Internal 3 of 5
• Licensing/ copyright requirements for all information assets including proprietary
software application systems, which typically limit the use of application to
specified machines; or creation of the backup copies, shall be adhered to.
Following controls shall be enforced:
• Awareness shall be maintained among the staff for using only legal copies of
software.
• Disciplinary action shall be taken against all the users breaching these policies.
• Asset register of licenses for the software/ hardware products shall be maintained.
• Usage of licenses shall be monitored and controls shall be implemented to ensure
usage is as per license agreement/s.
• Regular checks shall be carried out to ensure that only authorized software and
licensed products are installed.
3.1.3. Safeguarding of Organizational Records
• Organizational records shall be classified, stored, protected, and destroyed (after
the retention period) in accordance with asset classification and requirements of
the applicable laws and regulations.
• A register detailing the classification, valuation, ownership, storage location,
period of retention, method of destruction shall be made for identified
organizational records.
3.1.4. Data Protection and Privacy of Personal Information
• ID shall implement controls for collecting, processing, and disseminating personal
information. Data protection and privacy shall ensure compliance with all relevant
legislation, regulations, and, if applicable, contractual clauses.
• Information security head shall solicit legal opinion to identify a list of applicable
data protection/ privacy regulations, on an annual basis.
3.1.5. Prevention of Misuse of Information Processing Facilities
• Any unauthorized usage/ misuse of information processing facilities shall lead to
disciplinary action as per HR Policy.