Payana IT and Data Protection Policy

Preamble:

This manual lays down the guidelines for Payana to ensure the provision of necessary hardware,

software, and connectivity to all project staff and human resources. It also addresses the

safeguarding of data security, maintenance of hardware and software, and outlines procedures for

accessing IT support.

Scope:

This Policy applies to all employees, interns, advisors, and consultants utilizing portable computing

devices and accessing Payana’s resources.

Objectives:

1. To lay down the functions governing the use of technical infrastructure, IT assets, and internet

connectivity.

2. To protect computing equipment against malicious code, cyber-attacks, and ensure data security.

3. To secure assets, including data and equipment, and regulate the use of permitted and licensed

software.

4. To ensure compliance with relevant statutes and regulations pertaining to IT, cyber-security, and

privacy in India.

Organization IT Assets and Infrastructure Management:

- Payana provides minimal technical infrastructure, typically issuing laptops for professional use.

- Laptops and other computing equipment shall be provided to Payana personnel on authorization

by respective Program Heads.

- The laptop configuration shall be changed from time to time according to availability of new

technology and subject to the availability of project funding.

- The Administrator shall issue the asset after updating the records pertaining to the same on its

database.

- All allocated assets shall be recorded against the user’s name in the asset register.

- Payana personnel on receipt of such assets shall be required to sign for the same in confirmation

and records.

- Access to data and passwords is conditional and restricted to authorized personnel only. Disclosing

restricted data and provision of access to passwords to unauthorized personnel shall be considered

Page 2 of 5

as a violation and strict action shall be taken against the errant employee. Please refer to the Payana

Confidentiality and Privacy Policy for more information.

- Users are responsible for the equipment issued to them and must report any needs to their line

manager for procurement.

- Personnel must report issues promptly for resolution by the Administrator.

- Prohibited activities, including terrorism and viewing illegal content, are strictly forbidden on

Payana's IT infrastructure.

Asset Management:

- Users are responsible for the care of equipment to prevent damage or loss.

- IT assets are recorded in the asset register and capitalized as per Finance Manual provisions.

- Assets are insured against loss and theft, with insurance and maintenance contracts monitored by

the Accounts/Administration department.

- Upon separation, all IT assets must be returned in good condition; failure to do so may result in

deductions from the separating employee's final salary.

Procurement Procedures:

- Requisitions for hardware, software, consumables, or spares are raised by the concerned

department in a prescribed format.

- The Purchase Committee may consult technical experts for new procurements, adhering to the

Payana Purchase Policy.

Relevant Statutes and Regulations in India:

1. Information Technology Act, 2000: Governs various aspects of electronic commerce, electronic

governance, cybercrime, and data protection.

2. Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal

Data or Information) Rules, 2011: Specifies guidelines for the collection, use, and disclosure of

sensitive personal data or information by body corporates.

3. The Personal Data Protection Bill, 2019: Aims to provide for the protection of personal data and

establish a Data Protection Authority for overseeing and enforcing data protection laws in India.

4. The Indian Penal Code, 1860 (IPC): Contains provisions related to cyber-crime, including hacking,

identity theft, and data breaches.

5. The Cyber Security Strategy of India, 2020: Outlines the national approach to cybersecurity,

including measures to enhance cybersecurity infrastructure and promote cybersecurity awareness.

Page 3 of 5

Data Management: Preservation of data, Confidentiality, Prevention of

Plagiarism and Attribution of Original Sources in Reportage

Data Preservation and Confidentiality:

Data collected during research endeavors must be preserved for a minimum of three years post-

completion or publication, maintaining their original form and securely storing them to uphold

confidentiality. Personal information relevant to the research should be gathered, ensuring data

confidentiality and ownership acknowledgment by enumerators under Payana's authority.

Confidentiality Provisions and Obligations:

Confidentiality clauses may apply if specific undertakings are made to third parties or to safeguard

intellectual property or copyrighted content. The Board of Directors is responsible to keep the

project staff and data enumerators informed of confidentiality provisions and data concerns, and

project staff should inquire about such obligations.

Public Access to Research Data:

Publicly-funded research data are deemed a public good and should be openly available whenever

possible. However, if donors require confidentiality for portions of the research data, Payana will

adhere to the terms outlined in the agreement with the donor.

Plagiarism and Proper Attribution:

Research reports and publications must adhere to stringent anti-plagiarism measures, ensuring

originality and integrity. Proper citation and attribution of original sources are imperative to

acknowledge the contributions of others and maintain academic integrity.

Private Funding Considerations:

Privately-funded research findings may not be publicly shared, highlighting the need to respect

contractual obligations and maintain confidentiality as agreed upon with funders.

Safe and Ethical Research Environment:

Research must be conducted in a safe environment with suitable equipment, prioritizing the well-

being of researchers and subjects alike. Additionally, all research endeavors must adhere to quality

standards and project timelines to fulfill obligations to funders.

Participant Consent and Protection:

Research subjects must participate voluntarily and free from coercion, with written or oral consent

obtained, especially for studies involving handheld devices. Measures should be taken to avoid harm

and minimize adverse effects on participants, animals, and the environment throughout the

research process.

Ethical Data Collection and Storage:

Page 4 of 5

Researchers must adhere to ethical practices, Indian laws, and policy guidelines during data

collection, ensuring data integrity and confidentiality. Personally identifiable data should be

anonymized or pseudonymized, and all data, digital or non-digital, must be securely stored to

protect respondents' privacy.

Data Retention and Maintenance:

Researchers are responsible for maintaining all relevant data, including consent forms, curated data,

and study tools, for a minimum of three years post-completion to facilitate data sharing and integrity

verification.

Management of Website and Social Media Platforms

Payana recognizes the importance of maintaining an online presence through its website and various

social media platforms to effectively communicate with stakeholders, raise awareness about its

mission and activities, and engage with the community. This policy outlines the guidelines and

procedures for the management and maintenance of Payana's website and social media accounts.

Website Management:

1. Responsibility: Only the authorized personnel in coordination with the Communications team,

shall be responsible for the management and maintenance of Payana's website.

2. Content: All website content must align with Payana's mission, values, and goals. Content should

be accurate, up-to-date, and relevant to the organization's activities and initiatives.

3. Accessibility: Payana is committed to ensuring that its website is accessible to all users, including

individuals with disabilities. The website design and content should adhere to accessibility standards

and guidelines.

4. Security: Measures should be in place to protect the website from security threats, including

regular updates, backups, and monitoring for vulnerabilities.

5. Feedback: Users should have the opportunity to provide feedback on the website's usability and

content. Feedback should be regularly reviewed and considered for improvements.

Social Media Management:

1. Account Ownership: Official social media accounts representing Payana should be owned and

managed by authorized personnel designated by the Communications team.

2. Content Guidelines: Social media content should reflect Payana's mission, values, and messaging.

Posts should be informative, engaging, and respectful.

3. Frequency and Timing: Posting frequency and timing should be strategic to maximize engagement

and reach. A content calendar may be utilized to plan and schedule posts.

Page 5 of 5

4. Response Protocol: Prompt and professional responses should be provided to inquiries,

comments, and messages received through social media platforms. Negative or sensitive issues

should be addressed with care and discretion.

5. Monitoring and Moderation: Social media channels should be monitored regularly for

inappropriate content, spam, or unauthorized activity. Moderation may be necessary to maintain a

positive and respectful online community.

6. Privacy and Data Protection: Personal information of users should be handled in accordance with

applicable privacy laws and regulations. Confidential information about Payana or its stakeholders

should not be disclosed on social media without proper authorization.

7. Training and Guidelines: Personnel responsible for managing social media accounts should receive

training on social media best practices, as well as guidelines and protocols established by Payana.

By adhering to the aforementioned guidelines, Payana aims to effectively manage its website and

social media platforms to enhance communication, engagement, and outreach efforts.

Conclusion:

This IT Policy establishes guidelines for the management and maintenance of Payana's technical

infrastructure, ensuring the provision of necessary resources while safeguarding data security and

asset integrity. Adherence to these guidelines is essential for maintaining operational efficiency and

compliance with organizational policies and relevant statutes and regulations in India. Regular

review and updates to this policy may be conducted to ensure its effectiveness and alignment with

evolving best practices in management of IT infrastructure, data, digital communication and social

media.