Security Policy

1 Policy Statements

• 1. National Internet Exchange of India (hereinafter referred to as “NIXI”) has the responsibility to protect Personally Identifiable Information from disclosure to unauthorized parties and to create a secure, resilient and trusted cyberspace ecosystem.
• 2. NIXI has implemented robust security protocols to restrict access to web servers and IT infrastructure through physical and logical controls. Reasonable measures are in place to define network boundaries, segregate connections for different purposes, apply traffic filtering, monitor unusual or suspicious activities and restrict access to essential services only.
• 3. Personal Information is protected with adequate safeguards under the terms of cyber security and other measures, with internal checks and mechanisms to ensure compliance with the requirements under law.
• 4. Content contributed to the website is duly authenticated & is not published to the server directly. All content contributed must go through the moderation process before final publishing to the website.
• 5. Hardening of servers has been done as per the government cybersecurity guidelines.
• 6. NIXI may engage certain third-party Service Providers that meet adequate Security Measures requirements under applicable law, Information security policies, processes and procedures and subject to the contractual obligations ensuring confidentiality and data security.
• 7. NIXI uses third party secure cloud servers meeting reasonable government approved standards with clear contractual obligations specifying data handling rules, access limits, monitoring and safe data retrieval or deletion mechanism to ensure compliance with applicable law.
• 8. NIXI engage third party service providers, including cloud service providers that meet adequate security requirements under applicable laws and government approved standards. Appropriate contractual obligations are established to ensure confidentiality, define data handling practices, limit access, enable monitoring and provide secure data retrieval or deletion.
• 9. All devices, operating systems and application software are regularly updated with the latest security patches, fixes and signatures to ensure protection against known vulnerabilities at all times.
• 10. Back-up of information and software are taken and tested regularly in accordance with the backup procedure of the establishment and criticality of information.
• 11. NIXI carry proper internal and external audit of the entire ICT infrastructure and deploy appropriate security controls based on the audit outcome.
• 12. Internal team will monitor NIXI at regular intervals to check the web pages to confirm that the web pages are up and running, that no unauthorized changes have been made, and that no unauthorized links have been uploaded.