Name: General Insurance Corporation of India
Address: Suraksha, 170, J. Tata Road, Churchgate, Mumbai, Maharashtra, 400020, IN

Introduction

The Content Archival Policy (CAP) of General Insurance Corporation of India (GIC Re) outlines the procedures and guidelines for the management, archiving, and preservation of content published on the GIC Re website. This policy ensures that content is systematically archived to maintain a historical record, enhance website management, and comply with legal and regulatory requirements.

Background

Each of the content components that is valid for a particular period of time is accompanied by a validity date. For some of the components, the validity date may not be known, i.e., the content is stated to be perpetual. Under no circumstances should any content be displayed on the portal after the validity date.

Tender: Expiry date will be based on the tender date. Upon expiry, the tender will be moved to the archive section of the website.
EOI: Expiry date will be based on the EOI date. Upon expiry, the EOI will be moved to the archive section of the website.

Scope

This policy covers all published content on the GIC Re website, including documents, reports, photographs, videos, news, and announcements.

Policy

1. Archival Process:

Content older than three years will be archived unless flagged as critical by stakeholders.
Critical content includes annual reports, major policy announcements, and press releases.

2. Retention Period:

Archived content will be retained for a minimum of three years in a secure storage system.

3. Accessibility:

Archived content will be accessible to authorized personnel upon request.
For public users, archived content will be accessible only if deemed relevant.

4. Deletion of Content:

Non-critical content older than three years will be permanently deleted unless required for statutory purposes.

Objectives

To establish a systematic approach for archiving website content.
To ensure the availability of historical content for future reference.
To comply with legal and regulatory requirements regarding content retention and archiving.
To enhance the efficiency of website content management by removing outdated or obsolete content.

Content Retention Period

Current Content: Content that is relevant and up to date will remain on the GIC Re website for active use.
Archival Content: Content that is no longer current but holds historical, legal, or informational value will be archived for a period of five years from the date of publication.
Disposal of Content: Content that has surpassed its retention period and is no longer deemed valuable will be securely deleted from the archive.

Introduction

At General Insurance Corporation of India (GIC Re), the security of our website and the protection of user data are of utmost importance. This Security Policy outlines our commitment to safeguarding the confidentiality, integrity, and availability of the information and services on our website. It also details the measures we are taking to protect our website from unauthorized access, data breaches, and other security threats.

Background

For site security purposes and to ensure that this service remains available to all users, the system employs software programs to monitor network traffic to identify unauthorized attempts to upload or change information or otherwise cause damage. Unauthorized attempts to upload information or change information on this website are strictly prohibited and may be punishable as per the provisions of the relevant laws.

Scope

This Security Policy applies to all users of the GIC Re website, including employees, partners, and visitors. It covers all data, systems, networks, and resources associated with the GIC Re website.
Establishes security controls to safeguard against cyber threats, data breaches, and unauthorized access.
Includes security protocols, periodic audits, and incident response mechanisms.

Compliance

GIC Re is committed to complying with all relevant laws, regulations, and industry standards related to website security and data protection. We regularly review our security practices to ensure they align with the latest legal and regulatory requirements.

Amendments

GIC Re reserves the right to update or modify this Website Security Policy at any time without prior notice. Any changes to the policy will be posted on this page, and continued use of the website after such changes will constitute acceptance of the new terms.

Template for Security Implementation at GIC Re

GIC Re Website/Portal/Web Application has been placed in protected zones with the implementation of firewalls, IDS (Intrusion Detection System), and high-availability solutions.
Before the launch of the GIC Re Website/Portal/Web Application, simulated penetration tests were conducted. Post-launch, penetration testing is conducted periodically.
The GIC Re Website/Portal/Web Application underwent audits for known application-level vulnerabilities before the launch, and all identified vulnerabilities were addressed.
Server hardening has been performed per the Cyber Security Division’s guidelines before launching the GIC Re Website/Portal/Web Application.
Access to web servers hosting the GIC Re Website/Portal/Web Application is restricted both physically and through the network.
Logs are maintained at different locations to record authorized physical access to the GIC Re Website/Portal/Web Application servers.
Web servers hosting the GIC Re Website/Portal/Web Application are configured behind IDS, IPS (Intrusion Prevention System), and system firewalls.
Development work is performed in a separate development environment and thoroughly tested on a staging server before deployment to the production server.
Applications are uploaded to the production server using SSH and VPN through a single point after successful testing on the staging server.
Content contributed from remote locations undergoes an authentication process and is not published directly on the production server. Content is moderated before final publication.
All web page content is verified for malicious code before final upload to the web server.
Audit logs and system activity logs are maintained and archived. Rejected accesses and services are logged and reviewed in exception reports.
The Help Desk staff at GIC Re IT Monitoring Team monitors the GIC Re Website/Portal/Web Application at intervals to ensure pages are operational, unauthorized changes are absent, and no unauthorized links are established.
System software patches, bug fixes, and upgrades are regularly reviewed and installed on production web servers.
Internet browsing, email, and other desktop applications are disabled on production web servers. Only server administration tasks are permitted.
Server passwords are changed every month and shared among administrators.
<Insert Administrator Name(s)> are designated as administrators for the GIC Re Website/Portal/Web Application and are responsible for implementing this policy and coordinating with the audit team.
After major modifications in application development, the GIC Re Website/Portal/Web Application is re-audited for application-level vulnerabilities.

Compliance Audit

The GIC Re Website/Portal/Web Application has been audited before launch and complies with all policies outlined by the Cyber Security Group.

The GIC Re Website/Portal/Web Application has also undergone automated risk assessment through vulnerability identification software both before and after launch, with all identified vulnerabilities addressed.

The GIC Re Website/Portal/Web Application is critical for delivering timely and accurate information to stakeholders. To ensure its reliability, usability, and security, a structured monitoring plan is implemented

The website is constantly monitored on the following parameters

Functionality: All modules of the GIC Re Website/Portal/Web Application are regularly tested to ensure seamless functionality. Any identified issues are resolved promptly to maintain an uninterrupted user experience.
Performance: Key web pages are tested for download time and responsiveness. Efforts are made to optimize performance and provide a fast and efficient user experience.
Broken Links: A meticulous review of the website is conducted to identify and address any broken links or errors. This ensures all links redirect users to the intended destinations without disruption.
Traffic Analysis: Traffic to the website is regularly monitored and analysed. Insights from traffic patterns help improve content delivery and identify areas for enhancement.
Feedback: Feedback from website users is collected and reviewed periodically. Necessary changes and updates are implemented to ensure the website remains user-friendly and aligned with user needs.
Security Monitoring: The hosting service provider for the GIC Re Website/Portal/Web Application has implemented a state-of-the-art, multi-tier security infrastructure. This includes firewalls, intrusion prevention systems, and real-time threat monitoring.

Additional Monitoring and Reporting

A monitoring team within GIC Re IT Management ensures that the website is up and always running.
Logs and reports are generated for critical events and reviewed for any anomalies or security threats.
Scheduled performance checks and updates are conducted to align the website with the latest technological and security standards.