HR POLICIES MANUAL

About Udyogini –
Udyogini has an exceptional history of inception. It was conceptualized in 1992 by the World
Bank to creating a movement for women economic empowerment in India.In that era, we
were recognized as a service provider and a resource agency to NGOs and Government
Bodies, under the leadership of (Chair and founding member) Ms. Ela Bhatt, the founder of
Self-Employed Women’s Association (SEWA). Some of the earliest projects include
promoting handicrafts in Pugal, Rajasthan, incense sticks production and chuniri making
in Saharanpur, UP and curating forest and farm-based products in Mandla, MP.
From 2002 onwards, we have evolved as an expert in Entrepreneurship, particularly
building livelihoods and creating rural jobs along the entire value chain in rural areas,
ensuring that women and youth have a decent income and voice to change their own
circumstances.
Currently we are operating in six states – Chhattisgarh. Madhya Pradesh. Uttarakhand,
Jharkhand, West Bengal and Rajasthan – engaging with over 50,000 women and youth in
22 different products such as honey, lac, chilli, tamarind, herbal tea, ghee, and many more.
Table of Contents
1.
Policy on Prohibition, Prevention, and Redressal of Sexual Harassment
2. Child Protection Policy
3. Anti-Bribery and Anti-Corruption Policy and Protection of Whistle Blower
4. Policy on Anti-Discrimination
5. Grievance Redressal Policy
6. Data Protection Policy
7. Work from Home Policy
8. Information Technology Policy
9. Laptop Policy
Copyright 2024-2025
All rights reserved. No part of this publication may be reproduced, stored in a retrieval
system, or transmitted in any form or by any means, electronic, mechanical, photocopying,
recording or otherwise without prior written permission from Udyogini.
Udyogini
D, 17, Basement
Opposite Kotak Mahindra Bank Lane
Saket, New Delhi – 110017.
Telephone – 011-45781125
POLICY ON PROHIBITION, PREVENTION AND REDRESSAL OF SEXUAL HARRASMENT
Policy
This policy document (“Policy on Prohibition, Prevention, and Redressal of Sexual
Harassment”) states the policy of Udyogini with regard to the prohibition, prevention, and
redressal of sexual harassment of its employees at its workplaces. Udyogini is committed
to providing a safe work environment that is free from any form of sexual harassment and
where all employees are treated with dignity and respect.
This policy is prepared in accordance with and in compliance of the Sexual Harassment of
Women at Workplace (Prevention, Prohibition and Redressal) Act, 2013 (“Act”), and the
Sexual Harassment of Women at Workplace (Prevention, Prohibition and Redressal) Rules,
2013 (“Rules”). Wherever the Employer is referred to in this Policy, it shall be deemed as a
reference to the Head of Human Resource.
Name: Ambar Afaq
Email id – ambarafaq@udyogini.org
Contact Number – +91-7042771553
Who is covered by the Policy?
This policy extends to:
• All employees (including contractual employees, temporary, ad hoc and daily wage
workers, trainees, interns, etc), irrespective of gender;
• Individuals (Third-parties) accessing the workplace for any purpose whatsoever,
including prospective employees, visitors, vendors, and contractual resources.
• An aggrieved person under this Policy may be employed for remuneration or not,
and may be working on a voluntary basis or otherwise.
What is Sexual Harassment?
For the purposes of this policy, “sexual harassment” includes one or more of the following
unwelcome acts or behavior:
a. unwelcome physical contact and advances of a sexual nature;
b. a demand or request for sexual favours;
c. making obscene or sexually coloured remarks or gestures, or comments of sexual
nature about a person’s clothing or body;
d. showing pornography, making or posting sexual pranks, sexual teasing, voyeurism,
stalking;
e. continued expressions of sexual/romantic interest against the recipient’s wishes;
f.
deprecatory comments, or any such behavior relating to the gender identity or
sexual orientation of a person;
Further, occurrence of any of the following circumstances in relation to any sexually
determined act or behavior amounts to sexual harassment:
a. Implied or explicit promise of preferential treatment in employment;
b. Implied or explicit promise of threat of detrimental treatment in employment;
c. Implied or explicit threat about the present of future employment status of the
person;
d. Interference with work or creating an intimidating, offensive, or hostile work
environment for the person;
e. Humiliating treatment affecting any person’s health or safety.
The act that is deemed to constitute sexual harassment may be direct or implied; and
committed in person, or through print, electronic or other modes of communication,
including emails or private chats.
*The allegation of sexual harassment depends on the experience of the aggrieved person,
and not on the intentions of the respondent.
Where is the Workplace?
A complaint will be maintainable under this Policy whether the alleged incident has
occurred inside the office or outside, or during or beyond office hours (provided that the
alleged incident is connected with work related to the workplace], including work-from
home arrangements. The workplace will therefore include any place visited by the
Employee for the purpose or in connection with their employment, and includes
transportation to such place.
Who can complain about Sexual Harassment?
• Any individual covered by the policy;
• A complaint can be made on behalf of the individual alleging harassment (by any of
the persons described in Rule 6).
• The complainant does not have to be the person harassed, but could be anyone
affected by the offensive conduct.
• Where the complainant is unable to make a complaint in writing, the Presiding
Officer or any member of the Internal Committee shall render all reasonable
assistance to the complainant for making such complaint in writing.
When should the complaint be made?
• Under the law, complaints of sexual harassment are to be made within three
months from the date of occurrence.
• Where there are a series of incidents, within three months from the last of such
alleged incidents.
• The Internal Committee may condone delays beyond three months if it is satisfied
that there were circumstances that merit such condonation. However, no
complaint shall be filed after six months after any alleged incident of Sexual
Harassment.
Composition of the Internal Complaints Committee
As per Sexual Harassment Act chapter 2 Internal Complaint Committee (ICC) will be formed
consisting of
1.
Presiding officer (As per act Presiding officer shall be a woman employed at a senior level
workplace from amongst the staff. If senior level female staff is not available then it can be
nominated from other offices or administrative units.)
2. One member from amongst the non-government organization or associations
committed to the cause of women or person familiar with the issues relating to sexual
harassment. The NGO representative will be paid an honorarium for holding proceedings
of the ICC and also the reimbursement of any travel costs related to participation in the
meetings of the ICC.
3. not less than two members from amongst staff preferably committed to the cause of
women or who have had experience in social work or have legal knowledge.
4. At least half the members will be female.
Tenure and election process of the members of the ICC –
The duration of ICC membership will not be more than three years, which may be
renewed one time for an additional three years. If necessary, members may resign before
completion of their tenure by giving written notice to the Presiding Officer. In the event
of any vacancy on the ICC due to resignation, termination, and death or for any other
reason whatsoever, the same shall be filled in accordance with the procedures prescribed
by this policy within a period of three months.
Continuity – To ensure a measure of continuity in the ICC, the Presiding Officer and
outgoing members of the Committee shall nominate one person from among them to
continue as a member of the said Committee for another term of three years.
Recusal, removal, or disqualification from the ICC –
a) No person who is an aggrieved staff, witness or defendant in a complaint of sexual
harassment may participate in Committee deliberations. Any Committee member
charged with sexual harassment in a written complaint must step down as member of
the Committee during the duration of the inquiry into that complaint.
b) It is forbidden to disclose, publish, or make known the contents of any complaint and/or
inquiry proceedings – including making known the details of any complaint, or the
aggrieved staff’s name and personal details – to the media, press, or public. If any
member of the ICC is found to have breached confidentiality, they will be removed from
the ICC, and subject to appropriate disciplinary action by the organization.
c) If any criminal proceeding or disciplinary action is pending or in force against an ICC
member, they should be removed from the ICC if their continuance in office is prejudicial
to public interest
Meeting and Quorum – All meetings of the Committee will be called by the Presiding
Officer. Ideally, notice of at least four working days should be given for the meeting. In
exceptional cases, emergency meetings may be convened if required. In conducting the
inquiry, a minimum of five members of the ICC (out of which two should be women),
including the Presiding Officer, shall be present.
Responsibilities of Committee:
a) Sensitizing Udyogini staff about issues related to sexual harassment at the
workplace and its prevention.
b) Ensuring that a clear and strong message is sent to all staff that any acts of this
nature shall not be tolerated at Udyogini.
c) Conducting a just, objective and speedy inquiry into complaints as required, as
per defined laws and regulations.
d) Submitting an annual status written report to the CEO and to Board members
of the Udyogini.
e) The Annual Report must contain the following information, as per Section 14 of
the Rules:
• The number of complaints of sexual harassment received that year
• Number of complaints disposed of / investigated during the year
• Nature of action taken by the employer
• Number of cases pending before the ICC for more than 90days
• Number of workshops or awareness programmes against sexual harassment
carried out
Procedure for Raising of complaints
• The complainant shall make the complaint in writing addressed to the Presiding
Officer, of the Internal Committee (IC), and shall be delivered to any member of the
Internal Committee. Alternately complaints can be sent to iccudy@udyogini.org.
• The complaint shall be accompanied by all supporting documents, and relevant
details concerning the alleged act(s) of Sexual Harassment, including names of
witnesses, if any.
• The complainant shall certify that he/she believes the information contained in the
complaint to be true and accurate.
Procedure for Redressal
Conciliation
• Before the Internal Committee initiates an inquiry, the aggrieved Complainant may
request the Internal Committee in writing to take steps to resolve the matter
through conciliation
• If a settlement has been so arrived, the IC shall record the same and forward the
same to the Employer and provide copies of the settlement to the Complainant and
the Respondent (the person alleged to have sexually harassed the Complainant). In
such cases, no further inquiry shall be conducted by the IC.
• No monetary settlement shall be made as a basis of conciliation.
Inquiry
• In case where a settlement is not sought by the Complainant, or could not be arrived
at through conciliation, the IC will conduct an inquiry into the complaint. Further, if
the aggrieved person informs the IC that any terms of settlement arrived at through
conciliation has not been complied with, or has been violated, by the Respondent,
the IC shall proceed in accordance with the procedure given below.
• A complete copy of the complaint and other supporting documents, including
evidence and statements of witnesses shall be sent to the Respondent within 10
days of receiving the complaint.
• Upon receiving a copy of the complaint, the Respondent shall file his/her reply to
the complaint, along with supporting documents within a period of 10 working days.
A complete copy of the reply and the supporting documents, including evidence
and statements of witnesses shall be sent to the aggrieved person within 10 days of
receiving the same.
• The IC shall conduct a prompt, thorough and impartial investigation of the
complaint as necessary and appropriate, in accordance with the principles of
natural justice. (In case any member is not available to attend hearings, including
for reasons such as conflict of interest), the remaining members of the IC shall
constitute the Committee to inquire into and adjudicate upon the complaint.
However, any such Committee shall have at least three members, of which not less
than 50% shall be women. In case the available members together do no fulfill these
requirements, the Employer may name another member to the Committee on a
temporary basis.
• Both parties shall be given the opportunity to appear before the Internal Committee
and present their case and/or submit names of any witnesses or documentary
evidence substantiating their case. Neither the Complainant nor the Respondent
shall be represented by a legal practitioner.
• The Inquiry Committee shall have the power to call upon witnesses (not restricted
to the witnesses named by the complainant) and record their statements. In case
the Complainant or the Respondent wish to put questions to the witnesses or to
each other, they shall submit the same to the IC, which shall, if pertinent to the
inquiry, put the questions to the person concerned.
• The proceedings shall be conducted in the language that the aggrieved person and
the respondent are familiar with.
• Any information shared during a hearing is confidential, and divulging the same will
attract penalty under the law.
• If a party is not present for more than 3 consecutive hearings, without sufficient
cause, the Internal Committee may, after giving that party a notice of 15 days, give
an ex parte decision on the complaint or terminate the complaint.
• The inquiry process shall be completed maximum within the period of 90 (ninety)
days from the date of receipt of the complaint.
Inquiry Report
• The IC shall provide a report of its findings, along with its recommendations to the
concerned parties and the Employer, in writing, at the earliest and in any case within
10 days of completion of the investigation.
• If the allegations against the respondent are proved to be true, the Inquiry
Committee shall also recommend the penalties or corrective/restorative action that
may be taken against the Respondent to the Employer.
• The employer shall act on the recommendation of the Inquiry Committee within a
period of 60 days from the date of the receipt of the Inquiry Report, unless an appeal
against the findings is filed within that period by either party.
• Where the conduct of Sexual Harassment amounts to a specific offence under the
Indian Penal Code, 1860 or under any other law, the IC shall immediately inform the
complainant of his/her right to initiate action in accordance with law with the
appropriate authority, and also give advice and guidance to facilitate the same.
Interim Measures
During pendency of the inquiry, on a written request made by the complainant, the
committee may recommend to the employer to:
• Transfer the aggrieved individual or the respondent to any other workplace;
• Grant leave to the aggrieved individual of maximum 3 months, in addition to the
leave he/she would be otherwise entitled;
• Grant such other relief to the aggrieved individual as may found to be appropriate;
and/or
• Restrain the respondent from reporting on the work performance of the
complainant.
Protection to Aggrieved Person/Complainant
Considering the possible power asymmetry between the complainant/aggrieved
person and the Respondent, the Internal Committee shall take steps to ensure that the
complainant, aggrieved person, or witnesses are not subjected to discrimination or
victimization during or after the period of the inquiry.
Appeal
Any person aggrieved by the final recommendation of IC may prefer an appeal before
the appropriate court under law, within 90 days of the recommendations being
communicated to them.
Prohibition against Retaliation
Udyogini, particularly its top management, will not intimidate or take any retaliatory action
against any person who, in good faith, and without malice, makes a complaint, acts as a
witness, or otherwise assists in any case under this Policy. However, it is to be noted that
disciplinary or other action against an employee whose conduct or performance warrants
such action unconnected with proceedings pending under this policy shall not be a
violation of this clause.
False Allegations
• Where the IC concludes that the complainant has knowingly made a false/malicious
complaint, then it may recommend to the Employer to act, as appropriate, against
the complainant.
• However, mere inability to substantiate a complaint does not imply that the
allegations were false.
Confidentiality
The identity of the aggrieved person/complainant, respondent, witnesses, statements and
other evidence obtained in the course of inquiry process, recommendations of the Internal
Committee, and action taken by the Employer shall be confidential material, and shall not
be published or made known to any person than those for whom it is absolutely necessary.
Name of ICC Members:
1.
Ms. Ambar Afaq (Presiding Officer)
2. Ms. Durang Susan Topno (Member)
3. Ms. Shipri Gupta (Member)
4. Shri Krushna Mate (Member)
5. Ms. Pranita Das (Member)
6. Ms. Jyotsna Srivastava (Member)
7. Dr. Elizabeth Khumallambam (External Member)
CHILD PROTECTION POLICY
Udyogini commits to comply with internationally accepted standards for protection of
children from abuse, and has designed this child protection policy so as to safeguard
children from discrimination, exploitation, neglect, sexual and physical abuse, while being a part
of any of Udyogini’s programmes or accessing Udyogini premises. Udyogini commits to
minimize the risk to children in all its programmes implemented through hospitals,
vocational education institutes, community-based activities and partner/member
institutions. The child protection policy of Udyogini also intends to raise awareness on child
protection in the families and communities.
Scope
The policy applies to:
• Staff at all levels – including at branches or the field.
• Associates – these include board members, volunteers, community volunteers,
sponsors, consultants and contractors.
• Visitors, Donors, journalists, media, researchers, celebrities, staff family members,
etc. who may come into contact with children through Udyogini are also bound by
this policy.
Who is a Child?
A “child”, for the purpose of this policy means any person who is under eighteen years of
age.
What is Child abuse?
Any harm caused to a child, intentionally or unintentionally is child abuse. This includes
emotional, physical, or sexual forms of abuse.
Abuse can take any of the following forms:
• Physical abuse: hurting or injuring a child, inflicting pain, or putting their life in
danger, or threatening to do any of the same;
• Sexual abuse: when a child is, directly or indirectly, forced into or involved, or
threatening to be forced or involved in sexual activities. This would also include
inappropriate touch, exposing to pornography, the taking of, or threatening to take
or circulate pictures or videos of the child, and so on;
• Emotional or verbal abuse: Humiliating or guilt-tripping them, repeatedly rejecting
children or denying their worth and rights as human beings. Exposing the child to
abusive or inappropriate language; Threatening to cause physical or sexual harm to
any other person in order to force obedience or compliance by the child will also be
counted as abuse.
• Neglect: the persistent failure to give, or deliberate denial of, appropriate care to
provide a child with the necessities for their good health and development.
Udyogini manages several programmes which aim at providing relief and rehabilitation to
vulnerable families with children, where these children will come into contact with adults.
Similarly, a child may access a healthcare or educational facility facilitated/ run by or
funded by Udyogini, either as a patient/student or accompanying other children or an
adult/s. Further, there may be any number of situations where a child accesses the
premises of Udyogini, including its field offices, or its member institutions. Any instance of
child abuse, as defined above, will attract the provisions of this policy.
It will be the responsibility of the adult concerned to ensure that abuse of the nature
described above does not occur. It will not be a defense to say that the activity was
consensual.
Trust, abuse of power, the child’s inability to consent or make a choice, the age differential
between the perpetrator and the child, the cognitive, emotional, psycho-sexual
development level of the child and the intent of gratification, are all relevant factors when
considering whether abuse actually took place.
Do’s and Don’ts
It is expected that adults coming into contact with children will
1. Be inclusive and involve all children without selection or exclusion on the basis of
gender, disability, ethnicity, religion or any other status.
2. Be aware of the potential for peer abuse (e.g., bullying, discriminating against,
victimizing or abusing children).
3. Avoid placing yourself in a compromising or vulnerable position when meeting
with children (e.g., being alone with a child in any circumstances which might
potentially be questioned by others).
4. Develop special measures/supervision to protect younger and especially
vulnerable children from peer and adult abuse.
5. Immediately report the circumstances of any situation which occurs which may
be subject to misinterpretation to the Reporting Authority. Report suspected or
alleged abuse to the Reporting Authority.
6. Staff working in the communication department in the organization can use the
pictures or videos of children on social media for promotional purposes only. Apart
from them, no other staff are to use pictures and videos of children from the project
area.
7. Confidentiality of child related documents, if any, to be strictly followed.
How to make a complaint
A person wishing to make a complaint regarding actual or suspected child abuse can
consult and file a complaint with the Reporting Authority. It is expected that, as far as
practical, such complaint will be made at the earliest possible opportunity.
Name: Ms. Jyotsna Srivastava
Email – childprotection@udyogini.org
Contact Number- 9958914533
PROCESS OF INVESTIGATION
Once a complaint has been filed, an investigation will be undertaken immediately by the
Reporting authority through a person/s nominated by him/her. In instances where there is
an alleged perpetrator, the person will be notified immediately. The complainant and the
alleged perpetrator will both be interviewed along with any individuals who may be able to
provide relevant information. The child himself/ herself can file a complaint with the help
of a guardian to the Reporting Authority.
Supporting Members: To be finalized
Timelines: The investigator/s will work towards the prompt resolution and prevention of
discriminatory acts and practices. The first round of investigation and conclusion shall be
arrived at within 10 working days from the date of filing of the complaint.
Fairness: All complaints will be investigated in the same manner with the aim of
promoting, fairness and equality.
Confidentiality and the Right to Privacy: The confidentiality of all individuals involved in a
complaint will be preserved. The preservation of confidentiality may be affected by
Udyogini’s duty to prevent discrimination and by the alleged perpetrator’s right to know
the nature of the complaint being made against them, and who has made it, so that they
can respond. However, any information will be shared strictly on a ‘need to know’ basis. If
the investigation fails to find evidence to support the complaint, no documentation
concerning the complaint will be placed on the file of the respondent. Udyogini will retain
all documentation for 12 months for informational purposes in the event that there is an
internal appeal or a complaint filed with an outside agency. The complainant will be
informed of the outcome of the investigation at its completion, as well as steps taken as a
result.
Outcomes and Remedies: Udyogini will act swiftly to ensure that the violation of child
rights is stopped as soon as possible and may remedy the situation in a number of ways.
The main concern will be to ensure that no such incident is repeated in future. All further
steps to address the child abuse concerns would be in the best interest of the child.
Where the action that is subject of the complaint amounts to a specific offence under the
laws of the country, the investigator/s shall immediately inform the complainant of their
right to initiate action in accordance with law with the appropriate authority, and also give
advice and guidance to facilitate the same.
ANTI-BRIBERY AND ANTI-CORRUPTION POLICY, AND PROTECTION OF
WHISTLEBLOWERS
Udyogini adopts a no-tolerance approach to all forms of corruption, including bribery and
fraud, and as a principle, encourages employees and contractors to report instances where
they believe, in good faith, that one or more of the rules or principles of fair dealing, or any
law of the country is being violated. The following policy lays down the policy of the
organization with respect to the reporting of such instances, protection for reporters, and
the procedure for reporting and acting on receipt of complaints.
To Whom does this policy apply?
This policy applies to the organization and each and every employee, board member,
consultant, contractor, or volunteer, whether based in the headquarters or at any of its field
offices or branches across the country. Persons engaged on contractual basis/part-time
basis to do specific functions are also covered. This policy may also be invoked by a third
party, including donors, to report a concern relating to a potential violation of Udyogini’s
code of conduct, as well as any applicable rule or law (all of the above are collectively called
“employee” for the purpose of this policy).
While this policy primarily addresses acts of bribery or corruption related to Udyogini, the
organization reserves the right to evaluate and take appropriate action in cases involving
proven instances of bribery or corruption that are unconnected to the organization. Such
actions may be considered if the conduct of an employee, contractor, or third party
associated with the organization could harm the organization’s reputation, integrity, or
compliance with legal and ethical standards. Any decision to act in such cases will be made
at the discretion of senior management or the Compliance Officer, in accordance with
applicable laws and regulations.
What is Bribery and Corruption
A bribe is an act of offering, giving, receiving, or soliciting any payment, reward or
advantage to or from another person in exchange for doing or not doing something that
would benefit/interest the giver that the recipient would otherwise not have done or
refrained from doing.
A bribe may be anything of value and not just in form of money, gifts, inside information,
sexual or other favors, hospitality or entertainment, offering employment to a relative,
payment or reimbursement of personal expenses, charitable donation or social
contribution, or the abuse of the giver’s powers.
Corruption includes wrongdoing on the part of an authority or those in power through
means that are illegal, immoral or unethical.
Conflicts of Interest
A situation of Conflict of Interest arises when an employee taking a decision, or doing
anything, on behalf of the organization has some personal interest which might potentially
weigh on the decision. While Conflicts of Interest are not per se corruption, they may lead
to situations that are covered by this policy, and therefore it is advised that all employees
report any possible conflicts of interest out of abundant caution. An undisclosed conflict of
interest may be viewed seriously and invite disciplinary action.
What is the nature of violations covered?
A non-exhaustive list of the violations that could be the subject of a complaint under this
policy are:
• Theft, misuse of company’s assets
• Fraud or questionable accounting/financial reporting
• Corruption and improper transactions
• Any Illegal or unethical Practices
• Violation of the provisions of any law applicable to Udyogini
• Environmental Health and Safety issues
• Privacy breach; Inappropriate sharing of confidential information
• Harassment, victimization, bullying, or discrimination; Workplace Violence
• Retaliatory action as mentioned in this policy
• Conflicts of interest
Who is a whistleblower?
• Any Employee who discloses or provides any evidence of an illegal, immoral or
unethical activity, or any conduct that may constitute breach of Udyogini’s Code of
Conduct, or the applicable laws (“complaint”).
• The complaint may be anonymous, but will be made in good faith, after considering
the relevant facts pertaining to the issue. Frivolous or trivial complaints, or the
sharing of hearsay or rumors, will not be covered under this policy. It is expected
that violations reported are of a current or recent nature.
• Complaints in the nature of sexual harassment or abuse of children will be covered
by the Sexual Harassment policy and the Child Protection policy, and must be made
in accordance with the mechanism described therein.
Training on Corruption Reporting
To ensure awareness and compliance, Udyogini will: – Conduct regular training sessions for all employees and relevant third parties on
identifying, preventing, and reporting bribery and corruption. – Provide specific training on the organization’s whistleblowing procedures, including how
to report concerns confidentially and without fear of retaliation. – Include real-life scenarios and case studies in training to enhance understanding of
corruption risks and reporting mechanisms.
– Maintain records of training attendance and ensure refresher courses are conducted
annually or as needed.
Reporting Mechanisms
Employees and stakeholders are encouraged to report any suspected or actual incidents
of bribery, corruption, or unethical behavior through the following channels:
• Complaints under this policy are to be reported to below authority–
Name: Mr. Vikash Kumar Sharma
Email: vikashsharma@udyogini.org
• In case the complaint pertains to any alleged violation by the authority or anybody
within his/her line of command, the complaint can be made to the Chief Executive
Officer –
Name – Rashmi Saxena Sarkar
Email – rashmisaxena@udyogini.org
• The person to whom the complaint is made will be known as Reporting Authority
in this policy.
• Complaints must be made in writing, and must, as far as practical provide all
necessary details to enable the Reporting Authority to investigate the alleged
violation. This could include a description of the alleged violation, details such as
time and location of the violation, the length of time for which the violation
continued, whether any other person is aware of the violation, and so on. The
whistleblower is also encouraged to provide any evidence that he/she may possess
regarding the violation that will enable the Reporting Authority to investigate the
same.
• A whistleblower may choose to keep his/her identity anonymous. In such cases, the
complaint should be accompanied with strong evidence and data.
• The whistleblower (other than anonymous whistleblowers) will be informed of the
findings of the investigation at its conclusion. It is expected that the investigation
will not take longer than three months.
• In case the disclosure made does not have any specific & verifiable information, the
Authorized Person will be authorized not to take any action. This would be suitably
recorded and submitted it to Udyogini board.
• All reports will be taken seriously and investigated promptly and impartially.
Protection from Retaliation
• Udyogini assures that there will be no retaliatory action against any person who
reports any violation or incident of non-compliance in good faith, using any
appropriate channel of communication, as provided for in this policy. Any kind of
victimization of the whistleblower brought to the notice of the Reporting Authority
will be investigated promptly, and remedial action taken.
• Where requested, the identity of the complainant will be kept confidential. Where
the identity of the whistleblower is necessary to be disclosed for investigation
purposes, it will be strictly on a ‘need-to-know-basis’, and only with the prior
approval of the whistleblower.
• However, if a complaint, after an investigation, proves to be frivolous, malicious or
made with ulterior intent/motive, the Reporting Authority may take appropriate
disciplinary or legal action against the concerned whistleblower. It is clarified that
merely because the allegations made in the complaint were not substantiated in
the investigation, it will not be reason for any action against the whistleblower,
provided that the complaint was made in good faith.
• This protection from retaliation is not intended to prohibit managers or supervisors
from acting, including disciplinary action, in the ordinary course, based on valid
performance-related factors.
Dos for employees – Every employee, consultant, or any other person entering into a
relationship on behalf of Udyogini must: –
a. Conduct reasonable due diligence to review the integrity of a Third Party before
entering a commercial relationship and present the true facts and information
known and collected by him to the approving authority.
b. Obtain necessary approvals and completely follow the documentation process for
engagement and selection of any Third Party.
c. Adequately communicate to each Third Party within your work area about
Udyogini’s mandate of ethical business operations.
d. Ensure fees and commissions agreed will be appropriate and justifiable
remuneration for legitimate services rendered.
e. If you receive an offer of bribe or to be a part of a corrupt act, immediately report the
matter through reporting channel.
f.
In the event of any doubt on the integrity of a Third Party, it is your responsibility to
contact your immediate supervisor. The matter can also be reported via the whistle
blowing portal through reporting channel.
Don’ts – It is prohibited for any person covered by this policy (or someone on their behalf)
to:
a. Accept an offer of a gift of any size from any Third Party which is in negotiation with,
or is submitting a proposal with Udyogini.
b. Give, promise to give or offer, any payment, gift, hospitality or advantage to obtain
or retain a professional benefit.
c. Make any unofficial payment or grant undue advantage so as to secure/retain
business or expedite a routine government action by a government official.
d. Make an illegal payment/undue advantage made to a company, agency, media
house or other such entity to hide or expose, suppress or reveal, exaggerate or
compress any issue, information or fact in order to gain advantage.
e. Any Charitable donation/ undue advantage made to any political party, trust,
institution, organization or other entity in order to benefit professionally or
personally.
f.
Threaten or retaliate against any employee, partner or vendor who has refused to
commit a bribery offence or who has raised concerns under this policy.
Disciplinary Action for Non-Compliance
a. Non-compliance with this policy will result in severe consequences, including
but not limited to:
b. Disciplinary action, such as warnings, suspension, or termination of
employment or contract.
c. Legal action, where applicable, in accordance with local laws and regulations.
d. Termination of relationships with third parties found to be in violation of this
policy.
e. Recovery of any losses incurred due to corrupt practices.
All disciplinary actions will be documented and communicated appropriately to deter
future violations.
Documentation
The Authorized Person shall maintain documentation of all complaints or reports received
under this Policy. The documentation shall include any written submissions provided by
the complainant, any other organisation documents identified in the complaint or by the
organisation as relevant to the complaint, a summary of the date and manner in which the
complaint was received by the organisation and any response by the organisation to the
complainant. All such documentation shall be retained by the organisation for a minimum
of five (5) years from the date of receipt of the complaint or as required by law, whichever
is higher.
The Authorized Person shall submit a report to the Governing board of Udyogini on yearly
basis.
POLICY ON ANTI-DISCRIMATION
Udyogini is committed to fostering an inclusive, equitable, and respectful workplace where
all individuals are treated with dignity and fairness. This Anti-Discrimination Policy outlines
our commitment to preventing discrimination and ensuring equal opportunities for all
employees, volunteers, consultants, and stakeholders associated with the organization.
This policy applies to all areas of employment and volunteer participation, including
recruitment, training and development, promotion, transfer, termination, compensation,
benefits, as well as all and any other conditions and privileges of employment in
accordance with applicable national and local laws.
Udyogini strictly prohibits discrimination or harassment on the basis of, but not limited to,
the following characteristics:
• Race, ethnicity, or nationality
• Caste or tribe
• Gender, gender identity, or gender expression
• Sexual orientation
• Marital or family status
• Age
• Religion, belief, or cultural background
• Disability or medical condition
• Socio-economic status
• Any other characteristic protected under applicable laws
Prohibited Conduct Discrimination may include, but is not limited to:
• Unfair treatment or exclusion based on protected characteristics
• Derogatory remarks, jokes, or slurs
• Unwelcome comments, gestures, or actions that demean an individual’s identity
• Any behaviour that creates a hostile or intimidating environment
Reporting and Redressal Mechanism
Any employee, board member, volunteer or stakeholders who believes that s/he or any
other affiliate of Udyogini has been discriminated against is strongly encouraged to report
this concern promptly to the Reporting Authority. The details of Reporting Authority are:
Name: Rashmi Saxena Sarkar
Email Id: rashmisaxena@udyogini.org
Contact Number: 9453830265
No person will be punished, retaliated against, or otherwise prejudiced for exercising
anything set out in this Policy, or for filing a complaint, furnishing information for, or
participating in an investigation, or any other activity related to the administration of this
Policy.
Investigation and Resolution
• An impartial investigation committee will be formed to review reported incidents.
• All parties involved will have an opportunity to present their statements and
supporting evidence.
• Appropriate disciplinary actions will be taken if discrimination is confirmed, which
may include verbal warnings, written reprimands, suspension, or termination.
GRIEVANCE REDRESSAL POLICY
The objective of the policy is to spell out the framework for Grievance Redressal at Udyogini
to ensure that employees, consultants, contractors, and beneficiaries:
a. Are treated fairly and in an unbiased manner at all times
b. All issues raised by them are dealt with courteously and resolved on time
c. They are made completely aware of avenue to escalate their grievance within the
organization so as to obtain a fair redress of their grievances.
What is covered:
The mechanism in this policy is intended to provide a forum to give a fair hearing to any
person aggrieved during the course of their employment/engagement with the
organization. A non-exhaustive list of grievances covered by this policy is: – Complaints
relating to salaries, leave, transfer, promotion, seniority, work assignment, working
conditions, dismissal, etc.
This Policy does not apply to grievances relating to issues covered by specific policies of the
organization, such as allegations of bribery or corruption, sexual harassment or child abuse
ought to be pursued through the mechanisms prescribed in those policies.
Grievance Redressal Committee
It is generally advised that persons involved try and address issues amicably and cordially
at the first instance. An employee/consultant is encouraged to take up their concerns
pertaining to their employment with their immediate supervisor either orally or in writing.
The immediate supervisor shall make reasonable endeavor to address the issue raised. A
consultant, contractor or beneficiary may take up their concerns with their Point of Contact
at the organization.
If the person is not satisfied with the solution offered by the immediate supervisor/PoC, or
if such person feels unable to address the issue, it may be escalated to the Grievance
Redressal Committee in writing. The Committee will consist of three members, including a
board member who is not a nominee (optional). (Names of members/Email address for
complaints). One of the members shall act as its secretary.
1.
Rashmi Saxena Sarkar (Secretary) – rashmisaxena@udyogini.org (+91-9453830265)
2. Pranita Das (Jharkhand) – pranitadas@udyogini.org (+91- 7763975816)
3. Vivek Tripathi (Chhattisgarh) – vivektripathi@udyogini.org (+91- 9907040657, +91-
8085498084)
4. Shipri Gupta (Madhya Pradesh) – shiprigupta@udyogini.org (+91- 8303092271, +91
7317015047
If matter is of same location, then Director – Programme can be considered for that
particular situation.
In exceptional cases, where the grievance pertains to any of the members of the GRC, or it
is felt that the Committee cannot objectively address the issue, the aggrieved person may
write to the Chairman of the Board of Directors. However, if the Chairman feels that the
GRC is able to sufficiently address the concern raised, the complainant may be directed to
approach the Committee.
Needless to say, it is possible that the Committee, after deliberation and in good faith,
decides not to interfere in the matter. Parties agree to accept and abide by the decision.
The Grievance Redressal Committee, through its secretary, shall submit a report to the
Governing board of Udyogini on yearly basis.
DATA PROTECTION POLICY
Purpose and Scope
The purpose of this policy is to maintain the privacy of, and protect the personal information
of, employees as well as all persons who interact with Udyogini in a professional capacity,
and to ensure compliance with laws and regulations applicable to Udyogini.
The policy is applicable to all employees, board members, consultants, interns, associates,
donors, implementing partners, and ultimate beneficiaries, including interviewees; who
provide information to the organization, receive personal information, or have access to
personal information.
What is Personal Data?
Personal data, or Personally Identifiable Information, means any information that can
be used to distinguish or trace an individual’s identity, or any other information that is
linked or linkable to an individual. This can include in particular:
• Names of individuals
• Postal or living addresses
• Email addresses
• Telephone numbers
• Identity cards and numbers
• Date and place of birth
Processing of personal data means any operation conducted on the data (whether
automated or not). Examples of personal data processing include collecting, organising,
structuring, storing, modifying, and destroying data.
Sensitive Personal Information is a specific set of special categories of information that
are to be treated with extra security. These include:
• Financial information such as bank account, credit card, debit card details, credit
score, and so on;
• Physical, physiological and mental health condition, records and history;
• Sexual orientation;
• Genetic or biometric information, including fingerprints;
• Caste, racial and ethnic origin;
Non-Personal Data refers to data that cannot be traced back to the data subject. Data that
is anonymized is non-personal data.
Data Subject is the individual whose information is being collected or processed. Where
the Data Subject is a minor, or otherwise incapable of entering into a contract or giving
informed consent, consent shall be obtained from their parent or legal guardian.
Principles for processing of personal data
The following principles shall govern the use, collection, disposal and transfer of personal
information, except as specifically provided by this Policy or as required by applicable laws:
• Notice: Udyogini shall inform data subjects about how it collects, uses, retains, and
discloses personal information about them.
• Choice and Consent: Udyogini shall give data subjects the choice to not provide
personal information, when where information is provided, obtain their consent
regarding how it collects, uses, and discloses their personal information. However,
where it is not possible to provide a service without the collection of personal
information, Udyogini is not obligated to provide those services.
• Rights of Data subject: Udyogini shall permit individuals to control their personal
information, which includes the right to access, modify, erase, restrict, transmit, or
object to certain uses of their information and for withdrawal of earlier given
consent to the notice.
• Use, Retention and Disposal: Udyogini shall only use personal information that has
been collected for the purposes identified while obtaining consent of the data
subject. Further, the information shall not be retained longer than is necessary to
fulfil the purposes for which it was collected and to maintain reasonable records for
a limited period of time. Udyogini shall dispose the personal information once it has
served its intended purpose or as specified by the data subject.
• Disclosure to third parties: Udyogini shall disclose personal information to Third
Parties/partner firms only for purposes identified in the while obtaining consent of
the data subject. The personal information shall be disclosed in a secure manner,
with assurances of protection by those parties. Where the data is collected through
a Third Party, Udyogini shall ensure that, such Third Party is also bound by these
principles and enforces them, through contract,
• Anonymisation: Wherever possible, data must be anonymised before it is
transferred to a third party. However, it is essential to remember that anonymised
data can also, in some cases, be analysed so as to identify the original data subject,
and therefore employees and other persons in possession of personal information
should exhibit extra caution while sharing any sensitive personal information, even
if it is in an anonymised form.
• Security for Sensitive Personal Information: Udyogini shall identify categories of
information that are sensitive, and adopt sufficient steps to protect the information
from unauthorized access, data leakage, and other misuse.
Confidentiality
Personal data is subject to the fullest protection of confidentiality clauses in employee as
well as other contracts entered into by Udyogini. Any unauthorised collection, processing,
or use of such data by employees or others is prohibited. Duly-authorised employees may
have access to personal information only as is appropriate for the type and scope of the
task in question. Employees, consultants, and other recipients of personal information are
forbidden to use personal data for private or commercial purposes, to disclose it to
unauthorised persons, or to make it available in any other way. This obligation shall remain
in force even after employment has ended.
Security of Information
The Compliance Officer Will take sufficient steps to ensure that Personal data is
safeguarded from unauthorised access and unlawful processing or disclosure, as well as
accidental loss, modification or destruction. Employees and other stakeholders will also
keep in mind privacy and data protection obligations and the violation of which might
potentially result in huge penalties upon Udyogini.
Policy Compliance
Compliance with this policy shall be reviewed on an annual basis by the Compliance Officer
to ensure continuous compliance monitoring through the implementation of compliance
measurements and periodic review processes. For proactive detection of data breaches,
please refer breach management policy.
Violations
Any failure to comply with the current policy or to deliberately violate the rules set in the
policy will result in the launch of an appropriate investigation by Udyogini. Depending on
the gravity of the actions as determined in an investigation, Udyogini may suspend or
terminate staff as well as its relationship with other partners as described in this policy.
Employees as well as other stakeholders are encouraged to report violations under this
policy to Compliance Officer. Where necessary, and to the extent feasible, the Compliance
Officer will grant anonymity for the whistleblower for the purpose of investigation.
WORK FROM HOME POLICY
Purpose and Scope –
Udyogini is committed to offer work-life balance and foster a culture of integrity and ethics
as well. It is also important to Udyogini that it enables its workforce to enjoy adequate
flexibility necessary for creative exploration in working strategies vis. enable its employees
to give their best in realizing the larger mission of the organization. In line with our
commitment, the purpose of this policy is to outline the scope and guidelines for Work
from Home arrangement. This policy is applicable to all the full-time employees of
Udyogini.
Work from Home: Rationale
Working with colleagues in person is a wonderful experience, for, it enables people to bond,
iron out issues and deliberate on issues to build consensus on important decisions.
However, there may be occasions where it may be appropriate or necessary for employees
to carry out their work responsibilities from home due to certain reasons. “Work from Home
(WFH)” is applicable in scenarios where due to personal emergencies or disasters such as
outbreak of a pandemic like Covid, the physical presence in the office is difficult or barred.
In such a situation, the work may suffer. In order to keep up with our commitment to fulfil
the professional needs, the organization may offer special privileges to employees for
carrying out the professional duties from remote working arrangements. This strictly to
ensure that the best interests of the organization and of the employee are protected. There
may also be situations where the employee may have personal obligation to be present at
their home and yet meet the professional obligations through remote working
arrangement. In both the scenarios, it is the sole discretion of the organization to assess the
need and extent of the need for remote working. Following situations may be considered
wherein the organization can take a call in granting the privilege of working from home to
all employees at the same time or to individuals, on case-to-case basis. The arrangement is
suitable when –
1.
If a female employee of Udyogini may require work from home privilege to tend to
a small child after having exhausted maternity leaves. This arrangement is only
offered if the employee doesn’t have any support system to nurse the young child.
The period which can be availed under this circumstance is upto 25 days.
2. If an employee has an emergency at home, wherein, their physical presence at
home is necessary but the time availability to finish their professional obligations is
not a challenge.
3. If an employee is challenged to travel out of their homes, or are physically not able
to attend office due to an illness, recovery from injuries or tending to a family
member (immediate) at home, but the time availability to finish their professional
obligations is not a challenge.
4. If a national emergency is declared due to a pandemic outbreak, disaster or war like
situation, wherein the work obligations have to be met but the physical presence of
employees in office may not be necessary or possible.
5. Any special circumstances which are beyond human control, wherein for unsual
circumstances an individual or a group of employees is unable to physically attend
the office.
In all the above circumstances that are unforeseen and beyond one’s control, the
organization may offer work from home arrangements for a certain period, purely at
the discretion of the Senior Leadership and/or the Working Committee in the following
conditions –
1)
For any situation which can be predicted well in time, the applicant is required to
send in their request to their Reporting Manager in writing a week before the
desired date of work from home. A maximum of 10 work from home days will be
allowed in predictable emergency situation, given that the employee raises the
request a week before and the committee decided favourably. The approval for the
same is purely at the discretion of the Working Committee.
2) In case of emergency need for remote working, if the employee seeks this privilege
to be granted, the Reporting Manager (only the State Managers, Head of Verticals
herein) is empowered to grant the privilege of remote working only upto 3 days in
a month but only upto 2 times in one year.
3) The CEO has the discretionary powers in amending any decision of the Reporting
Manager or of the Working Committee or any clause of this policy at any time.
This policy will only be applicable to employees having completed the probation period
successfully. Once granted the work from home privilege, the employee is required to
mark attendance as usual and obligated to complete the work as expected.
Manager’s Responsibilities –
The Reporting Manager is required to ensure –
1.
The key deliverables are decided and agreed upon with their reportees.
2. Measure and monitor the work output of the employee.
3. Keep the employee in the loop for all the official discussions and decisions.
4. There is regular communication, establishing a regular pattern of telephone / e-mail
communication to keep in touch.
5. There is an “open line” of communication with everyone in the team.
6. Actively promote a sense of belonging in the team.
Employee’s Responsibilities –
The employee is required to –
1.
Log in the adequate hours of work to fulfil professional duties on a daily basis
2. Ensure delivery with quality and quantity of the work assigned and agreed by the
Reporting Manger.
3. Be available over calls and online meetings as scheduled
Process of applying –
In unprecedented circumstances such as Covid, the Management may declare remote
working for all or some employees for a period deemed fit.
In case of an employee seeking remote working – they need to ensure that they fully
understand the Work from Home Policy.
The employee is required to send in a request to their Reporting Manager for seeking this
privilege. The Reporting Manager will make the preliminary assessment and process the
application depending on the situations as listed mentioned above.
WORKING COMMITTEE:
The Working Committee consists of:
1.
HR Manager – Ambar Afaq
2. Finance Manager – Rajan Upadhyay
3. CEO – Rashmi Saxena Sarkar
4. Reporting Manager
The Committee will decide of approving or disallowing the remote working on following
factors –
1.
The eligibility of need for remote working as per the rationale
2. The urgencies of the tasks to be finished in a certain time frame
3. The feasibility of the remote working –e.g. access to all data, server, software or
documents needed for carrying out the tasks assigned.
4. Past performance, period of association and integrity of the employee
5. Key outputs envisaged and monitoring arrangements
6. What are the implications of remote working on others?
7. The number of leaves available, to consider if leaves can best serve the needs of the
employee based on their circumstances
INFORMATION TECHNOLOGY POLICY
Introduction
Udyogini ‘s IT Policy provides the rules and procedures for staff accessing and using an
organisation’s IT assets and resources like Personal Computers, Laptops, Telephone,
Internet and software for office work. The purpose of this policy seeks to effectively manage
and guiding the use, maintenance and security of IT resources and equipment.
Udyogini will keep IT Policy current and relevant and continually updated to adapt as per
the organisation’s requirement of Information Technology. Therefore, from time to time it
will be necessary to modify and amend the policy, or to add new procedures.
1 PURCHASING POLICY
This policy provides guidelines for the purchase of hardware and software for the staff to
ensure that all hardware technology and software applications are appropriate, value for
money and where applicable integrates with other technology. The objective of this policy
is to ensure that there is minimum diversity of hardware within the organisation and
applies that the software obtained as part of hardware bundle or pre-loaded software.
a) The procedures & guidelines need to be followed to purchase new technological
equipment, services or software for official purposes as mentioned in the Udyogini’s
HR Manual
b) All approved equipment, services or software will be purchased after the approval
of Authorized Signatory only.
c) Based on the requirement of a particular Project or Department, Multiple
configurations and the best and effective hardware or software is to be purchased.
d) The complete details related to the purchase of technological equipment, services
or software should be mentioned by the staff in Indent Form.
e) The Assigned Team is responsible for maintaining record of all technological assets
purchased by the organisation.
f)
Computer Peripherals like Printer, Scanner, Photocopier, Fax Machine, Keyboard,
Mouse, Web Camera, Speaker, Modem etc., Personal Computing Devices like
Desktop, Tablet, Networking Equipment & Supplies (Router, Switch, Antenna,
Wiring, etc.), Storage Devices (Hard Disks, CD and DVD Drives, Ram Disks ,Pen
Drives, Cloud) Landline Phone Systems and Mobile Devices are to be purchased by
the organisation and provided to individual staff member, departments or projects
for their official use as and when required.
2 ISSUE / WITHDRAW OF IT EQUIPMENTS:
a) Personal Computing Device (Desktop)/ Laptop will be issued to a New Joiner on
the Day of Joining or as per the work requirement
b) Approval is required by Reporting Manager for issuing computer peripherals and
same will be recorded by Admin Person
c) Staff is not allowed to carry any IT equipment outside the office without the
permission of Reporting Manager
d) The Landline Phone Systems are placed in the workplace to communicate
internally with other staff members and to make external calls
e) While any staff member is leaving the organisation, it is the responsibility of HR
Person to communicate to Reporting Manager to collect all issued organisational
equipment from the staff and same will be updated to Admin Person.
3 USAGE POLICY
This policy provides guidelines for the use of Hardware and Software equipment by all staff
members.
3.1. HARDWARE USAGE POLICY –
a) It is the responsibility of all staff members to use the assets carefully.
b) Misuse or improper use of equipment or software within the organisation will be
considered as a disciplinary action.
c) There should not be any inappropriate use of equipment and software by any staff.
d) While operating any equipment, if staff member observed any fault or problem, it
should be addressed immediately to their Reporting Managers.
e) It is mandatory for all staff members to inform the Admin Department for major
issues like PC replacement, non-working equipment, installation of application
software etc
f)
For any damage to Personal Computers, approval from Reporting Manager would
be required.
g) Any repeated occurrences of improper or careless use of equipment will be
subjected to disciplinary action.
h) It is advisable to staff to take Data Backup on weekly basis in some external storage
device also.
3.2 SOFTWARE USAGE POLICY – This policy provides guidelines for the use of software for
all staff members to ensure that all software installation and usage is appropriate. All
software is installed and the license information must be registered.
a) It is the responsibility of Admin Person to ensure that –
• What software is installed on every machine
• What license agreements are in place for each software package
• Renewal dates if applicable.
b) All software must be appropriately registered where this is a requirement
c) No staff member is allowed to install pirated software on official equipment
d) Udyogini is to be registered owner of all Software
e) A software upgrade shall not be installed on a computer that does not already have
a copy of the original version of the software loaded on it
f)
Only software obtained in accordance with the getting software policy is to be
installed on the official systems.
Usage –
a) Only software purchased in accordance with the getting software policy is to be
used within the organisation. All staff members in the organisation are expected to
make sure they have anti-virus software installed in their laptops/desktops (personal
or official) used for office work.
b) Prior to the use of any software, the staff members must know the restrictions (if
any) on use of the software on any licensing agreements
c) The external items like Hard disk or Pen Drive must be completely scanned by the
Antivirus Software before the use
3.3 INTERNET USAGE POLICY
This policy provides guidelines to staff members for the acceptable use of the internet,
computers, email, and other forms of technology used in connection with the organisation.
a) Staff Members are responsible for accessing content on Internet and downloading
by using Internet facility of the office. They must refrain themselves to visit any
website which is inappropriate. Occurrence of such act might lead to Disciplinary
Action.
b) Mails / messages should not be forwarded or sent to anyone from the official email
ID unless it is required for an officially approved purpose.
c) Excessive personal use of company internet (“cyber loafing”) during work hours is
not permitted, however occasional and reasonable personal use is acceptable, so
long as: a) Frivolous use of the internet does not interfere with staff’s productivity,
including the quality of work produced and other indicators of performance
d) The Staff members’ personal use of the internet does not violate any other
guidelines mentioned in IT policy
e) Personal use does not cause undue effects to the organisation network by
consuming an excessive amount of the limited available bandwidth. Examples
include but are not limited to downloading/uploading unreasonably large files and
streaming videos
f)
Staff Members do not use organisation property to perform commercial services
outside of tasks and assigned projects.
4. INFORMATION SECURITY POLICY
This policy provides guidelines for the protection of organisation ‘s information and Data
from unauthorized use and to ensure integrity, confidentiality and availability of data within
the organisation.
I. Physical Security
a) For all servers, mainframes and other network assets, the area must be secured with
adequate ventilation and appropriate access
b) It is the responsibility of Admin Person to ensure that this requirement is followed
at all times. Any staff member becoming aware of a breach to this security
requirement is obliged to notify to his Reporting Manager immediately
c) All security and safety of all portable technology (such as laptop, notepads, iPad,
Mobile phones etc) will be the responsibility of the staff member who has been
issued with these equipments. Each staff member is required to use locks,
passwords, etc and to ensure the asset is kept safely at all times to protect the
security of the asset issued to them.
d) In the event of loss or damage, the Reporting Manager will assess the security
measures undertaken to determine if the staff member will be required to
reimburse for the loss or damage
e) To ensure Data Security, proper and adequate knowledge should be provided to
Data
II. Information Security
a) Every staff member will be issued with a unique identification code to access the
organisation’s technology and will be required to set a password for access every
detail
b) Each password is to be created at least one numeric and one special character apart
from the letters and is not to be shared with any staff members within the
organisation
c) Upon termination, resignation or retirement from the organisation, the organisation
will deny all access to electronic messaging platforms owned/provided by the
organisation
d) Proprietary, confidential and sensitive information about the organisation or its staff
members should not be exchanged via electronic messaging systems unless pre
approved by the Reporting Manager
e) Unauthorized copying and distributing of copyrighted content of the organisation
is prohibited.
f)
Do not to open emails and/or attachments from unknown or suspicious sources
unless anticipated by you.
g) All relevant data is to be backed-up.
5 WEBSITE POLICY
This policy provides guidelines for the maintenance of all relevant technology issues related
to the organisation’s website.
a) Website Register – The website register must record the following details:
• List of domain names registered to the organisation
• Dates of renewal for domain names
• List of hosting service providers
• Expiry dates of hosting
b) Website Content –
• All content on the website is to be accurate, appropriate and current. This will be the
responsibility of Communication Team
• The content of the website is to be reviewed quarterly
• The Communication Team is authorised to make changes to the website:
• Basic guidelines must be followed on websites to ensure a consistent and cohesive
image of the organisation
• All data collected from the website is to adhere to the Privacy Act.
WORKING COMMITTEE
Any Exceptional situation will be handled by the members of Working Committee:
1. Chief Executive Officer
2. Director – Programme
3. HR Manager
4. Reporting Manager
LAPTOP POLICY
Purpose
This policy addresses the actions that must be taken by all Udyogini employees and serves the
outline of use and storage of organization ‘s laptop. The issue of organization’s laptop to the
employees will be the sole decision of Management.
The Policy describes the controls necessary to minimize laptop damage risks. Laptop may be
viewed as an essential and convenient business tool, but their very portability makes them
particularly vulnerable to physical damage or theft. The impact of such a breach includes not
just the replacement value of the hardware and software license but also the value of
organizational data on them, or accessible through them.
1.
All laptops acquired for employees on behalf of the Organisation shall be deemed
to be Organisation property.
2. Any employee issued with a laptop shall be responsible for the security of that
laptop, regardless of whether the laptop is used in the office, at the employee’s place
of residence, or in any other location such as a hotel, conference room, car or airport.
3. The organisation will install and activate Anti-virus in all laptops. The employees
should ensure that the antivirus is on and updated at all times.
A. Physical Security & Theft Prevention
1.
The physical security of Organisation provided laptops is the employee’s personal
responsibility. He/she is therefore required to take all reasonable precautions, be sensible
and stay alert to the risks.
2. In case of loss/theft/damage/malfunction of laptop- be it on, or off Organisation premises,
employees are required to report the same to the Reporting Manager and HR within 24
hours. In any of the mentioned situation, the Organisation may recover the cost of the
laptop from the employee on a depreciated value as decided by the management/
financial manual as deemed fit. The same may be deducted from the monthly salary of
the employee.
3. Organisation maintains the right to conduct inspections of any computer equipment,
including all laptop it owns or manages without prior notice to the Employee who is at
the time the user or custodian of such computer equipment. Employee will submit the
laptop for random audit by Organisation in order to check the physical presence as well
as the functional usability of the asset.
4. In case of leaving the employment or being terminated for any reason, employee will
hand over the asset to Organisation in working condition failing which Organisation is
authorized to recover the depreciated cost against the employee.
B. Data Backups
1.
An employee will be solely responsible for storing and securing data.
2. Any inefficiency report data / limitation of work scope arising due to theft, loss or
damage, or if it simply malfunctions, will be the sole responsibility of employee.
C. Use of Unauthorized Software /Content
1.
Employees are required to ensure that they do not download, install or use unauthorized
software programs. Unauthorized software could introduce serious security
vulnerabilities into the Organisation networks as well as affecting the working of your
laptop.
2. If there is damage on account of the above the employee may be liable to pay the
damages at cost to the Organisation/the same will be deducted from their monthly salary.
D. CONSEQUENCES OF BREACH
1.
Any action of the employee that are inconsistent with this Policy shall be treated as
serious professional misconduct on the part of the employee, and the employee
concerned shall be subject to any disciplinary proceeding, or action, by the Organisation,
which the management of the Organisation may deem appropriate under the existing
circumstances. Such action may also include any rights of termination or any other rights
that the Organisation may have under the terms of the employment agreement entered
into by the Organisation with the employee concerned.
2. The Organisation shall bear expenses for laptop maintenance and repairs arising out of
the normal wear and tear However, in the event of any damage to the laptop arising out
of the negligence, misuse or abuse of the laptop by the employee, the employee shall be
solely liable to make the payment for all the expenses arising therefrom. The Organisation
shall have the right to reclaim such expenses and deduct the same from your monthly
salary.
E. GENERAL GUIDELINES-
All employees must take the following actions to ensure the physical security of laptops:
▪ When not in use, the laptop must be locked with a password and caution taken
when entering any organisation passwords on the laptop.
▪ Store the laptop in a locked cabinet or desk when not in use.
▪ Do not leave your laptop in your vehicle. If it is necessary to leave the laptop in your
vehicle for a very short period of time, the laptop must be locked in the trunk of the
vehicle.
▪ When using the laptop in public areas, do not leave the laptop unattended for any
length of time.
During travel:
▪ Do not pack your laptop in checked luggage.
▪ Attach a name tag or business card to your laptop to easily identify it during security
checks or if lost.
▪ Store the laptop in a hotel room safe or locked suitcase when you are not in the
room.