Security Policy

The website/portal/web application of Hooghly Cochin Shipyard Limited is hosted within a secured and controlled IT environment with appropriate safeguards to ensure confidentiality, integrity, and availability of information and services.

Infrastructure & Network Security

  • Website hosted in a protected network zone with firewalls, IDS, IPS, and high-availability systems.
  • Web servers configured behind multiple security layers to prevent unauthorized access.
  • Server hardening implemented as per cybersecurity guidelines.
  • Non-essential services disabled on production servers.
  • Secure SSH and VPN used for content deployment.
  • Servers placed behind application firewall to remain hidden from public exposure.

Security Testing & Audits

  • Pre-launch penetration testing and vulnerability assessments conducted.
  • Periodic penetration testing carried out post-deployment.
  • Application audited as per CERT-In, NIC, and OWASP guidelines.
  • Annual security audits by CERT-In empaneled agencies.
  • Post-update audits conducted after major changes.

Access Control & Authentication

  • Strict physical and logical access control to servers.
  • Secure authentication mechanisms enforced.
  • Password policies with periodic updates implemented.
  • Administrative access restricted to authorized personnel only.

Monitoring & Logging

  • System and security logs maintained at multiple levels.
  • Audit logs include user access, admin actions, and system activities.
  • Failed access attempts and anomalies are recorded.
  • Continuous monitoring of availability, performance, and integrity.

Content & Application Security

  • Content undergoes moderation and approval workflow before publishing.
  • All content scanned for malicious code before deployment.
  • Development, staging, and production environments are segregated.
  • Updates tested in staging before production deployment.

Notice and Disclosures

  • No personal information is sold or disclosed to unauthorized third parties.
  • Information used only for official and lawful purposes.
  • Shared only when required by law or government authorities.
  • Appropriate safeguards implemented to protect user data.

Data Quality and Access

  • All website content is reviewed for accuracy and relevance.
  • Errors or discrepancies are corrected promptly.
  • Information subject to change without prior notice.
  • Non-personal technical data may be collected for monitoring and security.
  • Unauthorized access attempts are monitored and investigated.

Application Security Audit

The website uses a Drupal CMS and has been audited for application-level vulnerabilities as per CERT-In, NIC, and OWASP standards. All identified vulnerabilities were addressed prior to launch.

The website is audited periodically (at least once a year or after major updates).

Server Security Audit

  • Servers and databases are security audited and hardened.
  • Access is restricted physically and through network controls.
  • Logs maintained for all access and activities.
  • System patches, bug fixes, and antivirus updates applied regularly.

Data Security

Hooghly CSL takes security seriously and implements measures to prevent loss, theft, or misuse of user information.

Website Access Rights

Website accessibility is controlled based on security requirements. Firewall rules are configured to restrict or allow access geographically as required to mitigate cyber threats.

Website Architecture

(Block Diagram to be added)

Network Architecture Diagram

(Block Diagram to be added)

NAT Gateway Information

(Public IP & Private IP Details to be added)