Security Policy | Directorate General of Hydrocarbons (DGH)
Home/ Security Policy
Security Policy

 

Website Security Policy of DGH Website

DGH has a responsibility to protect from disclosure tounauthorized parties the personally identifiable information (name, address, dateof birth, etc.) of its website users.

 

Notice and Disclosures

DGH will not sell, trade and disclose the personally identifiable information of its website users to any third parties.

 

Data Quality and Access

DGH takes all steps possible to ensure that the data on the website is accurate. If something is found to be inaccurate, every effort will be to correct the same as quickly as possible. The information contained on the  DGH website is subject to change without prior advance notice. While using the DGH website certain information such as your IP Address and time spent on pages may be collected. This non-personal information is collected in order to monitor any unauthorized use or access to the DGH site. Anyone caught attempting to harm, steal information from, or otherwise damage the DGH website will be prosecuted under the relevant law.

 

Data Security

DGH website is hosted at NIC cloud data Centre and is being developed and managed by a team of Engineers from DGH and 3rd party vendor. NIC has taken every precaution to secure information on DGH website. The DGH website is placed in protected zone with implementation off irewalls and IDS (Intrusion Detection System) and high availability solution.

 

The site has been audited for website security by CERT-IN empanelled agency and has certified to be safe for hosting. The hardening of the server has been done as per the guidelines given by the NIC Cyber security division. The access to the server is restricted both physically and through the network as far as possible. The Logs are being maintained for authorized physical access to DGH server.

 

All the development work is done on separate development environment locally at DGH and well tested on staging server before updating it on the production server. The DGH website contents on the NIC Data centre servers are uploaded using secured SSH and VPN through a single point from DGH network. NIC has issued dedicated digital certificates to access their network for user authentication.

 

Audit and Log of all activities referring to the operating system, access to the system and access to applications are maintained and archived. All rejected accesses and services are logged and listed in exception reports for further scrutiny. All newly released system software patches, bug fixes and upgrades are deployed regularly and reviewed. The Antivirus has been deployed on the servers and is updated online.

 

Servers’ passwords at NIC data center are changed at the interval of one month By DGH’s technical team and are shared by two officers of DGH only.