund/SME Ÿ 25% of Rajasthan Venture
c) 50% exemption from payment of Entry Tax on capital goods, for setting up of Capital Fund en-marked for
Tech Fund RVCF II
plant for new unit or for expansion of existing enterprise or for revival of sick IT/ITeS Sector
25% of Rajasthan Venture Capital Fund shall Ÿ RVCF SME Tech Fund II for
industrial enterprise, brought into the local areas before the date of be en-marked for IT/ITeS Sector. SME Tech IT/ITeS Sector
commencement of commercial production/operation. Fund RVCF II with a committed corpus of over Ÿ Exemption from Zoning
Regulations and Land
Rs.155 crore, raised by RVCF shall support
Conversion to IT Parks/IT
H. Robotics Centre enterprises in the high tech/emerging sectors Campuses, IT Industry
The State shall promote establishment of Robotics Centres acting for the future of that are of value to the Indian Economy,

24 25
Rajasthan E-Governance IT & ITeS Policy 2015 Inclusive Industry Promotion

commercially viable in terms of profitability and exhibit substantial future growth both, in IT/ITeS Sector, shall have an option to opt for:
potential. a. Investment Subsidy and Employment Generation Subsidy, or
IT/ITeS enterprises shall be eligible for support from this fund. b. Interest Subsidy

K. Exemption from Zoning Regulations and Land Conversion N. Patent Filing Costs
IT Parks/IT Campuses notified by the Department of Industries/Department of IT&C The Government of Rajasthan is keen to encourage the filing of patents by companies
and IT industry, i.e., IT/ITES Units/Companies shall be exempted from the Zoning located within the State. The Government will, therefore, reimburse the cost of filing
Regulations and payment of conversion charges, subject to the provisions of State Acts patents to companies having their headquarters in Rajasthan for successfully receiving
and the following: patents. Reimbursement of such cost will be limited to a maximum of Rs.3 lakh per
' a maximum area limit (to be notified separately) patent awarded per year.
' ensuring environmental safeguards

O. Networking and Business Growth Support


L. Stamp Duty and Registration Fee Exemption ' Business Networking
a) Enterprises with investment up to Rs.5 crore shall be provided 50% exemption Government shall promote and encourage participation in international events by
from payment of stamp duty on purchase or lease of land and construction or the ICT industry in form of joint delegation.
improvement on such land.
b) Enterprises with investment of Rs.5 crore and more shall be provided 100% P. Quality Certifications
exemption from payment of Stamp Duty on purchase or lease of land and
The Government of Rajasthan will reimburse 30% of expenditure incurred for obtaining
construction or improvement on such land.
quality certifications for CMM Level 2 upwards. Reimbursement will be limited to a
maximum of Rs.5 lakh. Similar reimbursement will be made to BS7799 for security and
M. Interest Subsidy also for ITES Companies for achieving COPC and eSCM certifications. The IT/ITES
Service Enterprises making investment more than Rs.25 lakh shall be provided 5% units/companies/firms can claim this incentive only once. A company/firm can claim
Interest subsidy on Term Loan taken from State Financial Institutions/ Financial incentive for BS7799 or any one of CMM Level 2 upwards/COPC/ eSCM.
Institutions/ Bank recognized by Reserve Bank of India for purchase of equipment
required for rendering services related to Q. Protection of IPR
IT/ITeS Sector, subject to a maximum of Rs.5 Outstanding
Ÿ Upto 5% Interest Subsidy on term There will be a legal mechanism to control piracy of
lakh per year for a period of 5 years or up to loans
Performance
information technology products. Intellectual Property
the period of repayment of loan, whichever is Ÿ Reimbursement of Patent Filing
Right (IPR) protection support will be given to all
Awards in 4
earlier, from the date of commencement of Costs upto Rs.3 lakh per patent categories with a
awarded per year entrepreneurs developing software and animation. All
commercial operation. Ÿ 30% Reimbursement of Quality online transactions would be secured by a fool-proof grant of Rs1.5 lakh
The enterprises which are engaged in Certification Costs upto Rs.5 lakh for each award
mechanism of digital signature and biometric-like
manufacturing and rendering of services

26 27
Rajasthan E-Governance IT & ITeS Policy 2015 Inclusive Industry Promotion

fingerprint and its recognition. All IT units, given the nature of their operations, will be granted permission to work on
a 24x7 model.
R. Outstanding Performance Awards
Registered IT/ITES units in the State will be considered for ‘Outstanding Contribution 4.2 General Incentives
Award’ in form of grant each year in each category on the basis of objective criteria General incentives available to the ICT industry, automatically are:
published by the Government. a) IT/ITES units are exempt from the purview of the Pollution Control Act, except in
Awards shall be given to the following categories: respect of power generation sets.
' New Ventures – Most Promising Venture b) IT/ITES units/companies are exempt from the purview of statutory power cuts.
' IT Enterprises – Best performing IT Company c) The regulatory regime of labour laws shall be simplified to suit the needs of IT &
' Innovation Leader – Enterprise that has displayed the maximum innovation in its ITES companies. General permission shall be granted to all IT & ITES companies
products and services to have 24x7 operations/to run in three shifts.
' Startup Ventures d) Barriers pertaining to employment of women at night shall be removed, the
A total of 3 awards shall be given in each category, with a Grant of Rs.1.5 lakh for companies will be instructed to offer employment to women with adequate
each award. security to them for working at night.
e) The IT & ITeS companies will be permitted to self-certify that they are maintaining
S. Incubation Units the registers and forms as contemplated and prescribed under the following Acts:
The state shall be promoting sectorial incubation units for development of concerned i. The Payment of Wages Act, 1936
sector, in partnership with industry and academia. IT/ITeS/ESDM/R&D Incubation Units ii. The Minimum Wages Act, 1948
in Sitapura EPIP Zone shall be promoted by the State. iii. The Workmen’s Compensation Act, 1923
iv. The Contract Labour (Regulations and Abolition) Act, 1970
T. Manpower Development Subsidy v. Employees State Insurance (Amendment) Act, 2010
vi. Bombay Shops and Establishment Act
Subsidy on Manpower development shall be provided in respect of Training/Technical
vii. The Payment of Gratuity Act, 1972
up-gradation/Skill up gradation of local persons in a registered training
viii. The Maternity Benefit Act, 1961
organization/institution subject to a ceiling
ix. Equal Remuneration Act, 1976
Investment in fixed capital Total Ceiling
x. Water (Prevention and Control of Pollution) Act, 1974
Up to Rs.25 lakh Rs.1.5 lakh
Reimbursement xi. Employment Exchange Act, 1959
Rs.25 lakh to 50 lakh Rs.3 lakh
on fixed capital xii. The Factories Act, 1948
Rs.50 lakh and above Rs.5 lakh
up to Rs.5 lakh xiii. Employees’ Provident Fund & Miscellaneous Provisions Act, 1952

U. Auxiliary Support for Investors for Manpower f) IT/ITES units/companies and non-hazardous hardware manufacturing industry are
Development declared as essential service.
All IT companies would be notified as ‘Public Utility
Service’ providers under the Industrial Disputes Act, 1947.
28 29
Rajasthan E-Governance IT & ITeS Policy 2015 Green IT

C. Useful life of various items and replacement


SECTION 5 Depending upon the nature, usage, maintenance cost, obsolescence in terms of
Green IT technology, up-gradation of technology, etc., the related items are classified in
following categories for the purpose of disposal of these items. The detailed non-
exhaustive list of category-wise items is available in section 5.2:
5.1 Condemnation and Disposal of IT Equipment
Category Nature Suggestive Items Useful/Productive Life
A. Applicability
I Immediate Printing Consumables As per usage. No residual
a) All Departments/Companies/Corporations/Institutions/Organizations/Bodies on
obsolescence (Non-refillable Ink Toners), value determined. However,
whom this Policy is applicable must ensure that there are proper procedures in / use-and- CDs, DVDs, Digital Audio proper inventories of
place for the condemnation and disposal of IT equipment that is unserviceable or throw Tapes (DAT), UPS Batteries purchase, issue and final
is no longer required. This Policy shall be applicable to the following departments products use/disposal, etc. would be
and bodies: maintained in order to keep
an accounting system.
i. All Government Departments under the aegis of Government of Rajasthan
ii. All Companies/Corporations/Autonomous Bodies/Local Bodies under the II Low life/ Fast Mobile Phones Two years
aegis of Government of Rajasthan obsolescence
products Laptops, Pen Drive, Three years in case of
iii. All PSUs under the aegis of Government of Rajasthan External Hard Disk Drive Laptops, Pen Drive, HDD,
(HDD), etc. etc. for replacement.
B. Definition of IT Equipment Residual values determined
separately.
a) Hardware
By its own nature IT equipment is constantly evolving and this can therefore III Medium Desktops, Printers, Multi- Five years for replacement.
become a very broad category making it impossible to list every single item or obsolescence functional Devices (MFDs),
/ Medium Scanners, Multi-media
group of items within this policy document; however a non-exhaustive list of IT life products Projectors, UPS Systems,
and related equipment to be considered for this purpose is associated.
IV Slow Fax, EPABX, Electronic items Seven years
b) Software
obsolescence/ such as cameras, TVs, DVD
Software can be summarized as follows: long life Players, Public Address
i. Desktop Software: all applications and related data loaded onto a desktop or products Systems, Electronic Calorie
laptop computer. Meter, etc.
ii. Server Software: all applications and related data loaded onto a local or V Software Software like MS Office, Please refer to the
networked server. Oracle, MS-SQL, explanation given below.
iii. Hosted Solution: all applications and related data (owned by GoR) hosted MS-Windows, Antivirus, etc.
on/off site. Note: The above mentioned items can be used beyond the mentioned/specified life till such time
these items continue to serve the purpose.

30 31
Rajasthan E-Governance IT & ITeS Policy 2015 Green IT

a) Use-and-throw products: These products have no fixed life and can be used till in case there is no member of DoIT&C in the concerned office, the matter shall first be
these are consumed or are under replacement warranty (like SMF batteries are escalated to the HO of the concerned department and if not resolved, then to the
covered under 1 year replacement warranty from the manufacturer). However, the DoIT&C.
user departments must maintain proper inventory of purchase, issue and disposal The lCT Products/Equipment can be condemned on following grounds:
thereof so as to ensure prudent official use of these items. a) Technically obsolete
b) Low life products: The general useful/productive life in the case of products/items i. Completed the life span as mentioned in Clause 4 and 5 and currently not in
in this category would be two years in the case of a Mobile Phone Instrument and working condition.
three years in the case of laptops and other items mentioned therein for ii. Technology outdated affecting performance and output that is expected out
replacement purposes. However, one may use the same for longer period so long of it.
as the item/equipment serves the purpose. iii. Package Software can only be condemned by declaring it as technically
c) Medium life products: The useful/productive life of products in this category is obsolete when no more updates or support are available from OEM.
fixed at 5 years even though the products can be continued to be used for longer b) Beyond Economical Repairs
period in an organisation/department, being a multiple level of usage in terms of lCT Products/Equipment can be declared BER when these Products/Equipment
level of works to be done like Software development/testing, Data Processing, cannot be upgraded or maintained economically/warrant extensive repairs and
Information searching, Word processing, etc. Accordingly, the life of these replacement of sub-assemblies/accessories and the combined cost of which
products is fixed as five years for replacement purposes. However, one can use the exceeds certain percentage (50%) of the current cost of an equivalent system. The
equipment for longer period so long as it fulfills the user requirements. same can be ascertained from the vendor who is giving AMC support.
d) Long life products: It has been observed that these products can be used for more c) Non-repairable
than 5 years due to comparative stability in specifications/services. Accordingly, ICT Products/Equipment can be condemned due to non-availability of spare-parts.
the replacement life of these products is fixed as 7 years. However, one can use d) Physically damaged
the same for longer periods so long as these products serve the user requirements. ICT Products/Equipment that have been damaged beyond repair due to fire or any
e) Software: Purchase of software can be booked as a one-time office expenditure. other reason beyond human control can be condemned as Physically Damaged.
The old software can be upgraded into latest version by taking the benefit of old
purchase in case scheme is available from the developer/principal company. In the E. Disposal/alternate Use
alternative, latest software can be purchased and in that case the residual value of a) The primary mechanism of alternate use, which must be considered in cases
the old software can be treated as NIL. The old software can be donated to the where the said item(s) are still in usable condition, should be to transfer the
State/Central recognised Service/Education Organisations. item(s) to Government School(s) of the districts in which the said office is located.
b) For this purpose, if the said item(s) are found usable by the DoIT&C representative
D. Grounds for condemnation in the department, a committee with DEO/BEO should be constituted to decide
For all condemnation cases, the concerned department shall form a committee where the items can be sent for optimum usage.
comprising minimum 3 members, one of which shall be from the finance/accounts c) Only if the possibility of usage by Government schools is found negligible, should
department and one member shall be a representative of DoIT&C in the department. If the process of disposal be initiated by the department/office.

32 33
Rajasthan E-Governance IT & ITeS Policy 2015 Green IT

d) The mode of Condemnation may be done either by Buyback or Disposal, as g) Issue of sale release order to the selected bidder
decided by the committee formed for condemnation by the concerned h) Release of the condemned ICT Products/Equipment that were sold to the selected
department. bidder
e) Buyback i) Return of bid security to the unsuccessful bidders
If the committee decides to choose Buyback mode of Condemnation, the proposal The important aspects to be kept in view while disposing the condemned ICT
for purchasing new ICT Products/Equipment under buyback mode will be sent by Products/Equipment through advertised tender are as under:
the concerned Department to DoIT&C for obtaining NOC. The Buyback rates for a) The basic principle for sale of condemned ICT Products/Equipment through
specific hardware as finalized in the ongoing Rate Contract shall be applicable. If advertised tender is ensuring transparency, competition, fairness and
the Buyback rates are not specified in the Rate Contract then the committee will elimination of discretion. Wide publicity should be ensured of the sale plan
decide the Buyback rates based on their assessment, after comparing similar Rate and the Condemned ICT Products/Equipment to be sold. All the required
Contract in the past and in consultation with the Vendor. terms and conditions of sale are to be incorporated in the bidding document
f) Disposal comprehensively in plain and simple language. Applicability of taxes, as
If the committee decides to choose disposal mode of Condemnation, the relevant, should be clearly stated in the document.
concerned Department can dispose it through Tender, Auction or Scrap depending b) The bidding document should also indicate the location and present condition
on assessed residual value of the ICT Products/Equipment and as per the of the condemned ICT Products/Equipment to be sold so that the bidders can
procedure laid down in this Policy document. inspect the condemned ICT Products/Equipment before bidding.
i. For the Products/Equipment with residual value above Rs.2 Lakh, the c) The bidders should be asked to furnish bid security along with their bids. The
Department can dispose it through Advertised Tender or Public Auction. amount of bid security should ordinarily be ten per cent of the assessed or
ii. For Products/Equipment with residual value less than Rs.2 Lakh, the mode of reserved price of the condemned ICT Products/Equipment. The exact bid
disposal will be determined by Department’s Competent Authority, keeping in security amount should be indicated in the bidding document.
view the necessity to avoid accumulation of such Products/Equipment and d) The bid of the highest acceptable responsive bidder should normally be
consequential blockage of space and also the deterioration in value of accepted. There should normally be no post tender negotiations. If at all
Products/Equipment to be disposed of. negotiations are warranted under exceptional circumstances, then it can be
with HT (Highest Tenderer) if required.
F. Process of Disposal through Advertised Tender e) In case the total quantity to be disposed of cannot be taken up by the highest
The broad steps to be adopted for this purpose are as follows: acceptable bidder, the remaining quantity may be offered to the next higher
a) Preparation of bidding documents bidder(s) at the price offered by the highest acceptable bidder.
b) Invitation of tender for the condemned ICT Products/Equipment to be sold f) Full payment, i.e. the residual amount after adjusting the bid security should
c) Opening of bids be obtained from the successful bidder before releasing the condemned ICT
d) Analysis and evaluation of bids received Products/Equipment.
e) Selection of highest responsive bidder g) In case the selected bidder does not show interest in lifting the sold
f) Collection of sale value from the selected bidder condemned ICT Products/Equipment, the bid security should be forfeited and

34 35
Rajasthan E-Governance IT & ITeS Policy 2015 Green IT

other actions initiated including re-sale of the condemned ICT Finance division.
Products/Equipment in question at the risk and cost of the defaulter, after b) In case the Department is unable to sell condemned ICT Products/Equipment even
obtaining legal advice. at its scrap value, it may adopt any other mode of disposal including destruction of
the Products/Equipment in an eco-friendly manner so as to avoid any health
G. Process of Disposal through Auction hazard and/or environmental pollution and also the possibility of misuse of such
a) The Department may undertake auction of condemned ICT Products/Equipment Products/Equipment.
to be disposed of either directly or through approved auctioneers. c) All rules, regulations and norms of e-Waste Management, Energy Efficiency and
b) The basic principles to be followed here are similar to those applicable for disposal bio-friendly disposal of all electronic waste containing substances like Lead,
through advertised tender so as to ensure transparency, competition, fairness and Cadmium, Mercury, PVC that have the potential to cause harm to human health
elimination of discretion. The auction plan including details of the condemned lCT and environment must be followed by the departments.
Products/Equipment to be auctioned and their location, applicable terms and
conditions of the sale, etc. should be given wide publicity. I. Responsibility of Department
c) While starting the auction process, the condition and location of the condemned a) Each unit of department will prepare equipment condemnation note which should
lCT Products/Equipment to be auctioned, applicable terms and conditions of sale be individually numbered having equipment description, including the make,
etc., should be announced again for the benefit of the assembled bidders. model, serial number, asset register number, purchase date, purchase price,
d) During the auction process, acceptance or rejection of a bid should be announced reason for condemnation and additional information, if any.
immediately. If a bid is accepted, earnest money (not less than twenty-five percent b) Department will constitute a condemnation committee which will review all
of the bid value) should immediately be taken on the spot from the successful condemnation notes and decide about the condemnation of equipment as per
bidder either in cash or in the form of Deposit-at-Call-Receipt (DACR), drawn in guidelines given above. The committee should have at least one member from
favour of the Department selling the condemned lCT Products/Equipment. accounts/finance background and also the representative of DoIT&C in the
e) The condemned lCT Products/Equipment should be handed over to the successful department as a member.
bidder only after receiving the balance payment. c) All procedure and rules made under relevant Rules of the Government on
f) The composition of the auction team will be decided by the competent authority. maintenance of records for condemnation of non-consumables items will be made
The team should however include an Officer of the Internal Finance Wing of the in these cases.
Department. d) The condemnation report so prepared by the department based on these
g) A sale account should be prepared for goods disposed of, duly signed by the guidelines will be sent to the headquarters of concerned department for approval
officials who supervised the sale or auction. by the nodal officer. The condemnation will be done only after approval is
obtained from the headquarters of the said department. To avoid piece-meal
H. Process of Disposal at Scrap Value or by Other Modes approach, all cases of a department may be processed once a year in May-June.
a) If the Department is unable to sell condemned lCT Products/Equipment in spite of
its attempts through auction and advertised tender, it may dispose-off the same at
its scrap value with the approval of the competent authority in consultation with

36 37
Rajasthan E-Governance IT & ITeS Policy 2015 Green IT

5.2 LIST OF ICT EQUIPMENT Category III


Category I ' Desktop
' CD ROM/DVD/Compact Disk ' Personal Computer
' Floppy Disk ' Servers
' Tapes DAT/DLT ' Work-station
' Ribbons ' Nods
' Toners – non refillable ' Terminals
' Ink jet cartridges ' Network PC
' Inks for output devices ' Network interface card (NIC)
' Any type of Cell/Batteries beyond repair ' Adaptor-ethernet/PCI/EISA/combo/PCMCIA
' SIMMs-Memory
Category II ' DIMMs-Memory
' Laptop Computers ' Central Processing Unit (CPU)
' Note book Computers ' Controller-SCSI/Array
' Palm top Computers/PDA ' Processors-Processor/Processor Power Module/Upgrade
' iOS/Android/ Windows based mobile & smartphones, iPad/ Tablets ' Dot-matrix printers
' Hard Disk Drives / Hard Drives ' Laser jet printers
' RAID Devices & their Controllers ' Ink jet printers
' Floppy Disk Drives ' Desk jet printers
' CD ROM drives ' LED printers
' Tape Drives – DLT Drives / DAT ' Line printers
' Optical Disk Drives ' Plotters
' Other Digital Storage Devices, Pen Drive, Memory Card ' Pass book Printers
' Key Board ' Hubs
' Monitor ' Routers
' Mouse ' Switches
' Multi-Media Kits ' Concentrators
' Access Card ' Trans-receivers
' Electronics Purse ' Switch Mode Power Supplies
' Electronics Wallet ' Uninterrupted Power Supplies
' Universal Pre-payment card
' Smart card etc.

38 39
Rajasthan E-Governance IT & ITeS Policy 2015 Green IT

Category IV ' Magnetic Heads, Print Heads


' Telephones ' Connectors
' Videophones ' Microphones/Speakers
' Facsimile Machines/Fax cards
' Tele-Printers/Telex machines Category V
' PABX/EPABX/RAX/MAX –Telephone exchange ' Application Software
' Multi plexers/Muxes ' Operating System
' Modems
' Telephone Answering Machines
' Tele-Communication Switching Apparatus
' Antenna & Mast
' Wireless Datacom Equipment
' VSATs
' Video Conferencing Equipment
' Including Set Top Boxes for both Video and Digital Signalling
' Fibre Cable
' Copper Cable
' Cables
' Connectors, Terminal Blocks
' Jack Panels, Patch Cord
' Mounting Cord, Patch Panels
' Back Boards, Wiring Blocks
' Surface Mount Boxes
' Printed circuit Board Assembly/populated PCB
' Printed Circuit Board/PCB
' Transistors
' Integrated Circuits/ICS
' Diodes/Thyristor/LED
' Registers
' Capacitors
' Switches (On/Off, Push- button, Rocker, etc.)
' Plugs/Sockets/Relays

40 41
Rajasthan E-Governance IT & ITeS Policy 2015 Digitally Secure Rajasthan

which can never be reproduced.


SECTION 6 b) Integrity & Availability: The integrity and availability of information, whether
Digitally Secure Rajasthan acquired, provided or created must be ensured at all times.
c) Safeguarding Critical Information: Critical information like audit reports, budgets,
sensitive and confidential information is protected from unauthorized access, use,
6.1 Information Security Policy disclosure, modification and disposal, whether intentional or unintentional.
d) Awareness among officers and officials: officers and officials, third party users are
A. Foundation of Information Security
made aware of the information security policy.
The State of Rajasthan recognises its dependence on information systems for effective
operations of its e-Governance Initiatives. It is, therefore, essential that this information
infrastructure is secure from destruction, corruption, unauthorized access, and breach C. Review & Evaluation
of confidentiality, however accidental or deliberate. The State shall be responsible for review and approval of Information Security Policy at
Information Security requirements are of utmost importance for the State. Successful the time of any major change(s) in the existing environment or once every year,
internal co-operation requires that a common security concept prevails in the GoR. whichever is earlier. Review shall take place in response to significant changes
The objective is to define standards to ensure that information is secure at all times, in including but not limited to changes in risk assessment, security incidents, new
turn creating a foundation upon which sound internal controls within the computerized vulnerability, change in technology or network infrastructure. The changes suggested in
environment can be exercised. This is applicable to all officers and officials associated the Policy shall be approved from the appropriate authority and institutionalized within
with Rajasthan Government/Boards/Corporation/PSUs/Third Parties. State with intimation to all concerned.
It is vital that we continue our efforts with security and risk management so as to equip
ourselves to meet the challenges of service running catering to the citizens of the State D. Information Security Organization Structure
and give each User Department the means to fulfil its mandate for delivering Citizen Figure 1
Services.
HOD, IT&C Chief Information Security Officer
B. Need for Information Security Nominated by CISO Addl. Chief Information Security Officer
State requires an information security policy for the following reasons.
Senior-most State
a) Maintaining Confidentiality: Confidentiality of information is mandated by IT laws level officer of Information Security Officer Centralized Incident
(IT Amendment Act 2008) followed by GoR. Different classes of information DoIT&C, in absence (Department/ District Response Team at
of such officer as collectorate specific) DoIT&C Level
warrant different degrees of confidentiality. The hardware and software nominated by HOD
components that constitute the IT assets represent a sizable monetary investment Information Security Manager (Can
Nominated by ISO
that must be protected. The same is true for the information stored in its IT with the consent of be equal to or more than one as per
Department HOD requirement of department)
systems, some of which may have taken huge resources to generate, and some of
Office level End Users

42 43
Rajasthan E-Governance IT & ITeS Policy 2015 Digitally Secure Rajasthan

a) Chief Information Security Officer (CISO) The IRT will check the authenticity of security incident and shall forward the
The Chief Information Security Officer shall provide the direction and support for request to CERT-In for resolution and coordinate with them till the closer of
all information security initiatives. The CISO is responsible for providing direction incident.
and leadership through: An Incident Reporting Team shall be made responsible for root cause analysis of
i. Reviewing and Approval of the Information Security Policy. security incidents and to preserve the logs and details for legal actions collected
ii. Approval of the resource requirements (human, IT Assets and financial) for during analysis and recommend the preventive and corrective action to ISO. This
information security. team will be established by DoIT&C.
iii. Driving information security initiatives across GoR. d) Information Security Officer (ISO)
iv. Conducting status review(s) of security implementation at Government The ISO assumes overall responsibility for ensuring the implementation,
Departments. monitoring, training and enforcement of the information security policy and
b) Additional Chief Information Security Officer (Addl. CISO) standards within the department/ district collectorate office
i. Review the Information Security Policy periodically. i. ISO will be responsible for the implementation of the Information Security
ii. Propose the resource requirements (human, IT Assets and financial) for Policy and monitor the compliance by departmental officials.
information security. ii. Recommending, coordinating and implementation of information security
iii. Prepare roadmap to drive information security initiatives across the State. policies, standards, processes, training and awareness programs; to ensure
iv. Monitor security implementation at Government Departments. appropriate safeguards are implemented.
v. Organize a refresher course for Information Security Officer with regards to iii. ISOs are responsible for ensuring that appropriate controls are in place on the
Information Security. IT Assets to preserve the security properties of confidentiality, integrity,
vi. Prepare the classification of Information assets. availability and privacy of departmental information
vii. Understanding and Circulation of all the IT laws and amendments to e) Information Security Manager (ISM)
Concerned ISOs. Information Security Manager of respective departments is responsible for:
c) Incident Response Team (IRT) i. Administering security tools, reviewing security practices, identifying and
Incident Response Team will be an independent body headed by officer analyzing security threats and solutions and responding appropriately to
nominated by HOD, IT&C. Members of IRT shall include Subject Matter Experts security violations.
from all domains viz. legal, administrative, technical, etc. ii. Administration of all user-ids and passwords and the associated processes for
Figure 2 reviewing, logging, implementing access rights, emergency privileges and
Officer nominated reporting requirements.
by HOD, IT&C f) End User
End User is responsible for following:
i. It is the responsibility of each end user to report any incident which is
SME-Any other
suggested
observed /suspected to ISM.
SME-Legal SME-Administrative SME-Technial
by HOD, IT&C ii. Users shall not test any existence of vulnerability in the information systems.

44 45
Rajasthan E-Governance IT & ITeS Policy 2015 Digitally Secure Rajasthan

iii. Understand the IT laws and amendments. and or the classification scheme of the IT asset.
iv. Avoid breaches of any law, statutory, regulatory and/ or contractual
obligations as well as security requirements. D. Information Classification
All information assets will have different degrees of sensitivity and accessibility to the
6.2 Asset Management organization. Information shall be classified appropriately as applicable for each
A. Introduction department into the following categories:
For information systems to be used effectively, efficiently and legally the assets that a) Secret: This is applied to information unauthorized disclosure of which could be
make up those systems must be properly controlled. This is referred to as asset expected to cause serious damage to the National/State security or National/State
management. interest. This classification should be used for highly important information and is
Asset management is not limited to stock of information (electronic data) but also the highest classification normally used. E.g. Visits of VIPs, security arrangements
covers physical computer equipment’s/Softwares used to access them. This Policy shall during VIP visits and international events, information related to critical
emphasize on the importance of identification /classification of IT assets to ensure infrastructure such as configuration details of servers in data centres, etc.
adequate accountability and responsibility of the ISO/ISM. The Policy also ensures that b) Restricted: This shall be applied to information, unauthorized disclosure of which
information systems needs to be suitably protected based on the confidentiality, could be expected to cause damage to the security of the department or could be
integrity and availability of the information systems. prejudicial to the interest of the department or could affect the department in its
functioning. The information that is used as official information for departmental
B. Responsibility level only (Restricted Circulation), etc.
c) Public: Information available in public domain like Government websites etc.
ISM shall be made responsible for following:
It is the responsibility of the ISO to appropriately classify their assets. The
a) A computer-based Asset Register shall be prepared and maintained for recording
classification process shall be completed for existing assets and shall be
all Information Assets with their appropriate classification.
undertaken for any new project at the time of deploying a new asset or generation
b) Providing Asset Management reports to user department as and when required on
of information.
approval from ISO.

C. Ownership 6.3 Data and Information Security


ISO shall ensure that Information assets belonging to department has been identified A. Introduction
and documented. The ISO shall be responsible for following: The Data and Information Security ensures that the officers and officials, contractors,
a) Ensuring that all the Information assets are recorded in asset register consultants and vendors who have access to GoR information and associated
b) Establishing the classification scheme of the Information assets. Information assets understand their security responsibilities that are required to
c) Implement appropriate security controls to safeguard the Information assets as per maintain the protection of critical information and the controls that are required to
Information Security Policy. protect the information assets from human error, theft, fraud and/ or their misuse are
d) Review and update the asset register to reflect any changes to the access rights implemented.

46 47
Rajasthan E-Governance IT & ITeS Policy 2015 Digitally Secure Rajasthan

B. Objective E. Reporting Information Security Incidents


All officers and officials, contractors, consultants and vendors who have access to GoR a) Officers/Officials who become aware of any loss, compromise of information or
information and associated IT assets are required to understand and practice their any other incident, which has information security implications, shall immediately
responsibilities for the comprehensive protection of the information assets. Failure to report to the ISM.
adhere to information security responsibilities may entail appropriate disciplinary action b) Suitable feedback processes shall be implemented by Incident Response Team to
as per Rajasthan Service Rules, Government of Rajasthan. ensure that the person reporting the incident is informed about the results after
The objectives of this Policy are to: the incident has been investigated and closed in consultation with concerned ISO
a) Ensure that the officers and officials, contractors, consultants and vendors and ISM.
understand their roles and responsibilities regarding information security. c) Security incidents shall be documented and used in user awareness training as
b) Reduce the risks of human error, theft, fraud or misuse of the information assets. learning from incidents.
c) Ensure that employees are aware of information security threats and concerns. d) End Users shall be informed that they should not, in any circumstances, attempt to
d) Minimize the damage from the security incidents and malfunctions and learn from prove a suspected weakness. Any action in testing the weakness would be
such incidents. interpreted as a potential misuse of the system.

C. During Employment F. Disciplinary Action


ISO has the following responsibilities during employment of officer/official: The certain categories of activities, which have potential to harm, or actually harm the
a) The employees are made aware of their security responsibilities to maintain the information assets are defined as security violations and are strictly prohibited. The
information security. security violations may entail a disciplinary action. Appropriate disciplinary action can
b) An adequate level of awareness, education and training on the information be taken against security violations as per Rajasthan Service Rules, Government of
security is provided to all employees. Rajasthan.

D. Information Security Awareness and Training G. Termination or Change of Employment


The ISO in consultation with CISO shall ensure that: a) ISM shall ensure that officers and officials are communicated about their
a) Officers and Officials receive appropriate training on information security information security responsibilities even after termination of employment/
requirements. contract regarding the return of all issued software, documents, equipment,
b) Officers and Officials are made aware of disciplinary process, which can be mobile computing devices, and access cards, manual and/ or any other asset that
initiated against them in case of any violations of this Policy. is a property of GoR.
c) Posters and hand-outs are used for creating security awareness among Officers b) The ISM is required to ensure that the access rights of the officers and officials for
and Officials information assets are removed upon the termination of his employment, contract
d) Quiz, tests, questionnaire are circulated to measure the awareness of Officers and or agreement.
Officials relating to information security on periodic basis. c) The ISM is required to ensure that in case of change of responsibility, the access
rights are revoked or modified as required and appropriate with proper approval
from ISO.
48 49
Rajasthan E-Governance IT & ITeS Policy 2015 Digitally Secure Rajasthan

6.4 Physical & Environmental Security response.


A. Introduction e) Some areas are open to general public, whereas some areas may be restricted to
The Physical and Environmental Security provides direction for the development and few officer and officials strictly on need basis like public, internal and restricted.
implementation of appropriate security controls that are required to maintain the
protection of information systems and processing facilities from physical and E. Public Access, Delivery and Loading Areas
environmental threats. Information systems should be physically protected against a) It shall be ensured that all areas, where loading and unloading of items is done,
malicious or accidental damage or loss, overheating, loss of mains power, etc. are monitored and equipped with the appropriate physical security controls during
these activities.
B. Objectives b) Access to these areas shall be confined only to the identified and authorised
Adequate protection shall be provided to information systems and facilities against the personnel.
unauthorised physical access and environmental threats. Appropriate security controls c) The movement of all incoming and outgoing items shall be documented and
shall be implemented to maintain the security and adequacy of the information incoming items shall be inspected for the potential threats.
systems and equipment. d) It shall be ensured that all the outgoing items have a valid authorisation and gate
pass.

C. Physical Security Parameter


ISM is required to define the physical security perimeter for concerned department and
F. Equipment Security
facilities where information systems of Government of Rajasthan are available. It is Information Security Manager (ISM) in consultation with ISO shall implement the
strongly recommended that the physical access restrictions proportionate with the equipment security controls to prevent loss, damage, theft or compromise of
criticality value of information system is implemented at perimeter of all such facilities information systems.
where information assets are hosted. Critical IT equipment, cabling, ect. should be protected against physical damage, fire,
flood, theft, etc., both on- and off-site. Power supplies and cabling should be secured.
IT equipment should be maintained properly and disposed of securely.
D. Physical Entry Controls
a) Access control system shall be installed at key/critical locations of Govt.
departments.
G. Equipment Location and Protection
b) Access to Govt. department, facilities and secure areas (such as Data Centre, All equipment shall be protected against environmental threats and unauthorised
Development Centre) shall be provided to authorised personnel only. Access to access. It shall be ensured that:
secure areas shall be controlled and monitored. a) The equipment are appropriately located and security controls are implemented to
c) All premises and facilities, where information assets are hosted, shall be classified reduce the risk of potential threats (e.g. theft, fire, smoke, electrical supply
into zones with defined security controls. interference) for their continued operations.
d) Zones should be designed and managed to protect against unauthorised access, b) The unattended equipment such as servers, network are placed in secure
detect attempted or actual unauthorised access and activate an effective enclosures.
c) The appropriate environmental protection controls are identified and implemented

50 51
Rajasthan E-Governance IT & ITeS Policy 2015 Digitally Secure Rajasthan

for the safety of the equipment. d) It shall be ensured that the power cables are segregated from the communication
cables.
H. Power Supplies
All equipment shall be protected from the power failures and other disruptions caused J. Equipment Maintenance
by failures in supporting utilities. ISM & ISO shall jointly ensure that: ISO shall ensure the following controls for equipment maintenance:
a) All supporting utilities, such as electricity, water supply, sewage, heating/ventilation a) A preventive maintenance exercise for the utility equipments shall be conducted in
and air conditioning, are in appropriate condition for the information systems and/ scheduled intervals ensuring their continued availability and integrity.
or processing facilities that they are supporting. b) Preventive maintenance of hardware, UPS, AC and other equipment shall be
b) The uninterruptible power supply (UPS) systems and generators are installed to covered under AMC.
support the continued functioning of equipment supporting critical business c) The ISM shall monitor SLA to ensure that preventive maintenance is carried out in
operations. efficient manner.
c) UPS equipment shall be maintained in accordance with the manufacturer’s d) ISM is required to apply the appropriate security controls to the off-site equipment
recommendations. considering various risks that may exist outside the premises.
d) All department premises shall have proper earthing to prevent electric surges. e) Every user is required to ensure that the equipment and information systems are
e) An alarm system to highlight the malfunctions in the supporting utilities is disposed of after an approval from the ISO and following proper rules as per
installed. Government of Rajasthan Rules for disposing IT Assets.
f) Voltage regulators shall be installed, wherever necessary, to guard against f) Any equipment, information system, storage device or software under the
fluctuations in power. Circuit breakers of appropriate capacity shall be installed to possession of or having information of State Government department shall not be
protect the hardware against power fluctuations or short circuits. taken outside the office premises without prior authorization of ISM and valid gate
g) A preventive maintenance exercise is carried out at regular intervals for the utility pass.
equipment.
6.5 Communication & Operations Management
I. Cabling Security A. Introduction
It shall be the responsibility of ISM to ensure that cabling is done properly. Following The Communication and Operations Management establishes appropriate controls to
controls shall be considered for cabling security: prevent unauthorized access, misuse or failure of information systems and equipment
a) All cables, including power and telecommunication network cables, shall be and to ensure the confidentiality, integrity and availability of information that is
protected from the damage or unauthorized interception. processed by or stored in the information systems/equipment.
b) All network cables and their corresponding terminals shall be identified and
marked. B. Responsibility
c) It is strongly recommended that the documents, including detailed physical
The ISM is responsible for the implementation of the controls defined in this Policy.
network diagrams showing cable routings and terminations are maintained with
However, ISO shall ensure compliance of Information Security Policy.
ISM.

52 53
Rajasthan E-Governance IT & ITeS Policy 2015 Digitally Secure Rajasthan

C. Objective F. Change Management and Change Request Approval


Government of Rajasthan shall ensure the effective and secure operation of its For application software the documentation shall provide for a brief description of the
information systems and computing devices. The objectives are to: changes requested, date on which the request was made, prioritizing of the request,
a) Develop documented operation procedures for information systems and tracking and controlling modifications and assigning a unique number to each request.
computing devices. All changes requested shall be approved/rejected by ISO of concerned department.
b) Ensure protection of information during its transmission through communication
networks. G. Hardware and Operating System Changes for Information Systems
c) Protect integrity of software and information against the malicious codes. a) Any changes to hardware shall be done by raising a change request, approval by
d) Develop an appropriate backup strategy and monitoring plan for protecting the ISO and documentation of the same.
integrity and availability of information processing facilities and communication b) ISM shall update the asset register once the changes are done to the hardware.
services. c) Any change to the operating system or application shall be strictly controlled. Any
e) Have appropriate controls over storage media to prevent its damage and/or theft. changes shall be done by raising a change request, approval by the ISO and
f) Maintain security during the information exchange with other State Governments. documentation of the same.

D. Operations Procedures and Responsibilities H. Testing of Changes and Backup


IT operating responsibilities and procedures should be documented. Changes to IT a) All critical and complex changes shall be tested before being carried out in the
facilities and systems should be controlled. Duties should be segregated between live/production environment.
different people where relevant (e.g. access to development and operational systems b) A quality assurance test of the changes to be implemented shall be performed in
should be segregated). a test environment prior to implementation in the production environment.
c) A backup of the system impacted by the change shall be made prior to its being
E. Documented Operating Procedure updated.
a) Adequate documentations shall exist for maintenance of information systems. The
documentations, procedures and checklists shall be created when a new systems I. Unscheduled/Emergency Charges
or service is introduced and the activities to be carried out when a service failure a) Unscheduled/emergency changes shall be carried out only in case there are
occurs or when maintenance needs to be performed. critical issues in current IT system/ environment, which require the change to be
b) Procedures shall be in place to ensure that activities performed in day-to-day carried out with approval from ISO
operations are carried out in a secure manner. b) An audit trail of the emergency activity shall also be generated which logs all
c) Standard Operating Procedure (SOP) shall be created to maintain the activity, including but not limited to:
confidentiality, integrity and availability of that specific platform or application. I. The user-ID making the change
ii. Time and date
iii. The commands executed

54 55
Rajasthan E-Governance IT & ITeS Policy 2015 Digitally Secure Rajasthan

iv. The program and data files affected context; mobile code creates varying degrees of computer and system damage. Mobile
code is usually downloaded via the body of an HTML email or email attachment.
J. Segregation of Duties Therefore in the information systems where the use of mobile code is authorised, ISM
Segregation of duties is important in order to reduce opportunities for unauthorized shall ensure configuration in such a manner that only authorized mobile code operates
modification or misuse of information, or services. according to a clearly defined set of rules.
a) ISM shall segregate the duties in such a manner so that no single user has the
ability to subvert any security controls of the infrastructure thereby negatively M. Backup
impacting the business operations. For continuity of business operations in the event of failures and/ or disaster, it is
b) An individual shall not be responsible for more than one of the following duties: essential to have the secondary copies of the data available. It is to be ensured that
data entry, computer operation, network management, system administration, backups of all the identified highly critical information assets are taken and are tested
systems development, change management, security administration, security for restoration and readable or regular intervals.
audit, security monitoring. Information Security Manager is required to ensure following:
Whenever segregation of duties is difficult to accomplish, other compensatory a) Identification of critical information assets
controls such as Monitoring of activities, Audit Trails and Management Supervision b) Selection of appropriate backup media on the criticality of data and retention
can be implemented. period
c) Backup logs shall be regularly maintained and kept up-to-date and can be in the
K. System Planning and Acceptance form of hard or soft copies
For maintaining adequate future storage and memory demands of IT Systems proper
monitoring and requirement projection is performed for information assets. This will N. Network Security Management
help in avoiding potential bottlenecks that might present a threat to system security or a) Network Controls
user services.ISM will identify the requirement and will send the requirement to ISO. The appropriate security controls shall be implemented by the ISM to protect the
ISO will review the same and will further send it to approving authority. departmental network. The controls shall include, but not limited to, the following:
i. Logical segregation of networks e.g. internal network zone, Demilitarized
L. Protection against Malicious and Mobile Code Zone (DMZ) and External zone
ISM shall ensure to implement software and associated controls to prevent and detect ii. Protection through firewall
the introduction of malicious and mobile codes like Computer Virus, Trojan Horse, etc. iii. The Documentation related to the network diagram, IP Addressing and
which can cause serious damage to networks, workstations and critical Government configuration of network devices, etc.
data. b) Wireless Local Area Network (WLAN)
Mobile code is any program, application, or content capable of movement while The wireless infrastructure system shall be managed appropriately in order to
embedded in an email, document or website. Mobile code uses network or storage provide protection to its information and information systems. The following
media, such as a Universal Serial Bus (USB) flash drive, to execute local code controls shall be implemented by ISM to ensure WLAN security:
execution from another computer system. The term is often used in a malicious i. Secure configuration of wireless communication devices including the Access

56 57
Rajasthan E-Governance IT & ITeS Policy 2015 Digitally Secure Rajasthan

Points and wireless client devices such as Laptops/Workstations. O. Exchange of Information


ii. Implementation of a strong key management system for the authentication of a) Information Exchange
clients connecting to the WLAN. Appropriate security controls shall be implemented to exchange the Govt.
iii. Implementation of appropriate physical and environmental security controls to department information or software assets with third parties. The security controls
protect wireless access points against theft and damage. shall include technical controls and contract/agreements signed with the third
iv. Register access points and cards. All wireless access points must be registered parties.
and approved by ISM. These access points are subject to periodic penetration The relevant information asset owners/ISM/ISO shall be responsible for ensuring
tests and audits. that such information assets are exchanged only after signing appropriate
c) Firewall agreements.
ISM shall establish following controls:
i. Firewalls shall restrict access to all applications and network resources and P. Monitoring
protect these from unauthorized users a) ISM needs to ensure that proper logs are maintained and stored for a specific time
ii. Access control policy shall be implemented on the Firewall and all activities period for future investigation purposes.
shall be logged (successful, unsuccessful) b) Audit logs shall be secured in such a manner that even the ISO/CISO is not
iii. Publicly accessible servers shall be kept behind the Firewall and access control allowed to erase or modify the logs of the activities performed by them on system.
policies shall be defined c) Access to Log shall only be provided on need basis and with approval from ISO.
iv. An updated, reviewed and approved network diagram with all connection to d) Time and date synchronization shall be maintained at all network devices and
and from the firewall shall be maintained. servers.
v. A documented list of services and ports shall be maintained.
vi. Approval process for new rules for firewall shall be established
6.6 Access Control
d) Security of Network Services
I. The ISM is required to identify the security features, service levels and A. Objective
management requirements of all network services included in any network User Access of the Information assets shall be based on their roles and responsibilities
services agreement, irrespective of the fact whether these services are being provided. All the User ids are provided with access permissions as per requirements,
provided in-house or outsourced. role and designation of officers and officials. The system shall deny all request other
ii. The ISM shall prepare a checklist of the non-essential, default and vulnerable than permitted to protect the information from unauthorised access.
services for all the information systems owned by them. The non-essential The objectives of the Access Control are to:
services shall be disabled on all information systems and the default and a) Provide need-based access to information assets
vulnerable services required for business operations shall be fixed by b) Prevention of unauthorised access to information systems, network services,
implementing alternative mitigation controls on the information systems. operating systems, databases, information and applications

58 59
Rajasthan E-Governance IT & ITeS Policy 2015 Digitally Secure Rajasthan

B. User Access Management d) After maximum 5 unsuccessful login attempts, account shall be locked for security
The allocation of access rights to users should be formally controlled through user purposes.
registration and administration procedures (from initial user registration through to e) The passwords shall not be hard coded into the logon scripts, batch programs or
removal of access rights when no longer required), including special restrictions over any other executable files when user authentication or authorisation is required to
the allocation of privileges and management of passwords, and regular access rights complete a function.
reviews where if roles and responsibilities change for officers and officials than his f) The password shall be encrypted while transmitting over network.
access rights shall be changed accordingly. g) For forgot passwords and account lockouts, proper support procedures shall be
a) Users shall be provided access as per their roles and responsibilities, e.g. DDO is documented and implemented.
provided access to disburse salaries of his concerned office but is not allowed to h) User password reset is performed only when requested from user and after
view or disburse salary for other offices. identifying and verifying the user through defined procedures.
b) Unique User id shall be provided to each employee so that each person will be
responsible for one’s action which will help in tracking of security threats incidents, E. User Responsibilities
if any. All Users who will have access to information assets of Government of Rajasthan are
c) User rights shall be provided by system administrator on written approval from required to understand their responsibilities for maintaining the effective Security
ISM/ISO of Concerned department. Controls and safety of information assets.
C. User Registration
a) Documentation and implementation of procedures for registration and de- F. “Clear Desk and Clear Screen” and “Security of Unattended Equipment”
registration of User id. IT team needs to ensure that information system needs is auto locked if unattended for
b) Naming Convention shall be followed for User id creation a specified duration
c) Identification of inactive accounts and disabling them a) Sensitive and critical information need to be locked (electronic media)
d) Re-activation of the accounts on written request from ISM b) Desktops shall be logged off or protected with a screen when unattended for a
e) Guest accounts to be disabled on servers specified duration.
c) Incoming and outgoing mail points should be protected.
D. Password Management d) Use of scanner and digital cameras shall be monitored so that unauthorised use
a) It is made mandatory for users to change their passwords during the first time for reproduction of critical information can be prevented.
logon and after 20 days of each password change. Warnings to the users shall be e) Logout from the workstation, servers and/or network device when the session is
flashed before 5 days of the password expiry and to be sent repeatedly everyday finished.
till the user changes password or password expires.
b) The Password shall have a combination of alpha-numeric characters and G. Application and Information Access Control
minimum length of eight characters for strong security. The logical access to the application software shall be restricted to the authorised users
c) System shall keep record of last five passwords and shall not allow user to reuse it only. The access rights shall be provided for relevant section of application, e.g. DDO is
at the time of changing one’s passwords provided access to prepare salary bills for one’s concerned office employees.

60 61
Rajasthan E-Governance IT & ITeS Policy 2015 Digitally Secure Rajasthan

Category Nature Description


a) User access matrix shall be updated quarterly and documented Cat 1 Unauthorised Attempts to gain unauthorised access to a system or its data
Access without having permission, e.g. spoofing as authorised users
b) Information systems (Application system processing) containing critical
Cat 2 Denial of An attack that successfully prevents or impairs the normal
information shall not be hosted on the shared server, and Services authorized functionality of networks, systems or applications by
c) High level logging mechanism shall be established for critical systems. exhausting resources.
Cat 3 Malicious Successful installation of malicious software (virus, worm, Trojan
Code horse, or other code-based malicious entity) that infects an
H. Mobile Computing and Communication operating system or application.
a) Employees shall be allowed to remotely access GoR network to access official Cat 4 Changes to Changes to system hardware, firmware or software characteristics
information after proper identification and authentication. Information and data without the application owner's knowledge.
System
b) The employees shall take special care of the mobile computing resources such as,
Cat 4 Changes to Changes to system hardware, firmware or software characteristics
but not limited to, Laptops, mobile phones, PDA’s, etc. to prevent the compromise Information and data without the application owner's knowledge.
and/or destruction of confidential information. System
c) Official laptops shall be configured as per policy with proper firewall and updated Cat 5 Unknown User Existence of unknown user accounts
Accounts
virus definitions to secure the information systems
Cat 6 Others, if any Any other incidents identified by users

6.7 Information Security Incident Management


C. Reporting Security Events and Weakness
A. Objective
a) An incident management procedure shall be formalized and documented which
All the security breaches, discovered weakness in the system and attempts to breach in
includes incident identification, reporting, response, escalation and incident
the Information systems shall be reported and responded to promptly. Appropriate
resolution.
actions shall be taken to prevent the reoccurrence.
b) There should be a central point of contact (ISM), and all employees/users should
The objectives are to:
be informed of their incident reporting responsibilities.
a) Develop proactive measures so that the impact of any security incident on
c) Users shall not test existence of any vulnerability in the information systems
information systems can be minimized
b) Create awareness among users so that they can report the identified incidents to
D. Learnings from Information Security Events
ISM.
A knowledge base shall be established by IRT for the information gained from the
c) Get learnings from the incidents and implementing appropriate controls to prevent
evaluation and analysis of all information security incidents, that will be helpful to
the reoccurrence
prevent reoccurrence of security incidents, to handle security incidents and for
learning.
B. Incident Identification
An incident is the act of violating the security policy defined for State. The following
E. Collection of Evidence
actions can be classified as incidents, but not limited to:
a) As per the legal requirements, ISO shall collect the evidences during the incident
analysis, retained and presented for relevant jurisdiction. IRT will provide complete

62 63
Rajasthan E-Governance IT & ITeS Policy 2015 Digitally Secure Rajasthan

help to ISO for collection of evidence. IRT has to preserve the proof for any legal impact on their daily activities
proceedings to support ISO. D. Compliance with Legal Requirement
b) Delayed reporting of information security events or incidents, and consequent a) Identification of Applicable Laws
delays in initiating investigations can result in loss of evidence. Therefore, timely It is the responsibility of ISO to maintain a list of all relevant statuary, regulatory
investigation shall be performed by IRT. and contractual requirements with the help of ISM in guidance of ACISO
c) Evidence shall be collected in such a manner that it should not destroy its (Circulated by ACISO)
evidentiary proof and can be used for legal use in court, if required. b) Intellectual Property Rights
i. All Software and application used in Government offices shall be purchased
6.8 Compliance and issued in accordance with the license agreements.
A. Introduction ii. All employees shall abide by the Copyright laws detailed by the software
The Compliance provides the direction to design and implement appropriate controls vendor
to meet the legal, regulatory and contractual requirements as per Cyber law, IT Act iii. Awareness campaigns shall be organized for employees regarding IPR
2000 and any other relevant act prevailing in India. iv. Software shall be used for official purpose only
v. Officers and Officials shall not be allowed to carry Personal Information
B. Responsibility Processing equipment or CD writers, USB drives, etc. without obtaining prior
approval from ISM.
It is the responsibility of ISO to ensure implementation of the appropriate controls to
c) Protection of Government Records
meet the legal, regulatory and contractual requirements as circulated by ACISO. The
i. Important records like accounting and financial records, payroll and other
details about the Cyber laws, but not limited to, is available at
employee related records shall be protected from loss or destruction.
http://deity.gov.in/content/cyber-laws
ii. Retention period shall be defined for various types of records as per rules and
regulations and shall be destroyed in a safe and secure manner on
C. Objective
completion of their retention period.
All Government Departments shall understand the importance of Compliance to the
iii. Extra Protection shall be taken to store the records required to meet legal
legal requirements and thus enforce the appropriate controls to the officers and
requirements.
officials working under their department to embed a compliance culture.
d) Data Protection and Privacy of Personal Information
The objectives are to:
i. Personal information of employees/users shall be kept safe and confidential.
a) Promote a positive ethical and compliance culture among Government offices
ii. Relevant Legal laws, Acts and regulations shall be followed for handling
b) Creating awareness among users regarding the law compliance
personal information.
c) Avoiding breaches of any law, statutory, regulatory and/ or contractual obligations
iii. Personal records shall be retained and stored as required by legislation.
as well as security requirements
iv. The review period and review rights of personal records shall be defined by
d) Ensuring that officers and officials, third party users understand and adhere to the
ISO.
legal, statutory, regulatory and contractual requirements which may have an
v. Backup of personal records shall be ensured.

64 65
Rajasthan E-Governance IT & ITeS Policy 2015 Digitally Secure Rajasthan

e) Prevention of misuse of Information Processing Facilities usage in Government departments is legitimate and does not breach any security of
i. Users shall be prevented from accessing information, information systems information system, thus preventing the unauthorised use of internet.
and/ or facilities for unauthorized purposes through implementing appropriate B. Responsibility
access controls. ISM shall ensure compliance of the Policy. Controls shall be established by IT Team
ii. Any usage of information system other than for official purposes shall be under guidance of ISM. Each employee/user shall take responsibility to follow Internet
considered as improper use of the facilities and may lead to disciplinary Security Policy.
action against user.
C. Objective
E. Compliance with Information Security Appropriate technological and user level controls need to be established for ensuring
I. The ISOs shall ensure that the Policy is implemented in their respective legitimate use of internet in Government departments to maintain the confidentiality,
departments, in turn ensuring the compliance. integrity and availability of the internet system.
ii. It shall be communicated to all employees officially through a Government order Following are the objectives:
that compliance to Information Security Policy is mandatory and if any non- a) Rules to be defined so that each employee in Government departments shall use
compliance is found, necessary disciplinary action can be taken against the internet for legitimate purpose
employee. b) To ensure that internet system shall not be misused.
iii. There shall be a regular review of compliance to the policies using Internal Audits.
Any deviations shall be noted and communicated to the HODs as a part of the D. Internet Usage
Internal Audit report.
a) Access to internet
i. Internet should be provided to users for official purpose.
F. Technical Compliance ii. Internet access shall be provided after approval from ISM.
i. Technical compliance check shall be carried out to identify vulnerabilities in the iii. Access to Internet shall be controlled by Proxy server and firewall.
system and to check effectiveness of controls to prevent unauthorized access to b) Authorised and unauthorised access to internet
information systems. i. Internet usage shall be restricted to serve employees for official/office related
ii. Information systems shall be checked by ISM every six months for security and work and transactions.
compliance with the security Policies. ii. Unauthorised use of Internet shall include, but not limited to:
iii. A schedule shall be maintained to ensure that vulnerability assessment and 1. Using for personal entertainment, personal business or profit, and
penetration testing is carried out at regular frequency. publishing personal opinions.
iv. Technical compliance shall be carried out by experts. 2. Attempting to gain or gaining unauthorized access to any computer
system
6.9 Internet Security 3. Sending/receiving/viewing racial or sexually threatening email messages
A. Introduction 4. Sending, transmitting or distributing proprietary information, data or
Internet security provides directions to the officers and officials to ensure that internet other confidential information.

66 67
Rajasthan E-Governance IT & ITeS Policy 2015 Digitally Secure Rajasthan

5. Using Internet for non-official purposes and wasting computer resources B. Responsibility
like uploading and downloading large files An e-mail server administrator for registered domains of Government departments/
6. Introducing computer viruses, worms, or Trojan horses PSU/Boards/Corporations and other autonomous bodies is responsible to ensure that
7. Downloading obscene written material or pornography appropriate controls are kept in place for one’s email server. Each user is responsible
c) Downloading and uploading of software for complying with the E-mail Security Policy. ISM shall ensure that access rights of e-
i. Downloading and uploading of software is allowed only when permissions are mail id shall be managed, e.g. on transfer of officers and officials their e-mail id which
granted from ISM. is as per designation is given to other officer/official after changing the password.
ii. Trial versions shall be deleted after expiry of trial period.
iii. Periodic review of all desktop/laptops shall be done to ensure that no C. Objective
unauthorized software is installed. a) E-mail security is of prime importance and appropriate technological and user
iv. Browsers are configured at workstations in such a manner that they should level controls shall be implemented to maintain confidentiality, integrity and
accept applets only from trusted sources. availability of the e-mail system by respective e-mail server administrators.
d) Internet Security awareness b) The objective of the e-mail policy is to Establish the rules for the official use of the
Users shall be kept aware through trainings regarding the acceptable and e-mail system and to adequately protect the information transmitted through the
legitimate use of internet, e.g. downloading the content from internet, e-mails.
downloading of applets for browsers, etc. c) If any PSU/Boards/Corporations/Autonomous bodies are not able to follow e-mail
e) Website blocking Policy due to lack of appropriate infrastructure, it is suggested to open their
Internal users shall be blocked at the proxy level from accessing websites which employee’s email-id on the domain (www.rajasthan.gov.in) by taking necessary
are deemed inappropriate as per the directions from the State Government. approvals.
f) Auditing, logging and monitoring
i. Logging shall be maintained for all the attempts to access internet services
D. Authorized Use of e-mail
ii. ISM shall review log files of proxy server on periodic basis
a) All e-mail messages generated from registered e-mail System of Government
department/PSU/Boards/Corporation and other Autonomous bodies shall be
6.10 E-mail Security considered to be the property of Government of Rajasthan.
A. Introduction b) Users shall not forward/redistribute any offensive or unsolicited material received
E-mail Security provides directions and controls to be established for legitimate use of from the external sources.
e-mail account provided to the users and to protect e-mail system from vulnerability
and modifications. E-mails originating from registered domain of Government
E. Prohibited use of e-mail
department/PSU/Boards/Corporation and other autonomous bodies only shall be
a) Users shall not use e-mail for raising charitable funds campaign, political advocacy
considered for official purpose.
efforts, personal amusement and entertainment.
b) Users shall not use e-mail for creation or distribution of any disruptive or offensive

68 69
Rajasthan E-Governance IT & ITeS Policy 2015 Digitally Secure Rajasthan

messages, including offensive comments about race, language, gender, hair I. Electronic Mail Encryption
colour, disabilities, age, sexual orientation, pornography, culture, religious beliefs The objective of e-mail encryption is to prevent the email content from being read by
and practice, political beliefs or national origin. unintended recipients.
c) Users shall not use e-mail for forwarding or sending messages that have racial or All electronic communications through the e-mail systems are not encrypted by default.
sexual slur, political or religious solicitations or any other message that could Therefore, if sensitive information needs to be sent by e-mail System, encryption or
damage the reputation. similar techniques provided by the e-mail system shall be employed for the protection
d) Users shall not use email for transmitting any data that potentially contains of information being transmitted.
Viruses, Trojan horses, Worms, spywares or any other harmful or malicious
program.
J. Attachment and Virus Protection
e) Users shall not use e-mail in connection with surveys, contests, chain letters, junk
a) E-mail Server administrator shall implement appropriate controls at e-mail
e-mail, spamming, or any duplicative or unsolicited messages.
gateway/server level to scan email attachments and delete malicious file
extensions or viruses. E-mail administrator shall block documented malicious file
F. User Accountability extensions at gateway level.
a) Users shall not use any unauthorised Web-mail services for official purpose. b) E-mail virus protection and content filtering software shall be implemented at e-
b) Users shall not share their e-mail account passwords. mail gateway/server level.
c) Users shall choose strong passwords as per password policy.

K. Public Representations
G. User Identity a) No e-mail messages related to State Government shall be used for advertisement
a) Misrepresenting, Concealing, suppressing or replacing another user’s identity on purposes.
an electronic communications system is prohibited. b) If users are suffering from excessive spams in their mail box from a particular e-
b) The user name, email address and related information included with electronic mail id than they shall raise a security incident to their respective ISM.
messages shall reflect the actual originator of the messages.
c) At a minimum, the users shall provide their name and mobile numbers in all e-
L. Archival, Storage and User Back up
mail communications.
All official e-mail messages containing approval, work delegation, authorisation or
handing over of responsibilities or similar transactions shall be archived for future
H. E-mail Administrator Accountability official use by end user.
E-mail Administrator is responsible for following: Any e-mail message which can be helpful as an evidence for critical decisions shall be
a) All e-mails and content shall be scanned through authorized email scanning appropriately retained for future use by end user.
software
b) Open relay is blocked at all e-mail servers to prevent spamming
M. Disclaimer
c) Content monitoring systems shall be installed at e-mail Servers
A disclaimer approved by CISO shall be appended to all e-mail messages generating
d) Antivirus definitions shall be kept updated at the gateway/server levels
from State Government domains.
70 71
Rajasthan E-Governance IT & ITeS Policy 2015

SECTION 7
Rajasthan
e-Governance
Architecture

1. Rajasthan State Data Centre & Network Operating


Centre:
Ÿ 100 mbps Dedicated Connectivity;
Ÿ Hosting more than 500 Websites, Portals and 6. Public Interface:
Applications 1 Fully automated & mobile ready Solutions for
2. Raj Megh - The Rajasthan Cloud: Ÿ Public Interface
Ÿ End-to-end Cloud enablement on SaaS, PaaS (Bhamashah/eMitra/RajSampark)
basis for Rajasthan Ÿ Government officials
3. Raj Net - The Rajasthan Network: (HRMS/eOffice/IFMS/eProcurement/ifacts)
Ÿ Seamless connectivity till Gram Panchayat Ÿ Communication (eSanchaar)
Level through LAN/SWAN/Broadband/Over- 2 Raj eVault - Fully automated electronic
The-Air/Satellite verification, no need of hard copy
4. Raj Dharaa - The Rajasthan GIS-DSS: documents/affedavits/notary attestation for
Ÿ A seamless Geographic Information System for
service delivery
Rajasthan, shared by all Government 3 RAAS (Rajasthan Accountability Assurance
Departments, Organizations and utilized for System) - End-to-End monitoring and
systematic decision support. accountability of government officials
5. Raj Sewa Dwaar - The Rajasthan Service Delivery 4 Mobile Apps for all Government portals &
Gateway: application on all plat forms
Ÿ Providing unique door of connectivity, 7. Rajasthan Single Sign On and State Portal:
unification and integration for all State, Ÿ One Person, One Identity – With all mapped
National and Private Applications/Gateways – datasets and documents for every state
The true Intelligent Middleware resident

72

You might also like