Section 19 in Rajasthan Bhamashah (Direct Transfer of Public Welfare Benefits and Delivery of Services) Rules, 2018
19. Measures for ensuring information security.
(1)The Authority may specify an information security policy setting out inter alia the technical and organisational measures to be adopted by the Authority and its personnel, and also security measures to be adopted by agencies, advisors, consultants and other service providers engaged by the Authority, Registrar, enrolling agency and requesting entities.(2)Such information security policy may provide for,-(a)identifying and maintaining an inventory of assets associated with the information and information processing facilities;(b)implementing controls to prevent and detect any loss, damage, theft or compromise of the assets;(c)allowing only controlled access to confidential information;(d)implementing controls to detect and protect against virus/malwares;(e)a change management process to ensure information security is maintained during changes;(f)a patch management process to protect information systems from vulnerabilities and security risks;(g)a robust monitoring process to identify unusual events and patterns that could impact security and performance of information systems and a proper reporting and mitigation process;(h)partitioning of BRDH net work into zones based on risk and trust;(i)deploying necessary technical controls tor protecting BRDH network;(j)service continuity in case of a disaster;(k)monitoring of equipment, systems and networks;(l)measures for fraud prevention and effective remedies in case of fraud;(m)requirement of entering into non-disclosure agreements with the personnel;(n)provisions for audit of internal systems and networks;(o)restrictions on personnel relating to processes, systems and networks;(p)inclusion of security and confidentiality obligations in the agreements or arrangements with the agencies, consultants, advisors or other persons engaged by the Authority.(3)The Authority shall monitor compliance with the information security policy and other security requirements through internal audits or through independent agencies.(4)The Authority shall designate an officer as Chief Information Security Officer for disseminating and monitoring the information security policy and other security-related programs and initiatives of the Authority.
