eTaal has a responsibility to protect from disclosure to unauthorized parties the personally identifiable information (name, address, date of birth, social security number, etc.) of its website users. Therefore, eTaal has adopted and implemented a website security policy to protect account information of its website users.

eTaal will not sell, trade, nor disclose the personally identifiable information of its website users to any unauthorized third parties.

eTaal takes all steps possible to ensure that the data on the website is accurate. If something is found to be inaccurate eTaal will make every effort to correct said information as quickly as possible. If it is found to be an inaccuracy with the entire system eTaal will work swiftly to correct the problem so that your web experience is as trouble-free as possible. The information contained on the eTaal website is subject to change without prior advance notice.

While using the eTaal website certain information such as your IP Address and time spent on pages may be collected. This non-personal information is collected in order to monitor any unauthorized use or access to the eTaal site. Anyone caught attempting to harm, steal information from, or otherwise damage the eTaal website will be prosecuted to the full extent of the law.

eTaal website is hosted at NIC data Centre and is being developed and managed by a team of Engineers of NIC. NIC has taken every precaution to secure information on eTaal website. The eTaal website is placed in protected zone with implementation of firewalls and IDS (Intrusion Detection System) and high availability solution in Shastri Park Data Centre.

Before the launch of the eTaal website, NIC has done the simulated penetration testing. Also penetration testing has been done after the launch of the website.

Application Security Audit: A large number of web enabled applications are in use in the eTaal website for displaying the information dynamically as per the users’ requests. All the applications have been security audited for the known application level vulnerabilities and all the application security vulnerabilities have been addressed before the launch of the website.

Server Audit: The Applications and database servers hosting the eTaal applications and Databases have been security audited. The hardening of the server has been done as per the guidelines given by the NIC Cyber security division. The access to the server is restricted both physically and through the network as far as possible. The Logs are being maintained for authorized physical access to eTaal servers. The servers have been placed behind the Application firewall in order to make them hidden to the outside public.

All the development work is done on separate development environment and well tested on staging server before updating it on the production server. The eTaal website contents on the NIC Data centre servers are uploaded using secured access.

The contents are first checked on the development server before publishing on the production server. All contents of the web pages are checked for intentional or unintentional malicious content before final upload of the same on the web server.

Audit and Log of all activities referring to the operating system, access to the system and access to applications are maintained and archived. All rejected accesses and services are logged and listed in exception reports for further scrutiny.

All newly released system software patches, bug fixes and upgrades are deployed regularly and reviewed. The Antivirus has been deployed on the servers and is updated online.

Servers’ passwords at NIC data center are changed at the interval of one month and are shared by authorized officers of NIC only.

If you have any questions regarding the eTaal Website Security Policy, please contact the eTaal using the information below:

A-Block, CGO Complex, Lodhi Road

New Delhi - 110 003 India

Telephone No: 011-24305511