Post on 07-Jan-2022
Version 1.0.0 Date: 15.09.2018 Page 1 of 37 .
BRAHMAPUTRA CRACKER AND POLYMER LIMITED
Information Technology (IT) Policy
Information Classification: Confidential
Distribution: Internal Distribution Only
Access: Internal Use Only
Brahmaputra Cracker and Polymer Limited
Information Technology (IT) Policy
Version 1.0.0 Date: 15.09.2018 Page 2 of 37 .
TABLE OF CONTENTS
DOCUMENT VERSION CONTROL INFORMATION ................................................................ 5
REVISION / AMENDMENT CHART .................................................................................. 6
1 PURPOSE OF DOCUMENT ..................................................................................... 7
2 INTRODUCTION ................................................................................................. 7
3 SCOPE ............................................................................................................. 9
4 ORGANIZATION AND PLANNING ............................................................................ 11
4.1 IT PROCESSES, ORGANIZATION AND RELATIONSHIPS ......................................................................... 11
4.1.1 Role of IT Department ..................................................................................................... 11
4.1.2 Role of IT Department in Software Development .......................................................... 12
4.1.3 Role of process owner in Software Development ........................................................... 12
4.1.4 Role of IT Functional Team ............................................................................................. 12
4.2 IT BUDGET .............................................................................................................................. 13
4.3 COMMUNICATION OF MANAGEMENT AIMS AND DIRECTION .................................................................. 13
4.4 MANAGEMENT OF IT HUMAN RESOURCES ....................................................................................... 13
4.5 MANAGEMENT OF QUALITY .......................................................................................................... 13
4.6 ASSESSMENT AND MANAGEMENT OF IT RISKS .................................................................................. 14
4.7 MANAGEMENT OF PROJECTS ........................................................................................................ 14
5 ACQUISITION AND IMPLEMENTATION ..................................................................... 14
5.1 IDENTIFICATION OF AUTOMATED SOLUTIONS ................................................................................... 14
5.1.1 Software Development .................................................................................................... 15
5.1.2 Criteria for In-house Development ................................................................................. 15
5.1.3 System Software .............................................................................................................. 15
5.2 ACQUISITION AND MAINTENANCE OF APPLICATION SOFTWARE ............................................................ 15
5.2.1 Application Software Procurement/Development ......................................................... 15
5.2.2 BCPL E- Business .............................................................................................................. 17
5.2.3 CONNECT Portal .............................................................................................................. 17
5.2.4 Hosting of Company Web Sites ....................................................................................... 17
5.2.5 Software Maintenance and Support ................................................................................ 17
5.2.6 Documentation of Business Application Packages .......................................................... 17
5.3 ACQUISITION AND MAINTENANCE OF TECHNOLOGY INFRASTRUCTURE ................................................... 18
Brahmaputra Cracker and Polymer Limited
Information Technology (IT) Policy
Version 1.0.0 Date: 15.09.2018 Page 3 of 37 .
5.3.1 PC..................................................................................................................................... 18
5.3.2 Printer, UPS, Scanner and other Peripherals.................................................................. 19
5.3.3 Notebook PCs ................................................................................................................... 19
5.3.4 Scanners .......................................................................................................................... 19
5.3.5 Projectors ........................................................................................................................ 19
5.3.6 Servers ............................................................................................................................. 20
5.3.7 Network Connectivity ...................................................................................................... 20
5.3.8 Internet Connectivity ...................................................................................................... 20
5.3.9 Video Conferencing Systems ........................................................................................... 20
5.3.10 Spares .............................................................................................................................. 21
5.3.11 Storage for Spares ........................................................................................................... 21
5.3.12 Asset Identification & Management ................................................................................ 21
5.3.13 Insurance ......................................................................................................................... 21
5.3.14 Specialized Plant Systems ............................................................................................... 21
5.4 ENABLING OPERATION AND USE ................................................................................................... 21
5.4.1 Site Preparation .............................................................................................................. 21
5.4.2 IT Operations ................................................................................................................... 23
5.4.3 Help Desk ......................................................................................................................... 24
5.5 PROCUREMENT OF IT RESOURCES ................................................................................................. 24
5.5.1 Procurement of IT Assets ................................................................................................ 24
5.5.2 Warranty .......................................................................................................................... 25
5.5.3 Miscellaneous Budget ...................................................................................................... 25
5.6 MANAGEMENT OF CHANGES ......................................................................................................... 25
5.7 INSTALLATION AND ACCREDITATION OF SOLUTIONS AND CHANGES ....................................................... 25
5.8 DECLARATION OF EMERGENCY ..................................................................................................... 26
6 DELIVERY AND SUPPORT ..................................................................................... 26
6.1 DEFINITION AND MANAGEMENT OF SERVICE LEVELS .......................................................................... 26
6.2 MANAGEMENT OF THIRD-PARTY SERVICES ...................................................................................... 26
6.2.1 IT Partner / Consultancy ................................................................................................. 26
6.3 MANAGEMENT OF PERFORMANCE AND CAPACITY .............................................................................. 26
6.3.1 Application Tuning .......................................................................................................... 26
6.3.2 IT and ERP Infrastructure Upgrade ................................................................................. 26
6.3.3 Hardware Life .................................................................................................................. 27
6.4 ENSURING CONTINUOUS SERVICE .................................................................................................. 28
6.5 ENSURING SYSTEMS SECURITY ...................................................................................................... 28
Brahmaputra Cracker and Polymer Limited
Information Technology (IT) Policy
Version 1.0.0 Date: 15.09.2018 Page 4 of 37 .
6.6 EDUCATION AND TRAINING OF USERS ............................................................................................ 28
6.6.1 Training Program ............................................................................................................. 28
6.7 MANAGEMENT OF SERVICE DESK AND INCIDENTS .............................................................................. 29
6.8 MANAGEMENT OF THE CONFIGURATION ......................................................................................... 29
6.9 MANAGEMENT OF PROBLEMS ........................................................................................................ 29
6.10 MANAGEMENT OF DATA .............................................................................................................. 29
6.11 MANAGEMENT OF THE PHYSICAL ENVIRONMENT ............................................................................... 29
6.12 MANAGEMENT OF OPERATIONS ..................................................................................................... 30
7 MONITORING AND EVALUATION ............................................................................ 30
7.1 MONITORING AND EVALUATION IT PERFORMANCE ............................................................................ 30
7.2 MONITORING AND EVALUATION OF INTERNAL CONTROL .................................................................... 30
7.3 ENSURING REGULATORY COMPLIANCE ........................................................................................... 30
7.4 PROVISION OF IT GOVERNANCE .................................................................................................... 30
8 RESPONSIBILITIES OF IT USERS ............................................................................. 30
9 COMPETENT AUTHORITY TO APPROVE FOR REQUIREMENTS NOT COVERED IN IT POLICY .... 33
10 REVIEW OF BCPL IT POLICY ................................................................................. 33
11 ANNEXURE ...................................................................................................... 34
11.1 ANNEXURE 1 (IT SERVICES) ................................................................................................... 34
11.2 ANNEXURE 2 (PC TRANSFER POLICY) .................................................................................... 35
11.3 ANNEXURE 3 (MAJOR LOCATIONS) ........................................................................................ 35
11.4 ANNEXURE 4 ...................................................................................................................... 36
Brahmaputra Cracker and Polymer Limited
Information Technology (IT) Policy
Version 1.0.0 Date: 15.09.2018 Page 5 of 37 .
Document Version Control Information
Document Name Information Technology Policy
Current Version
A.B.C A: 1 or greater indicates approved IT Policy and is under change control. B: incremented for all changes of contents, i.e. enhancements, corrections, updates, etc. C: incremented when editorial only changes have been incorporated in the IT policy
Document Storage Intranet
First Published 15.09.2018
Document Owner IT Department
Classification Internal Distribution Only
Approved By Company Board of Directors
Brahmaputra Cracker and Polymer Limited
Information Technology (IT) Policy
Version 1.0.0 Date: 15.09.2018 Page 6 of 37 .
Revision / Amendment Chart
S.No. Revision
No.
Amendment
No.
Amendment
date
Amendment
type
Clause
No.
Informed to
Board on
initial
Brahmaputra Cracker and Polymer Limited
Information Technology (IT) Policy
Version 1.0.0 Date: 15.09.2018 Page 7 of 37 .
1 Purpose of Document
This Information Technology (IT) Policy document endeavours to outline a strategy for
harnessing the opportunities and the resources offered by IT for meeting BCPL (hereafter
referred to as ‘company’ or ‘BCPL’) business objectives by integrating and institutionalizing
good practices. This document aims to help in linking business goals to IT goals and
identification of the associated responsibilities of business and IT process owners.
The objectives of the IT policy are to provide directives for:
a. Entitlement of MD, Functional Directors, COO and employees for various IT assets like
PC, Notebook, and peripherals;
b. Entitlement of MD, Functional Directors, COO and employees for various IT services like
Internet and E-Mail;
c. Procurement and deployment of IT assets;
d. Methodologies to be adopted for development of customized software and procurement
of readymade software for deployment in various functional areas;
e. Role and responsibilities of IT department for ensuring up-keep and high availability of
IT services;
f. Role and responsibilities of functional departments;
g. Role and responsibilities of IT users;
h. Information security;
i. Continuity of IT services;
j. Information Systems (IS) Audit periodically for adopting best IT practices; and
k. Identification of IT training needs of users and IT personnel.
2 Introduction
Information Technology provides synergy, learning, increased productivity, competitive
advantage, new opportunities, faster and correct decision-making and generally enables a
better control for achieving organization's objectives by integrating business processes. IT
leverages the availability of information and speeds up decision-making process of the
organization. However, IT carries risks - it is costly to implement and very prone to failures if
not managed properly. With the computerization of more and more business processes of the
organization, IT has become integral to working. For the quality IT infrastructure / systems, to
Brahmaputra Cracker and Polymer Limited
Information Technology (IT) Policy
Version 1.0.0 Date: 15.09.2018 Page 8 of 37 .
be timely developed, implemented, maintained and put to use, requires a sound IT Policy in
organization.
Current proposed policy is the first IT policy of BCPL since its inception in 2007. Company has
implemented SAP R/3 as the Enterprise Resource Planning (ERP) software in April’2015. ERP
System at BCPL has been implemented with the following objectives:
a. Prompt & Uniform availability of information;
b. Faster decision-making;
c. Reduction in IT system maintenance cost;
d. Improving inventory visibility across locations/project to reduce duplicate purchases;
e. Increase in efficiency & productivity across all business functions;
f. Easier corporate consolidation/Strategic Business Unit (SBU);
g. Providing solutions to plant maintenance, production planning, product costing, supply
chain management, customer relationship management, e-procurement, Internet sales,
human resource development and Project management;
h. Integration of single agency system with other applications;
i. Provide e-procurement solutions; and
j. Reduction in software engineer’s manning concentration at remote location.
BCPL IT Department has been assigned responsibility for managing and providing information
technology services to the organization. The department has also been provided responsibility
for maintenance and updating of the IT Policy. This policy applies to all employees (including
those on deputation) and contractors of the company, and third party/outsourced service
provider staff involved in providing or managing Information Technology services to the
organization as a part of their business activities for the company. The IT Policy of the company
has been aligned with the internationally accepted Control Objectives for Information and
related Technology (COBIT) framework. COBIT is an IT governance framework and supporting
toolset that allows managers to bridge the gap between control requirements, technical issues
and business risks. COBIT enables clear policy development and good practice for IT control
throughout organizations. COBIT emphasizes regulatory compliance, helps organizations to
increase the value attained from IT, enables alignment and simplifies implementation of the
COBIT framework.
Brahmaputra Cracker and Polymer Limited
Information Technology (IT) Policy
Version 1.0.0 Date: 15.09.2018 Page 9 of 37 .
The policy is subject to further amendment. In case of major changes, the revision of IT policy
shall be reviewed by committee and approved by MD.
3 Scope
IT policy shall span the entire IT life cycle as per the COBIT framework covering the 4 major
heads:
a. Organization and Planning:
This covers strategy and tactics, and concerns the identification of the ways IT can best
contribute to achieve the business objectives. The realization of this strategic vision needs to
be planned, communicated and managed effectively & efficiently. This will require proper
organization as well as putting in place the technological infrastructure. It covers:
IT PROCESSES, ORGANIZATION AND RELATIONSHIPS
IT BUDGET
COMMUNICATION OF MANAGEMENT AIMS AND DIRECTION
MANAGEMENT OF IT HUMAN RESOURCES
MANAGEMENT OF QUALITY
ASSESSMENT AND MANAGEMENT OF IT RISKS
MANAGEMENT OF PROJECTS
b. Acquisition and Implementation:
To realize the IT strategy, IT solutions need to be identified, developed or acquired,
implemented and integrated into the business processes. This should also cover maintenance,
changes, obsolescence and upgrade of existing systems to ensure that the life cycle is continued
for IT systems till such time it is economic & efficient to manage. It covers:
IDENTIFICATION OF AUTOMATED SOLUTIONS
ACQUISITION AND MAINTENANCE OF APPLICATION SOFTWARE
ACQUISITION AND MAINTENANCE OF TECHNOLOGY INFRASTRUCTURE
ENABLING OPERATION AND USE
PROCUREMENT OF IT RESOURCES
MANAGEMENT OF CHANGES
Brahmaputra Cracker and Polymer Limited
Information Technology (IT) Policy
Version 1.0.0 Date: 15.09.2018 Page 10 of 37 .
INSTALLATION AND ACCREDITATION OF SOLUTIONS AND CHANGES
c. Delivery and Support:
This covers the actual delivery of required services, which range from traditional operation,
security and services continuity aspects to training. In order to deliver services, the necessary
support processes must be set up. It covers:
DEFINITION AND MANAGEMENT OF SERVICE LEVELS
MANAGEMENT OF THIRD-PARTY SERVICES
MANAGEMENT OF PERFORMANCE AND CAPACITY
ENSURING CONTINUOUS SERVICE
ENSURING SYSTEMS SECURITY
EDUCATION AND TRAINING OF USERS
MANAGEMENT OF SERVICE DESK AND INCIDENTS
MANAGEMENT OF THE CONFIGURATION
MANAGEMENT OF PROBLEMS
MANAGEMENT OF DATA
MANAGEMENT OF THE PHYSICAL ENVIRONMENT
MANAGEMENT OF OPERATIONS
d. Monitoring:
This covers the need for regular assessment of all IT processes. All IT processes must be
assessed for their quality, efficiency and compliance with the policy requirements. This
provides for independent assurance provided by internal and external audits. This provides for
the feedback mechanism for taking timely corrective actions. It covers:
MONITORING AND EVALUATION OF IT PERFORMANCE
MONITORING AND EVALUATION OF INTERNAL CONTROL
ENSURING REGULATORY COMPLIANCE
PROVISION OF IT GOVERNANCE
Brahmaputra Cracker and Polymer Limited
Information Technology (IT) Policy
Version 1.0.0 Date: 15.09.2018 Page 11 of 37 .
4 Organization and Planning
4.1 IT Processes, Organization and Relationships
Company will have a formal IT team structure that will develop the management framework
for information technology and will ensure the success and sustainability of enterprise wide
Information technology deployment and management.
The IT team structure will be as depicted in Annexure 1.
4.1.1 Role of IT Department
The roles and responsibilities of the IT Team will be as mentioned below:
a. Shall be responsible for planning of IT systems.
b. Shall be the custodian of company’s electronic data. For the data residing in individual
PC/laptop, concerned user shall take regular backup.
c. Shall ensure availability of IT applications on 24x7 basis to enable the users across
Company.
d. Shall develop and/or outsource application software for data capture and for information
processing for all functions.
e. Shall provide state-of-the-art IT infrastructure for use by all departments.
f. Shall develop solutions for operational requirements and decision support, using advanced
techniques.
g. Shall be responsible for skill upgrade for IT officers, with a view to improve the IT
knowledge base.
h. Shall collect user requirements for designing, developing and implementation of
application software.
i. Group responsible for new initiative shall scan state-of-the-art technology for identifying
cost effective, appropriate and feasible information systems solutions.
j. Shall prepare comprehensive proposals and schemes along with process owners for
implementation of IT solutions and obtain administrative & financial approvals.
k. Shall monitor implementation of the schemes while ensuring that the required knowledge
and inputs are provided to the users.
l. Shall organize replication of proven systems.
m. Shall improve quality, profitability & productivity as a business enabler.
Brahmaputra Cracker and Polymer Limited
Information Technology (IT) Policy
Version 1.0.0 Date: 15.09.2018 Page 12 of 37 .
n. Shall explore avenues of providing IT solutions / support to other similar organizations,
using its pool of expertise and software development efforts.
4.1.2 Role of IT Department in Software Development
a. Software Development by In-house team or external software development agency
identified by IT.
b. Provision and control of Budget for the software development expenses.
c. Association in preparation of System Requirement Study (SRS) along with Functional
Department(s).
d. Identification of technologies & platforms for development and deployment.
e. Involvement in Factory Acceptance Testing (FAT) and Site Acceptance Testing (SAT) along
with Functional Department(s).
f. Preparation of system design document for any change request in the SAP environment and
development of the change. This shall be carried out in the development environment of
SAP landscape implemented in company.
g. IT department shall provide a centralised portal for user department/unit to submit the
requirement of a customized application software.
4.1.3 Role of process owner in Software Development
a. Nomination of coordinator and functional experts from their department to supervise and
assist SDA in the software development and arranging for necessary approvals and award
of contract to Software Development Agencies following Company procedures.
b. Develop concept note for the development of new software and modifications in the
existing software with due approval of functional head(s).
c. Involvement and lead role in preparation & finalization of SRS being developed by SDA.
d. Approve the SRS.
e. Play the lead role in testing of software with respect to approved SRS during FAT, which
shall be conducted.
f. Play the lead role in testing of software with respect to approved SRS during SAT, which
shall be conducted.
g. Any additional requirement identified by Functional Department(s) during FAT and/or SAT
shall not be considered under the current scope of work. The additional requirements may
have additional time implication with/without cost implication mutually agreed with SDA.
4.1.4 Role of IT Functional Team
a. Performing feasibility study of the change requests received from users.
b. Preparation of business blue print documents for approval from process owners.
Brahmaputra Cracker and Polymer Limited
Information Technology (IT) Policy
Version 1.0.0 Date: 15.09.2018 Page 13 of 37 .
c. Mapping the requirement of the user in the development environment.
d. Performing testing of the change in the quality/ development environment.
e. Transporting the change to the production environment.
f. Creation of roles and authorizations for various activities.
g. Support and periodic training to end-users.
4.2 IT Budget
Department shall propose centralized annual budgetary estimates for management approval
during companywide budget exercise. The approved centralized IT budget shall be allocated
to respective sites as per their requirement OR used for central procurement and thereafter
transferring the IT assets to respective sites.
For the requirement of department specific specialized software packages, the budget
provision shall be made by the respective department.
4.3 Communication of Management Aims and Direction
The IT Department will be responsible for ensuring conduct of periodic awareness trainings in
co-ordination with the training department, to ensure that the employees, relevant
contractors and third parties are aware of information technology policies and procedures at
the company. The IT Department is also responsible for defining initiatives that promote
awareness of good practices of information technology within the company. Company
employees/ third parties shall comply with the information technology policy set out in this
document and disciplinary action shall be taken as per company policy for the same. IT Incident
handling and resolution shall be the responsibility of the IT Department.
4.4 Management of IT Human Resources
Company shall acquire, maintain and motivate a competent IT workforce for creation and
delivery of IT services to the business. Company shall follow defined and agreed practices
supporting recruitment, training and performance evaluation.
Company shall also deploy the services of third parties for management of IT Services and
provision of consultancy services. The performance of these third parties shall be regularly
monitored and measured against defined service levels. Regular review meetings shall be held
with third parties to discuss their performance and initiate required corrective actions, if any.
4.5 Management of Quality
Company shall establish and maintain a Quality Management System that provides a standard
and ongoing approach to quality management that is aligned with the business requirements.
Brahmaputra Cracker and Polymer Limited
Information Technology (IT) Policy
Version 1.0.0 Date: 15.09.2018 Page 14 of 37 .
The QMS shall identify quality requirements and criteria, and help in establishing the policies
and methods for defining, detecting, correcting and preventing nonconformity.
4.6 Assessment and Management of IT Risks
Company shall establish an IT Risk Management framework to identify and mitigate the IT risks
and assign responsibilities for implementation and monitoring of the IT risks. Any potential
impact on the goals of Company caused by an unplanned event shall be identified, analyzed
and assessed.
Company shall encourage participation of key IT department personnel in forums such as IT
seminars, workshops, and conferences to increase awareness about the latest IT threats and
IT innovations to mitigate these threats.
IT Risk management shall be carried out every year and a risk register with quantification of
various risks along with risk mitigation measures shall be maintained by the IT department.
4.7 Management of Projects
Company shall ensure the correct prioritization and coordination of all IT projects. All projects
shall include a master plan defining the timelines and an Activity Breakdown Structure,
assignment of resources, definition of deliverables, approval by users wherever possible, a
phased approach to delivery, quality assurance, a formal test plan, and testing and post-
implementation review after installation to ensure project risk management and value delivery
to the business.
5 Acquisition and Implementation
Company shall adopt standardized practices for acquiring IT solutions across all company
locations.
5.1 Identification of Automated Solutions
To ensure that the business requirements are met in an effective and timely manner, Company
shall conduct an analysis before making the decision of acquisition or creation of a new
application. All the business requirements for IT enabled solutions/ functionalities for
computerization shall be communicated to the IT department. IT department shall evaluate
such proposals with respect to the following:
a. Consideration and evaluation of alternative sources
b. Urgency of the requirement
c. Review of technological and economic feasibility
d. Risk Assessment
e. Cost Benefit Analysis
Brahmaputra Cracker and Polymer Limited
Information Technology (IT) Policy
Version 1.0.0 Date: 15.09.2018 Page 15 of 37 .
f. Technology to be used
g. Development methodology
h. Implementation philosophy
5.1.1 Software Development
Based on the inputs from the user department, IT department shall initiate the action for
development of software (either in-house or through third party). Such software shall be rolled
out across the company depending on the functional needs. No software shall be developed in
isolation by any individual / functional department at any Company site as this may lead to
redundancy, non-uniformity, duplication of data & efforts.
5.1.2 Criteria for In-house Development
The following criteria shall be used for in-house software development:
a. Availability of in-house skills.
b. Projects needed for competitive leadership and/or secrecy.
c. Availability of sufficient personnel with the required skill set.
In case of non-fulfilment of any of the above, software development shall be assigned to
external Software Development Agencies (SDAs).
5.1.3 System Software
It shall be the responsibility of site IT in charge to make a copy of the original system software
and use this copy for day-to-day activities preserving the original media.
Company shall ensure that all software deployed in the organization are licensed and
authorized by the IT department for use. Company shall define, maintain and control usage of
licensed software to adhere to legal and regulatory requirements and to have effective and
optimal usage of existing licenses.
5.2 Acquisition and Maintenance of Application Software
a. Development / procurement of application software packages shall be done on need basis
through reputed vendors with suitable customizations specified by company.
b. All the application software packages shall be Graphical User Interface (GUI) based and menu
driven.
c. All new software developed by SDA shall be under warranty for at least 2year.
5.2.1 Application Software Procurement/Development
The software being purchased / developed through an external agency shall be broadly
classified into two categories as mentioned below.
5.2.1.1 Readymade Software
Brahmaputra Cracker and Polymer Limited
Information Technology (IT) Policy
Version 1.0.0 Date: 15.09.2018 Page 16 of 37 .
Readymade Software is defined as already available commercially developed software, which
is purchased and used without any customizations. BCPL has deployed a number of readymade
software like Microsoft Office and Microsoft Outlook for supporting business functions. The IT
Department shall review time to time all such software being used and upgrade to the current
version as per the BCPL business requirements.
5.2.1.2 Customized Software
Customized software is defined as already available commercially developed software, which
is adopted with minor modifications to meet specific business requirements. BCPL has
implemented SAP R/3 as the Enterprise Resource Planning Software across all locations with
required customizations. Currently, BCPL has SAP R/3 version 6.0 with ESS and ITS 6.20. FI/CO,
MM, SD, HR, PP, QM, HSE and PS modules of SAP R/3 have been implemented. BCPL has an End
User Value License Agreement (EUVLA) from M/S SAP India Private Limited and fresh EULA will
be signed for new licenses / platform change / new module.
a. Company has an Annual Maintenance Contract (AMC) from M/S SAP India Private Limited
for provision of released support packs and Online Support and Services (OSS) and the
maintenance charges shall be paid to M/s SAP India Private Limited in line with agreement.
b. For OSS, M/S SAP India Private Limited shall be provided remote access to the SAP systems.
Limited period access including SAP_ALL to their personnel for online access to ensure
timely resolution of the problem shall be provided as required.
c. For all items not covered by the standard AMC, expert services shall be hired by the
company for problem resolution.
d. Additional licenses shall be obtained for various SAP components from M/S SAP India Private
Limited after assessment of future company requirements.
e. BCPL shall maintain an additional up to 5% licenses to meet any contingent requirements.
f. Authorization from the COO shall be required for the allocation of a SAP professional user
access except for transactional users from service department (i.e F&A, HR, C&P,
Marketing, PTD and Laboratory)
g. IT Department shall review and plan for the up gradation of various SAP components one
year before the expiry of support for the current versions. The IT Department shall also
consider up gradation/ scaling of supporting hardware to meet future requirements.
h. IT Department shall review new product releases from M/S SAP India Private Limited and
evaluate the need for deployment of the same in the company.
i. IT department shall ensure that 24X7 Facility Management Services are in place for
providing support to the SAP setup.
Brahmaputra Cracker and Polymer Limited
Information Technology (IT) Policy
Version 1.0.0 Date: 15.09.2018 Page 17 of 37 .
5.2.2 BCPL E- Business
Company shall encourage use of E-business models to cut down the cost of business operations
and to increase competitiveness. Therefore, to carry out business in this model, the business
applications procured or developed by the company shall be web based.
Company shall use E-Tendering process for procurements valued above a limit decided by
management from time to time. All tenders published on the E-tendering website shall be
digitally signed by the concerned Contracts and Procurement (C&P) personnel. Company shall
procure ‘Class 2’ digital signature certificates from a Controller of Certifying Authorities (CCA)
authorized Certifying Authority (CA) only.
5.2.3 CONNECT Portal
CONNECT Portal shall host the latest information for use by the company employees’
community across Company. Corporate Intranet shall also host interviews with senior officers,
Directors and MD on specific areas and on special occasions from time to time.
Heads of Departments (HODs) and Heads of the work centres shall ensure that the latest
information / updates on their respective areas are sent to the concerned IT officer at
Lepetkata Data Centre for hosting on the company Intranet.
5.2.4 Hosting of Company Web Sites
Company shall host its web sites internally following norms of Government directives. All
information hosted on the Company website shall be approved by the Corporate Communication
(CC) department with the exclusion of tender documents that shall be uploaded by the
concerned C&P personnel.
5.2.5 Software Maintenance and Support
IT Department is responsible for maintenance and support of all business application packages,
Intranet and company web sites. In-house development team maintain and support of company
web sites, web applications and intranet.
OEM/Authorized partners/Service providers shall be provided remote access to the respective
IT systems for a limited period on need basis to ensure timely resolution of the problem.
5.2.6 Documentation of Business Application Packages
a. Designated IT officer responsible for maintenance of an application package shall also be
responsible for maintaining complete, adequate & up to date documentation (both system
Brahmaputra Cracker and Polymer Limited
Information Technology (IT) Policy
Version 1.0.0 Date: 15.09.2018 Page 18 of 37 .
manual as well as user manual). The officer shall also be responsible for regular update of
the documentation post modifications/enhancements/bug fixing in the application
packages.
b. The application system manuals shall be propagated to the IT coordinators responsible for
maintenance of business applications at all company locations.
c. Users of the application packages shall be provided with the hard copy of user manuals of
application packages being used by them.
d. Master copy of documentation of each application package (both soft & hard) shall be
maintained by the IT department and shall be version controlled.
Company shall ensure that the technical literature, periodicals, magazines, technical papers,
standards, relating to the company business areas is available centrally on file servers for access
by the employees on the network.
5.3 Acquisition and Maintenance of Technology Infrastructure
5.3.1 PC
a. PC shall be provided to employee in phased manner in E2 Grade and above. PC shall be
provided to external agencies (e.g. CISF personnel, personnel on deputation, apprentices,
contract employees, schools, cooperative societies, etc.) with the approval of HOD.
b. Common PCs (for use by employees not provided with a PC for exclusive use) shall be provided at strategic locations (Conference Room, Control Room, Library, Central DAK, Visitors Pass Section, Reception, etc.) so that personnel could use the facility of Intranet, Internet, SAP ESS, SAP Logon, E-Mail, etc. Security aspects of such PCs shall be taken care of by HR/Security departments.
c. The shift engineers/officers sitting in the Control Room shall use Common PCs available there.
d. Training facilities shall be equipped with the latest & adequate IT infrastructure including various specialized software.
e. Lepetkata Data Centre shall be equipped with adequate IT infrastructure required for test bed to experiment with new technologies, interfaces and patches etc.
f. In case of transfer of an employee either from one location to another within India or from one section to another within a department or from one department to another at a location, the PC shall be shifted to the new place of posting as defined in Annexure 2. However, overall shifting of IT assets shall be kept to minimum.
g. High-end PC, multifunctional LCD / TFT Monitor with broadband connectivity and
associated peripherals such as printers, scanners and UPS shall be provided at office and
residence office of MD, Functional Directors & CVO. At the time of superannuation, the MD,
Functional Directors & CVO shall have the option to either return the allocated IT assets at
their residence office to BCPL or buyback the same at book value. Proper record of asset
issued as above will be maintained by IT in system.
Brahmaputra Cracker and Polymer Limited
Information Technology (IT) Policy
Version 1.0.0 Date: 15.09.2018 Page 19 of 37 .
5.3.2 Printer, UPS, Scanner and other Peripherals
a. Company shall encourage the concept of resource sharing.
b. High-end networked laser printers shall be provided on each floor / block for sharing by a
group of employees at each location.
c. Standalone Black & White Laser printer shall be provided to DGM and above. Standalone
Black & White Laser printer shall be provided to executives below DGM on need basis with
recommendation / justification from the Head at work centres.
d. Colour Laser printer shall be provided in controlled environment at respective work centres
for its limited use.
e. Dot Matrix and line printers shall be provided to users on need basis.
f. UPS shall be provided with each Desktop PC.
g. UPS supply of adequate power rating shall be provided for powering the servers based on
the power condition of the location.
h. All networking equipment shall be powered with UPS of 30 minutes backup time.
5.3.3 Notebook PCs
a. MD, Functional Directors and COO shall be provided with a PC Notebook. Notebook PC may
also be provided to other officers on need basis. To this effect, the proposal with proper
justification shall be put up for approval by concerned Director, through HOD / Heads of
the concerned work centre. In case a Notebook PC is issued to an employee below the level
of CGM, no Desktop PC shall be provided.
b. Notebook PC shall be provided to IT department of respective location for diagnosis and
testing of connectivity and business applications.
c. Notebook PC shall also be provisioned with IT department for common use i.e. presentation
by other departments to Management or external agencies.
5.3.4 Scanners
a. Scanner shall be provided to DGM & above. Same shall be provided to others also on need
basis with recommendation from the HODs and Heads of work centres.
5.3.5 Projectors
a. One portable projector shall be provided at all training facilities.
Brahmaputra Cracker and Polymer Limited
Information Technology (IT) Policy
Version 1.0.0 Date: 15.09.2018 Page 20 of 37 .
5.3.6 Servers
5.3.6.1 Database / SAP Server
a. Uniform environments shall be maintained for entire landscape (Development, Quality,
Training, Production and DR site) of the SAP business application.
b. Database servers of all centralized business applications shall be installed at Lepetkata,
Data Centre.
5.3.6.2 E-Mail/Internet/Intranet/Security
a. Internet, Intranet & email access shall be provided to all employees for official use.
b. Broadband Internet services with unlimited access facility or Internet Data Cards shall be
provided at the residence of MD, Functional Directors & COO from third party service
providers depending upon the availability of service providers.
5.3.7 Network Connectivity
5.3.7.1 Local Area Network (LAN)
a. LAN shall be established at all offices of BCPL.
b. All PCs shall be connected to LAN.
c. Structured cabling shall be done at all the new buildings across BCPL as part of interior
decoration of the building.
d. Wi-Fi connectivity shall be established in BCPL offices on need basis.
5.3.7.2 Wide Area Network (WAN)
a. Broadband Internet connectivity shall be allowed on need basis to those locations wherein
Lease circuit are not available, with the approval of HOD (IT).
5.3.8 Internet Connectivity
Company shall take the internet services from minimum two different service providers to
ensure high availability and continuity of business services.
5.3.9 Video Conferencing Systems
a. Management considers Video conferencing systems as an important communication tool
especially for remote sites. High Definition and IP based VC systems at all major locations
shall be provisioned.
Brahmaputra Cracker and Polymer Limited
Information Technology (IT) Policy
Version 1.0.0 Date: 15.09.2018 Page 21 of 37 .
5.3.10 Spares
High availability of IT resources is critical for providing quality IT services to the IT users’
community. Therefore, company shall have a provision of critical spares to ensure high
availability of IT services.
5.3.11 Storage for Spares
Spares at all locations shall be housed in a secure place preferably in a store room of adequate
size, under the custody of IT department.
5.3.12 Asset Identification & Management
IT department shall be the custodian of all IT assets such as PCs, Servers, Storage Systems,
Routers, Switches, Hubs, Modems, Racks, Computer furniture, IOs, Notebook PCs, , Printers,
UPSs for IT equipment, , Scanners, LCD-Projectors, Plotters, VC Systems, Digital Cameras, LCD-
TVs and Software etc.
IT shall maintain asset details like status of Warranty/MC, details of configuration like HDD,
RAM, LAN card details, IP/MAC Address, etc. to ensure maintenance of assets.
5.3.13 Insurance
All IT assets shall be insured as per company policy. All new IT asset procurements shall be
communicated to the Finance Department along with the details of the assets & the date of
acceptance to insure the equipment for that financial year. The insurance application shall
include the list of items, quantity of items and the value.
Movable IT Assets like Notebook PC, Portable Projectors / Printers, software (original media)
shall also be suitably insured.
Any IT assets being transferred from one location to another shall be covered under transit
insurance by F&A department upon intimation by IT department. Any theft / loss of IT Assets
shall be reported to Security department by individual with information to IT department and
claim from insurance company shall be coordinated with Finance department.
5.3.14 Specialized Plant Systems
a. Specialized hardware and software systems and their licenses, AMC requirements shall be
assessed by the concerned unit/department.
5.4 Enabling Operation and Use
5.4.1 Site Preparation
5.4.1.1 Site
Brahmaputra Cracker and Polymer Limited
Information Technology (IT) Policy
Version 1.0.0 Date: 15.09.2018 Page 22 of 37 .
Before installing the IT equipment, readiness of the site shall be ensured by IT In-charge at
respective sites. The delivered equipment shall be installed preferably as per manufacturer’s
specifications and recommendations.
5.4.1.2 Power Supply
Each company location shall have UPS power as defined below:
Input AC Voltage : 230 V + 5%
Earth-Neutral Voltage : Preferably < 1 V
Frequency : 50 Hz + 1%
The input power points shall have 3 pin 6A / 16A sockets and Earthing to all the points shall be
ensured. Electrical/Civil department shall make arrangements of providing the AC power
points/extension power boards. The UPS shall preferably be On-line/ Line Interactive type.
Lighting
Server rooms at each location shall be well lit with sufficient f lights and the lighting fixture
used shall be of anti-glare type. Arrangement shall be made for emergency lighting in the
computer centre/Server room.
5.4.1.3 Air conditioning
The server room area shall be dust free and air-conditioned. The following temperature shall
be ensured before installation of any equipment:
Servers : 22 degrees (+5%)
PCs : 28 degrees (+10%)
Peripherals : 28 degrees (+10%)
All the server rooms shall have a temperature and humidity indicator so as to keep a check on
environmental conditions during the day.
5.4.1.4 Furniture
The Servers shall be procured along with their mounting racks. The other IT equipment like
Modems, Routers shall be mounted on racks. The peripherals shall be kept either on their
pedestals or alternatively on tables of appropriate size. The power/signal cables shall
preferably be fixed with cable ties.
5.4.1.5 Fire Fighting
Brahmaputra Cracker and Polymer Limited
Information Technology (IT) Policy
Version 1.0.0 Date: 15.09.2018 Page 23 of 37 .
All the IT equipment is prone to fire and shall be well protected. Areas hosting critical IT
equipment shall have hand held fire extinguishers of CO2 type. Data centres at Lepetkata and
DR site, BCPL, Noida shall be provided with automatic gas based flooding system. Sufficient
number of smoke/ heat detectors along with audio Fire Alarm for indications shall be provided
in the server rooms at each site. Necessary indications for emergency exit in server room at
each site as per safety regulations byelaws shall be provided for any emergency evacuations.
IT Department shall ensure the fire and safety drill exercise in coordination with fire and safety
dept.
5.4.1.6 Communication Facility
Adequate communication facilities shall be made available to IT In-charge at each site to be
able to communicate to various vendors and to Company locations including IT department for
system support.
5.4.2 IT Operations
5.4.2.1 Manning of Data Centres
Primary Data centre and DR data centre shall be manned 24X7 including holidays and weekends
for the following:
a. To provide user support for the SAP and IT Setup
b. To provide necessary technical support to other sites if the need arises.
c. To ensure the uninterrupted availability of IT services to other sites of Company extended
from these sites.
5.4.2.2 Availability of Servers / IT Equipment
a. All Databases, messaging and SAP servers shall be available on 24 hours x 365 days basis
to enable the users across Company to use various applications as and when required.
b. Domain Administrator and Exchange Administrator rights shall be centralized at the
Lepetkata data centre. Systems Availability/ Status Report
a. Health check of IT equipment: The IT In-charge shall be responsible for preparing health
check reports for all database and e mail servers, SAP Servers, routers including WAN link,
switches, Oracle database, messaging system, etc on daily basis. Daily morning and evening
health check-up reports for the IT and ERP setup shall be provided by the respective
helpdesks.
Brahmaputra Cracker and Polymer Limited
Information Technology (IT) Policy
Version 1.0.0 Date: 15.09.2018 Page 24 of 37 .
b. Reporting of systems availability: Each site IT In-charge shall on monthly basis compute the
percentage availability of critical IT infrastructure and submit the report to respective IT
group head responsible for different areas by first week of the following month.
IT group head responsible for systems installed at primary data centre will ensure percentage
availability of ERP and IT infrastructure including SAP servers, LAN and WAN devices, legacy
application database server(s), messaging servers and other servers.
5.4.2.3 Consumables
IT department shall consolidate and obtain approval for procurement of required consumables in
every 2 year for existing / under procurement new equipment / peripherals. For printers, only OEM
make genuine printer cartridges shall be used.
5.4.2.4 Facility Management and Maintenance Contract
Maintenance of IT Infrastructure across BCPL shall be through Facility Management Services and
Maintenance Support Services with third party vendors. Facility Management Services shall cover
Maintenance and repair of IT Systems, including all kind of breakdown and Preventive
Maintenance and replacement of parts, sub-parts, modules, sub-modules and the like.
5.4.3 Help Desk
An IT helpdesk and an ERP helpdesk shall be setup at Lepetkata for enabling the users to register
support calls. All help-desk calls shall be logged with details like affected user’s name, problem
description, date & time of call. The helpdesk personnel shall be responsible for routing the call
to appropriate parties for resolution. Call severity shall be defined for all calls and resolution
times shall be defined. Company shall also define escalation procedures for calls that are not
resolved within the resolution times. The call shall be closed only after getting the user feedback
regarding the resolution of the problem.
5.5 Procurement of IT Resources
5.5.1 Procurement of IT Assets
a. The IT Department, Lepetkata, shall consolidate the requirements of IT needs of BCPL and
put up the consolidated requirements for approval by Competent Authority as per Delegation
of Powers (DOP) for centralised procurement from Lepetkata.
b. PCs/Peripherals shall be allotted to new entrants on need basis, if available, from the spare
stock, maintained at various company locations.
c. The requirement of servers, software and networking devices shall be consolidated by IT
department, Lepetkata, and the procurement on outright purchase basis shall be carried out
centrally following company purchase procedures.
Brahmaputra Cracker and Polymer Limited
Information Technology (IT) Policy
Version 1.0.0 Date: 15.09.2018 Page 25 of 37 .
d. In case of new location/terminal is coming up where LAN/WAN is required, necessary LAN
cabling, LAN I/O termination shall be included as part of construction work by concerned
project/civil/construction group.
e. IT department shall be responsible to take procurement action to ensure for timely
replacement of all the IT assets across company, having lived their useful lives as defined in
this policy.
5.5.2 Warranty
a. All the hardware equipment shall be procured with three years on-site warranty. However,
if three years onsite warranty is not available from OEM/Supplier, then standard
OEM/Supplier warranty support may be taken.
b. All the system software shall be procured with three years warranty support pertaining to re-
installation, re-configuration, etc in case of server/HDD media failure.
c. All the system software shall be procured with 90 days warranty on media from date of
purchase from Original Equipment Manufacturer (OEM) by the vendor. In case of media failure
beyond 90 days, the media with the software can be obtained from the software OEM against
payment as per the policy of the software OEM.
5.5.3 Miscellaneous Budget
A budget amounting to minimum 2% of the annual IT budget shall be maintained as miscellaneous
budget.
5.6 Management of Changes
Company shall manage all changes, including emergency maintenance and patches, relating to
infrastructure and applications within the production environment in a controlled manner. All
changes shall be logged, assessed, tested and authorized prior to being implemented in
production systems.
5.7 Installation and Accreditation of Solutions and Changes
Company shall ensure that any new systems are tested in a dedicated test environment that has
relevant and appropriate test data, rollout instructions are defined and a post implementation
review is conducted. Company shall also ensure that rollback strategies are defined for major
rollouts.
Brahmaputra Cracker and Polymer Limited
Information Technology (IT) Policy
Version 1.0.0 Date: 15.09.2018 Page 26 of 37 .
5.8 Declaration of Emergency
In case of any eventuality resulting into disruption of IT services or likelihood of disruption of IT
services, emergency situation shall be declared by the HOD (IT) and powers under the emergency
clause in DOP shall be used for restoration of the systems.
6 Delivery and Support
6.1 Definition and Management of Service Levels
Company shall ensure that a definition and agreement of IT services and ERP services and service
levels are reached between the IT management and business users. Company shall ensure
monitoring and timely reporting to stakeholders on the accomplishment of service levels.
6.2 Management of Third-party Services
6.2.1 IT Partner / Consultancy
a. Strategic Partnership shall be developed with various reputed companies for systems
specifications, white papers on various solutions & leveraging existing infrastructure,
development & implementation of solutions, technology areas etc.
b. One IT Strategy partner shall be contracted for identifying the latest technological trends
and their applicability to Company environment & business processes along with providing
consultancy on the ongoing / envisaged IT initiatives of the company. The strategy partner
shall also assist in consolidation, redeployment and sizing of the IT and ERP infrastructure to
ensure lower cost of ownership and increase in return on investment. IT department shall
initiate the requirement for appointment of IT partner / consultant and shall ensure
uninterrupted availability of IT partner / consultant for keeping the IT and ERP infrastructure
/ systems latest with the technology for meeting company requirement.
c. The contract shall be for a period of minimum two years.
6.3 Management of Performance and Capacity
Company shall ensure conduct of periodic reviews of current performance and capacity of IT
resources.
6.3.1 Application Tuning
Concerned IT officer responsible for maintenance of application package shall ensure proper
response time for OLTP (On line Transaction Processing) and report processing.
6.3.2 IT and ERP Infrastructure Upgrade
a. IT and ERP Infrastructure upgrade will be carried out based on the performance bottleneck
observed in the systems, stoppage of support from OEM/technology obsolescence,
Brahmaputra Cracker and Polymer Limited
Information Technology (IT) Policy
Version 1.0.0 Date: 15.09.2018 Page 27 of 37 .
technological advancement from time to time.
b. If the maximum utilization of Internet bandwidth exceeds 80% for 1 hour a day continuously
over a period of one month, the same shall be analyzed and upgraded in multiple of 2 Mbps,
if required.
c. If the maximum utilization of internal link between two locations exceeds 80% for 1 hour a
day continuously over a period of one month, the same shall be analyzed and upgraded, if
required.
d. All the operating system, office automation software, database, development tools,
messaging software shall be upgraded with the latest, version on periodic basis by the IT
Department.
e. Specialized software shall be upgraded on need basis.
6.3.3 Hardware Life
Company has defined useful life of IT equipment as follows, after which these IT systems shall
be examined and assessed about its usefulness and unserviceability and decision for replacement
would be taken.
SN ITEM USEFUL LIFE
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
Desktop PC
Server / Storage
Notebook PC
Peripherals (Printer, UPS & Scanner)
Projector
Switch
Router
Video Conferencing System
Firewall
Intrusion Detection System (IDS)
/ Intrusion Prevention System (IPS)
Others IT Assets
4 Years
5 Years
3 Years
4 Years
5 Years
5 Years
5 Years
5 Years
4 Years
4
5 Years
Brahmaputra Cracker and Polymer Limited
Information Technology (IT) Policy
Version 1.0.0 Date: 15.09.2018 Page 28 of 37 .
IT department shall initiate necessary procurement action on completion of useful life of IT
equipment as defined above while allowing sufficient time to port the existing systems to run
under new environments.
6.4 Ensuring Continuous Service
Company shall develop, maintain and test IT continuity plans, endure offsite backup storage and
organize periodic continuity plan training to minimize the probability and impact of a major IT
service interruption on key business functions and processes.
6.5 Ensuring Systems Security
Company shall establish and maintain IT security roles and responsibilities, policies, procedures
and guidelines, and perform continuous security monitoring.
6.6 Education and Training of Users
6.6.1 Training Program
Company shall establish a formalized and structured training program for employees to ensure
that they have adequate knowledge necessary to securely perform their duties. The training
program shall focus on developing:
a. Relevant and needed IT knowledge and skills within the workforce
b. Training supporting competency development and helping personnel understand and learn
how to perform their IT roles and responsibilities.
c. Trainings that are tailored to the specific needs of each group of people who have been
identified as having significant responsibilities for IT in the company.
d. SAP related training courses for IT employees working in the ERP setup.
The tools and channels used for the training programs shall be decided in coordination with HR
and may include but will not be limited to:
a. Class-room training sessions;
b. Intranet based training;
c. Self-paced computer based training;
d. External training sessions.
The training requirements shall be identified by the Head of Department of IT on an annual basis
and shall be forwarded to HR for inclusion in annual training calendar. Feedback shall also be
sought from the IT employees for any specific IT training needs. The requirement of any
Brahmaputra Cracker and Polymer Limited
Information Technology (IT) Policy
Version 1.0.0 Date: 15.09.2018 Page 29 of 37 .
specialized technical trainings shall also be sent by HOD IT to HR whenever such requirements
arise.
In those cases where it will meet training objectives in a more efficient manner, the company
may opt to obtain commercial off-the-shelf training material or services from external trainers.
The IT Department shall also evaluate enrolment of key employees for relevant certification
courses including those for IT Security like CISA, CISSP, CEH, ITIL, ISO 27001 LA and the like. The
IT Department shall nominate the core team members of SAP for getting various SAP trainings,
seminars, conferences and workshops for professional development of these personnel.
6.7 Management of Service Desk and Incidents
IT Department shall set up an IT service desk function for both the ERP and the IT setup to
register, escalate, analyze and resolve IT problems.
6.8 Management of the Configuration
Company shall establish and maintain an accurate and complete configuration repository of all
hardware and software configurations. Company shall ensure that all configuration information
is stored in the repository, baselines are established and the repository is updated as and when
required.
6.9 Management of Problems
Company shall establish problem management processes to identify, classify, analyze and resolve
IT related problems. The problem management process shall include identification of
recommendations for improvement, maintenance of problem records and review of the status of
corrective actions.
6.10 Management of Data
Company shall establish procedures to manage the media library, backup and recovery of data,
and proper disposal of media.
Company shall implement an electronic and physical records retention schedule to maintain
records for a period of 7 yrs as per statutory requirements, to ensure that company adheres to
existing recordkeeping regulations and requirements and does so consistently. Company shall
formulate a process of systematically determining which records need to be captured and how
long they need to be retained in the company.
6.11 Management of the Physical Environment
Company shall ensure regular monitoring of physical environmental factors and management of
physical access to computer processing facilities in order to reduce business interruptions from
damage to computer equipment and personnel.
Brahmaputra Cracker and Polymer Limited
Information Technology (IT) Policy
Version 1.0.0 Date: 15.09.2018 Page 30 of 37 .
6.12 Management of Operations
Company shall define policies and procedures for IT Operations for effective management of
scheduled processes, monitoring of infrastructure and preventive maintenance of hardware in
order to help maintain data integrity and reduce business delays.
7 Monitoring and Evaluation
7.1 Monitoring and Evaluation IT Performance
Company shall develop a mechanism for conduct of risk assessment and shall monitor and
periodically report key activities.
7.2 Monitoring and Evaluation of Internal Control
Company shall establish and maintain a process including conducting self-assessments, third
party reviews to monitor the internal controls over IT.
Company shall conduct an SAP functional audit and a technical audit covering the entire
IT Infrastructure at least once in every two years.
7.3 Ensuring Regulatory Compliance
Company shall establish a review process to ensure IT compliance to relevant laws and
regulations.
7.4 Provision of IT Governance
Company shall define and periodically review IT Organizational structures, processes and IT
personnel’s roles and responsibilities to ensure that enterprise IT investments are aligned
and delivered in accordance with enterprise strategies and objectives.
8 Responsibilities of IT Users
Following shall be responsibilities of IT users for better up keeping, protection and high
availability of their system/data.
Security and Password Policy
a. Users will have valid, authorized accounts and will only use the computing resources for
which they are specifically authorized.
b. Shall not permit other individuals’ access to their accounts or other user accounts.
c. Shall not share their passwords with anyone (not even administrators); shall change their
passwords frequently and/or if there is an indication of a compromise and will be
responsible to maintain the confidentiality of passwords.
Brahmaputra Cracker and Polymer Limited
Information Technology (IT) Policy
Version 1.0.0 Date: 15.09.2018 Page 31 of 37 .
d. Shall not write down the password and store in the work place.
e. Shall protect the personal computers and terminals with adequate controls when not in
use and will log off / shut down when leaving the office.
f. Shall log off from the terminals after the completion of a session.
g. Active sessions shall be secured by an appropriate locking mechanism, such as locking
the workstation, password protected screen saver, etc.
h. Shall follow all antivirus awareness guidance from the IT Department.
i. If users obtain malicious software alerts, they will immediately disconnect from all
networks and cease further use of the affected computer, and call the IT Help Desk for
technical assistance and will make no attempt to eradicate the virus.
j. Individuals in the possession of portable computers, laptop, mobile phones and other
transportable computer or storage media containing non-public information will not leave
the equipment unattended at any time unless the information has been properly
safeguarded. Such individuals take full responsibility for the equipment and the data it
retains.
E-mail Usages Policy
k. E-mail users will be personally responsible for taking all reasonable steps to prevent
unauthorized use of their e-mail facility and will be held accountable for all the activities
performed using their mailboxes.
l. Users will not employ any electronic mail addresses other than official BCPL electronic
mail addresses for all company business matters.
m. Users will be prohibited from the following:
Blanket forwarding of unofficial e-mail messages to any address.
Originating or distributing chain letters by e-mail and any offensive, junk, or unsolicited e-
mail received from any other user or external network.
Sending, storing, and distributing or subscribing to any illegal, defamatory, obscene,
pornographic, offensive, damaging messages, or which may be considered by others to cause
distress, sexual, racial or other harassment and/ or discrimination.
Brahmaputra Cracker and Polymer Limited
Information Technology (IT) Policy
Version 1.0.0 Date: 15.09.2018 Page 32 of 37 .
Automatic forwarding of e-mails from external addresses to company’s e-mail system to
protect from threats, such as, mail bombs, Trojan horse, virus attacks etc; and users will
treat unsolicited e-mails with caution and shall not open / respond to such mails.
Internet Usages Policy
n. BCPL Users must be aware that access to the Internet will be logged and monitored. The
management retains the right to inspect any and all World Wide Web site visits,
newsgroup, email messages and files stored on or transmitted over its network assets
(including but not limited to, local storage media, memory, and mail files) for the purpose
of investigating suspected violations of its business policies or non-compliance with local
regulations.
o. Employees shall not use the company provided internet facilities to
Upload, publish or share any confidential materials in any form owned by BCPL.
Publish or share any copyrighted software or materials owned by third parties unless
permitted by the third party.
Download illegal copies of music, films, games or the software by any means.
Perform any task which may involve breach of copyright law.
View or distribute any inappropriate contents.
p. Employees shall not upload, publish or share company data/matters through online media
in any form.
q. Employees shall refrain from spreading un-authentic or false information / rumours
pertaining to company matters on all types of social media.
Software Licences Policy
r. Unlicensed and unauthorized software from any third party shall not be accepted for
installation and use at BCPL.
Others
s. Shall not be permitted to establish independent external network connections unless the
same has been expressly authorized by the IT Department.
t. Employees will keep information assets like printouts of project deliverables, notepads
containing sensitive data etc. in a secured place when not in use, especially after working
hours.
Brahmaputra Cracker and Polymer Limited
Information Technology (IT) Policy
Version 1.0.0 Date: 15.09.2018 Page 33 of 37 .
u. Shall not use BCPL information systems to engage in hacking activities that include, but
are not limited to, gaining unauthorized access to any other information systems
damaging, altering, or disrupting the operations of any other information systems and
capturing or otherwise obtaining passwords, encryption keys, or any other access control
mechanism that could permit unauthorized access.
v. To ensure enabling of Auto-protect option of anti-virus.
w. Not to shift the PC/Peripherals allotted to him/her from the installed location to any other
location without the knowledge of IT department.
x. To register support call at the help desk wherever the same is available
9 Competent Authority to approve for requirements not covered in IT policy
COO shall be the Competent Authority to approve for any IT requirements arises that is not
covered in this IT policy.
10 Review of BCPL IT Policy
The IT policy shall be reviewed in every two years.
Brahmaputra Cracker and Polymer Limited
Information Technology (IT) Policy
Version 1.0.0 Date: 15.09.2018 Page 34 of 37 .
11 Annexure
11.1 ANNEXURE 1 (IT SERVICES)
HOD (IT)
Maintenance
Support & Video
Conferencing
Backup
Activities, DR
Site Operations
& IT
Infrastructure
SAP
Enhancements /
Software
Development /
Information
Services
Email/ Internet/ IT
Support for
Lepetkata, and site
offices
Datacenter
Services at
Lepetkata &
Noida
New Initiatives &
Procurement
Services
Brahmaputra Cracker and Polymer Limited
Information Technology (IT) Policy
Version 1.0.0 Date: 15.09.2018 Page 35 of 37 .
11.2 ANNEXURE 2 (PC TRANSFER POLICY)
a) After publication of transfer list, concerned IT personnel of respective sites shall communicate to
IT-Lepetkata the detail of PC installed with transferred employees from his location. Accordingly,
the concerned IT officer at Lepetkata shall prepare various lists like (i) One-to-one interchange of PC
between employees of same location (No shifting), (ii) One-to-one interchange of PCs between two
locations (No shifting), (iii) No interchange possible (PC shifting required). The consolidated list shall
be approved by the head of IT. After this, the site IT in-charge shall coordinate the PC shifting based
on these lists only.
b) In case of PC shifting, the concerned user shall hand-over the PC to IT site in-charge who in turn
in coordination with HR department shall make all necessary arrangements for shifting of PCs. The
formalities with regard to shifting of PCs etc. shall be completed following the C&P procedure for
material transfer including the transit insurance.
c) After receiving PC at the transferred location, the concerned user shall inform to concerned IT
department for inspection of the IT assets. After inspection, IT department shall inform concerned
C&P department for updating asset register in SAP.
d) The PCs (which are not to be shifted) shall be handed over to IT department by the concerned
transferred employees. Scanners and Printers may be shifted after the approval of the concerned
Officer-In-Charge/ Head of Department
e) Employees transferred to JVs or on deputation to other organizations can shift his/her
Notebook/PC and UPS (If required) with the approval of HOD IT.
11.3 ANNEXURE 3 (MAJOR LOCATIONS)
Location Type Areas
Main Plant Office Lepetkata, Dibrugarh, Assam
Data Centre Lepetkata, Noida
Branch Offices Duliajan, Lakwa, Guwahati, Noida
Plant Locations Lepetkata, Lakwa, Duliajan
Brahmaputra Cracker and Polymer Limited
Information Technology (IT) Policy
Version 1.0.0 Date: 15.09.2018 Page 36 of 37 .
11.4 ANNEXURE 4
Discipline to be observed by BCPL E-mail users
On one occasion, an e-mail user may send e-mail to a maximum of 25 addressees. However, this will not
apply to the users who are specifically authorized to send e-mail to a large population in terms of the
scope detailed below. Authorized users shall be required to create separate e-mail IDs in the name of their
present position in BCPL / Department / Work Group for sending various official messages to a large
population in coordination with the IT department.
SN
From
Nature of
Message
To
All E-mail
users
Dedicated E-
Mail ID of
Work Group /
Department
OR Dealing Official
Standard
Mailing
Groups##
I individual
E-mail User
(Other than
the Dealing
Official)
a Any E-mail
User(by name)
Any
Message*
No Yes No Yes
b
Any E-mail
User(by name)
Official
Reports /
information
/ Proposals
No Yes No No
c MD/MD Cell
COO/ COO
Cell/Directors/
Director Cell
Any Message Yes Yes Yes Yes
d Head of
Departments
Official
Message**
Yes Yes Yes Yes
e Head of
Departments at
Work Centers
Official
Message**
Yes
(of the
work
Centre
only)
Yes No Yes
f Heads of the
work centres
Official
Message**
Yes
(of the
work
Centre
only)
Yes No Yes
g Heads of the
work centres
Official
Message**
No Yes No Yes
h Control Rooms** Official
Message**
Yes Yes Yes Yes
i Doctors/
Security**
Official
Message**
Yes Yes Yes Yes
Brahmaputra Cracker and Polymer Limited
Information Technology (IT) Policy
Version 1.0.0 Date: 15.09.2018 Page 37 of 37 .
j IT System
Administrators
Official
Message**
Yes Yes Yes Yes
k E-mail IDs in the
name of
Department/
Work Group
Official
Message**
Yes Yes Yes Yes
l E-mail IDs in
the name of
Department/
Work Group at
Work Centre/
Office
Official
Message**
Yes
(of the
work
centre
only)
Yes Yes Yes
m E-mail ID
in the name of
the Work
Centre/ Office
e.g.
BCPL Duliajan
etc.
Official
Message**
Yes
(of the
work
centre
only)
Yes Yes Yes
*: Personal messages be avoided.
**: in areas pertaining to their field of activity. #: For example - Control Room, Technical Cell etc. ##: Like SMs, CMs, DGMs etc.