Website Security Policy
Assam Udyog Setu is the official digital services portal of the Government of Assam for
Micro, Small, and Medium Enterprises (MSME). The portal provides online services such as
registrations, applications, incentives, and grievance redressals. The Website Security
Policy outlines the measures implemented to safeguard user information, ensure system
integrity, and maintain uninterrupted availability of services. The policy is aligned with
the Guidelines for Indian Government Websites (GIGW) 2024, Digital Personal Data Protection
Act 2023, IT Act 2000, CERT-In guidelines, and other applicable government security
standards.
Security Governance
The Assam Udyog Setu portal follows a structured security governance framework with
clearly defined roles and responsibilities. Security oversight is provided by designated
officers including the Web Information Manager, Technical Officer, Security Officer, and
Data Protection Officer. Regular reviews are conducted to monitor compliance, assess
risks, and ensure implementation of security controls in line with government standards.
Access Control and Authentication
Access to administrative and restricted sections of the portal is controlled through
role-based access mechanisms and multi-factor authentication. Users are granted minimum
required permissions, and strong password policies are enforced. Session management
controls and authentication safeguards are implemented to prevent unauthorized access
and ensure secure usage of the portal.
Application and Website Security
The portal is secured using HTTPS for encryption and industry-standard security
configurations. Measures are implemented to prevent common web vulnerabilities such as
SQL injection, cross-site scripting, and cross-site request forgery. Secure coding
practices, input validation, and file upload controls are followed to maintain the
integrity of the application.
Network and Infrastructure Security
The portal is hosted in secure government-approved data centers and protected through
layered security architecture. Firewalls, intrusion detection systems, web application
firewalls, and DDoS protection mechanisms are deployed to safeguard the infrastructure.
Administrative access is restricted through secure channels and monitored for suspicious
activity.
Data Protection and Privacy
Personal and business information collected through the portal is handled in accordance
with applicable data protection laws. Data is collected only for defined purposes and
protected using encryption and access controls. Measures are implemented for secure
storage, limited retention, and controlled access to sensitive data, ensuring
confidentiality and integrity.
Security Monitoring and Logging
The portal implements centralized monitoring and logging mechanisms to track user
activities, system events, and security alerts. Logs are retained as per regulatory
requirements and reviewed periodically to detect suspicious activities and support
incident investigation.
Vulnerability Management and Testing
Regular security assessments, including vulnerability scanning and penetration testing,
are conducted to identify potential risks. Identified vulnerabilities are remediated
within defined timelines to maintain the security posture of the portal. Security audits
are also performed in accordance with government guidelines.
Incident Response and Recovery
A structured incident response mechanism is in place to detect, contain, and resolve
security incidents. Backup and disaster recovery procedures ensure continuity of
services in case of system failures. Incidents are handled in compliance with CERT-In
reporting requirements where applicable.
Policy Review
This Website Security Policy is reviewed periodically and updated whenever required to
address emerging threats, technological changes, and regulatory updates. Users are
encouraged to report any security concerns through official communication channels
available on the portal.
