Document Name: Issued by Approved By Original Release Effective

HO - IT IT Head 03rd Apr 2023 15th Sep 2023

Information
Technology Policy Page Version Revised On Replaces Version
#0.01 15th Sep 2023 0
1of16

Contents
1 Introduction......................................................................................................................2
2 Roles and Responsibilities.............................................................................................2
3 IT Assets Management...................................................................................................3
4 Information Security........................................................................................................5
A. High Risk:...............................................................................................................6
B. Medium Risk:.........................................................................................................6
C. Low Risk:...............................................................................................................6
 File Backup System:......................................................................................................7
 Server backup:...............................................................................................................7
5 Network Infrastructure....................................................................................................7
6 Email and Communication.............................................................................................8
7 Internet Usage Policy.....................................................................................................9
8 Software Usage Policy..................................................................................................10
9 Hardware Usage and Maintenance.............................................................................12
10 Disaster Recovery and Business Continuity.............................................................13
11 Laptop Theft Policy.....................................................................................................14
12. Policy Review and Updates......................................................................................14

1 Introduction
 Document Name: Issued by Approved By Original Release Effective
HO - IT IT Head 03rd Apr 2023 15th Sep 2023
Information
Technology Policy Page Version Revised On Replaces Version
#0.01 15th Sep 2023 0
2of16

1.1 Purpose of the IT Department Policy

The purpose of this IT Department policy is to establish guidelines, procedures,
and best practices for the management, usage, and security of information technology
resources within Tsugami Precision Engineering India Pvt., Ltd., This policy aims to ensure
the efficient, secure, and complaint use of IT assets and services to support the
organizations mission and objectives.

1.2 Scope of the Policy

This policy applies to all employees, contractors, and authorized users who
access or utilize IT resources provided by Tsugami Precision Engineering India Pvt., Ltd. It
encompasses all aspects information technology, including hardware, software, networks,
and data.

1.3 Objectives
The primary objectives of this policy are:

 To safeguard the confidentiality, integrity and availability of data and information

systems.
 To promote responsible and ethical use of IT resources.
 To ensure compliance with applicable laws, regulations, and industry standards.
 To streamline IT asset management and procurement process.
 To establish clear roles and responsibilities for IT staff and end users.

1.4 Compliance
 All employees are expected to comply with the IT Policy rules and guidelines
while purchasing, using, and maintaining any equipment or software purchased
or provided by the organization.
 Any employees who misuse the internet notices or improper use of laptop /
desktop within the organization must inform his/her Reporting Manager(s)
immediately. Based on Dept requirement.
 Inappropriate use of IT equipment and software by an employee will be subject to
disciplinary action as deemed fit by the HR of the organization.

2 Roles and Responsibilities

2.1 IT Department Organization

The IT department at Tsugami Precision Engineering India Pvt. Ltd., is structured
to include the following roles and responsibilities.

 IT Managers
 System Administrators
 Help Desk Support
 Network Administrators
 Security (Door Access)
Each role has Specific duties and responsibilities, as outlined in their respective job
descriptions.

2.2 Responsibilities of IT Staff

 Document Name: Issued by Approved By Original Release Effective
HO - IT IT Head 03rd Apr 2023 15th Sep 2023
Information
Technology Policy Page Version Revised On Replaces Version
#0.01 15th Sep 2023 0
3of16

IT staff members are responsible for:

 Maintaining the security and functionality of IT systems.

 Providing technical support to end users.
 Enforcing IT policies and procedures.
 Conducting regular security assessments.
Staying updated on industry best practices and emerging technologies.

2.3 Responsibilities of End Users

End users of IT resources are responsible for:

 Adhering to IT policies and procedures.

 Safeguarding their login credentials and personal devices.
 Reporting security incidents promptly.
 Using IT resources for authorized purposes only.
Seeking assistance from the IT department when encountering technical issues.

2.4 IT Support

 Tsugami uses an online email system to provide IT Support to its employees and
clients. The email id for the same is systems@tsugami.co.in
 Employees may need hardware/software installations or may face technological
issues which cannot be resolved on their own. Employees are expected to get
help from the IT Dept. for such issues via the IT Support Email ID only.
 Any IT Support work informed or assigned via emails sent on employee email
IDs, chats or any other media except the IT Support Email ID would be not
entertained.
 For the sake of quick understanding, employees are expected to provide details
of their issue or help required in the Support Email sent.
 For major issues like Desktop, Laptop replacement, non-working equipment,
installation of application software and more, it is mandatory for all employees to
inform the IT Dept.
 For any damage to Desktop, Laptop, and printer approval from Reporting
Manager would be required for replacements.
 After sending the email, employees should expect a reply from the IT Dept within
1 working day. The IT Dept. may ask the employee to deposit the problematic
equipment to the IT Dept. for checking and will inform the timeline for
repair/maintenance/troubleshooting/installations or the required work.

 If there is no response in 1 working day, then the IT Dept. Designated Staff

should be asked for an explanation for the delay. If no response is obtained in 3
working days, a complaint can be raised through an email to the employee’s
Reporting Manager and IT Dept. Designated Staff.
 Issue’s will be resolved on a First-Come-First-Served basis. However, the priority
can be changed on request at the sole discretion of the designated team in IT
Dept.

3 IT Assets Management
 Document Name: Issued by Approved By Original Release Effective
HO - IT IT Head 03rd Apr 2023 15th Sep 2023
Information
Technology Policy Page Version Revised On Replaces Version
#0.01 15th Sep 2023 0
4of16

3.1 Inventory Management

 The IT Dept. is responsible for maintaining an accurate inventory of all
technological assets, software and tangible equipment purchased by the
organization.
 The following information is to be maintained for above mentioned assets
in an Inventory Sheet:
a. Item
b. Brand/ Company Name
c. Serial Number
d. Basic Configuration (e.g., HP Laptop, 120 GB HD, 2 GB RAM etc.)
e. Physical Location
f. Date of Purchase
g. Current Person In-Charge
 When an Inventory Sheet is updated or modified, the previous version of the
document should be retained. The date of modification should be mentioned
in the sheet.
 All technological assets of the organization must be physically tagged with
codes for easy identification.
 Periodic inventory audits will be carried out by the IT Dept. to validate the
inventory and make sure all assets are up-to-date and in proper working
condition as required for maximum efficiency and productivity.

3.2. Equipment Allocation, De-Allocation & Relocation

1) Allocation of Assets:
 All technological assets of the organization must be physically tagged with
codes for easy identification.
 New Employees may be allocated a personal computer (desktop or laptop)
for office work on the Day of Joining, as per work requirement.
 If required, employees can request their Reporting Manager(s) for
additional equipment or supplies like external keyboard, mouse etc.,
 Allocation of additional assets to an employee is at the sole discretion of the
Reporting Manager(s).

2) De-allocation of Assets:
 Based on the HR dept email confirmation, who are relieving from the
organization we will deactivate the email id and SAP id & VPN access on
same day.
 It is the Reporting Manager’s/HR Dept responsibility to collect all allocated
organizational equipment & other assets from an employee who is leaving
the organization.
 Updating the Inventory Sheet is mandatory after receiving back all
allocated equipment.
 The received assets must be to IT Dept.

3.3. Procurement and Disposal of IT Assets

 Document Name: Issued by Approved By Original Release Effective
HO - IT IT Head 03rd Apr 2023 15th Sep 2023
Information
Technology Policy Page Version Revised On Replaces Version
#0.01 15th Sep 2023 0
5of16

1. Procurement of IT Assets:
Procurement refers to the acquisition of new IT assets, including hardware,
software, and related services.
 Start by identifying the organization's IT needs. Determine what equipment,
software, or services are required to meet business objectives.
 Allocate a budget for IT procurement. Ensure it aligns with the identified
needs and is realistic based on available funds.
 Research and select reliable vendors or suppliers. Consider factors such as
product quality, pricing, reputation, and customer support.
 Implement a system for tracking and managing newly acquired IT assets. This
includes recording asset details, serial numbers, and warranties.
 Install and configure new assets as needed. Ensure they are integrated into
the existing IT infrastructure.

2. Disposal of IT Assets:
The disposal of IT assets is equally important as procurement, as it involves
securely removing and decommissioning old or obsolete equipment. Improper
disposal can lead to data breaches and environmental hazards.
 Maintain an up-to-date inventory of all IT assets, including their age,
condition, and usage.
 Before disposal, ensure that all sensitive data is securely wiped from storage
devices. This may involve using data erasure software or physically
destroying hard drives.
Effective management of IT asset procurement and disposal is crucial for
maintaining the security, efficiency, and cost-effectiveness of an organization's IT
infrastructure. It requires careful planning, documentation, and compliance with
relevant laws and regulations.

3.4 Asset Tracking and Documentation

Implement a system for tracking and managing newly acquired IT assets. This
includes recording asset details, serial numbers, and warranties. Consider whether
any IT assets can be resold or donated. Responsible recycling or disposal options
should be pursued for assets that cannot be reused. Documentation is the process of
creating and maintaining records related to assets. Proper documentation ensures
transparency, accountability, and compliance.

4 Information Security

Information security means protection of the organization’s data, applications,

networks and computer systems from unauthorized access, alteration, and
destruction. The Information Security Policy provides guidelines to protect data
integrity based on data classification and secure the organization’s information
systems.

 Various methods like access control, authentication, monitoring, and review will be
used to ensure data security in the organization.
 Security reviews of servers, firewalls, routers, and monitoring systems must be
conducted on a regular basis. These reviews should include monitoring of access
logs and intrusion detection software logs.
 Document Name: Issued by Approved By Original Release Effective
HO - IT IT Head 03rd Apr 2023 15th Sep 2023
Information
Technology Policy Page Version Revised On Replaces Version
#0.01 15th Sep 2023 0
6of16

 Appropriate training must be provided to data owners, data users, and network &
system administrators to ensure data security.

4.1 Data Classification and Handling

The organization classifies data into three categories:
A. High Risk:
i. It includes information assets which have legal requirements for
disclosure and financial penalties imposed for disclosure.
ii. E.g., Payroll, personnel, financial, biometric data, engineering drawing
B. Medium Risk:
i. It includes confidential data which would not impose losses on the
organization if disclosed, but is also not publicly available.
ii. E.g. Agreement documents, unpublished reports, etc.
C. Low Risk:
i. It includes information that can be freely disseminated.
ii. E.g. brochures, published reports, other printed material etc.

Different protection strategies must be developed by the IT department for the above three
data categories. Information about the same must be disseminated appropriately to all
relevant departments and staff.

High risk data must be encrypted when transmitted over insecure channels.

4.2 Access Control and User Authentication

 Access to the network, servers and systems in the organization will be
achieved by individual logins and will require authentication.
 Authentication includes the use of passwords, biometrics, or other
recognized forms of authentication.
 All users of systems which contain high or medium risk data must have a
strong password as defined in the IT Policy.
 Default passwords on all systems must be changed after installation.
 Where possible and financially feasible, more than one person must have
full rights to any organization-owned server storing or transmitting high risk
and medium risk data.
4.3 Password Management

 Select strong passwords with at least eight characters (capital and lower-case
letters, symbols and numbers like @! #$^&...etc.) without using personal
information and common (e.g. birthdays, welcome123, password).
 Remember passwords instead of writing them down and keep them secret.
 Use different passwords for different accounts. Avoid using the same
password across multiple websites or services.
 Change passwords periodically, especially for critical accounts.
 Educate yourself and your employees (if applicable) about good password
practices, phishing awareness, and general cybersecurity best practices.

By following these password management best practices, individuals and

organizations can significantly enhance their cybersecurity posture and reduce the
risk of unauthorized access to their accounts and sensitive information.
 Document Name: Issued by Approved By Original Release Effective
HO - IT IT Head 03rd Apr 2023 15th Sep 2023
Information
Technology Policy Page Version Revised On Replaces Version
#0.01 15th Sep 2023 0
7of16

4.4 Data Backup and Recovery

 File Backup System:
a. Organization will be installing a file server for backing up data of all
employees. All employees are expected to keep official data on the
file system.
b. Employee’s Reporting Manager or the Management or the IT Dept
will have access to that data.
c. All employees will login to the file server through ADC1 user ID and
password.
 Server backup:
a. IT Dept. is expected to maintain an incremental backup of all
servers with at least 2 copies of all servers. At any time, 2 backups
of all servers must be maintained.
The hard disk of every server should be in the Raid1 and 5 modes.

Data recovery is the process of restoring data from backups in the event of data loss or
a disaster.

Effective data backup and recovery, combined with a well-designed disaster recovery
plan, help organizations minimize downtime, maintain business continuity, and protect
valuable data assets in the face of unexpected events. These practices are essential
components of a robust information technology strategy.

5 Network Infrastructure
5.1 Network Access and Usage Policies
All PCs being used in the organization are enabled to connect to the
organization’s Local Area Network as well as the Internet. Network security is enabled in
all PCs through Firewall, Web Security and Email Security software.
Employees are expected to undertake appropriate security measures as enlisted in the
IT Policy.

The Internet Usage Policy provides guidelines for acceptable use of the organization’s
Internet network to devote Internet usage to enhance work productivity and efficiency and
ensure safety and security of the Internet network, organizational data, and the employees.

Internet is a paid resource and therefore shall be used only for office work. The organization
reserves the right to monitor, examine, block, or delete any/all incoming or outgoing internet
connections on the organization’s network. The organization has systems in place to monitor
and record all Internet usage on the organization’s network including each website visit, and
each email sent or received. The Management Committee can choose to analyse Internet
usage and publicize the data at any time to assure Internet usage is as per the IT Policy.

5.2 Firewall and Intrusion Detection/Prevention Systems

A firewall is a network security device or software that acts as a barrier between a
trusted internal network and untrusted external networks, such as the internet.
 Document Name: Issued by Approved By Original Release Effective
HO - IT IT Head 03rd Apr 2023 15th Sep 2023
Information
Technology Policy Page Version Revised On Replaces Version
#0.01 15th Sep 2023 0
8of16

The organization has installed an Internet Firewall to assure safety and security of the
organizational network. Any employee who attempts to disable, defeat, or circumvent the
Firewall will be subject to strict disciplinary action.
Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) are security
solutions that monitor network and system activities to detect and respond to suspicious or
malicious behaviour. They can be standalone appliances or software integrated into
firewalls or network infrastructure.

Firewalls primarily focus on controlling network traffic based on predefined rules,

while IDS/IPS systems are dedicated to detecting and responding to suspicious or
malicious activities within a network. Both technologies are essential components of a
layered security strategy, working together to safeguard networks and systems against a
wide range of cyber threats.

5.3 Remote Access and VPN Policies

Clearly state the purpose of the policy, such as enabling secure remote work, and
specify the scope, outlining the systems, users, and resources covered by the policy.
Define who is eligible for remote access. Specify roles, responsibilities, and criteria for
granting remote access privileges.
Many firewalls offer VPN capabilities to secure remote connections and facilitate secure
communication over untrusted networks.

6 Email and Communication

6.1 Email Usage and Etiquette

Our corporate email usage policy helps employees use their company email addresses
appropriately. Email is essential to our everyday jobs. We want to ensure that our employees
understand the limitations of using their corporate email accounts.

Our goal is to protect our confidential data from breaches and safeguard our reputation and
technological property. This policy applies to all employees, vendors and partners who are
assigned a TPE email.

Corporate emails are powerful tools that help employees in their jobs. Employees should use
their company email primarily for work-related purposes. However, we want to provide
employees with some freedom to use their emails for personal reasons. Employees are
allowed to use their corporate email for work-related purposes without limitations

We will define what constitutes appropriate and inappropriate use.

6.2 Email Security

Email is often the medium of hacker attacks, confidentiality breaches, viruses, and other
malware. These issues can compromise our reputation, legality, and security of our
equipment.
 Document Name: Issued by Approved By Original Release Effective
HO - IT IT Head 03rd Apr 2023 15th Sep 2023
Information
Technology Policy Page Version Revised On Replaces Version
#0.01 15th Sep 2023 0
9of16

 Select strong passwords with at least eight characters (capital and lower-case letters,
symbols and numbers like @! #$^&...etc.) without using personal information and
common (e.g. birthdays, welcome123, password).
 Remember passwords instead of writing them down and keep them secret.
 Change their email password every two months.

Also, employees should always be vigilant to catch emails that carry malware or phishing
attempts. We instruct employees to:

 Avoid opening attachments and clicking on links when content is not adequately
explained (e.g. “Watch this video, it’s amazing.”)
 Be suspicious of clickbait titles.
 Check email and names of unknown senders to ensure they are legitimate.
 Do not respond to requests for personal or sensitive information via email, even if the
request appears to be from a trusted source.
 Encrypt any proprietary or sensitive information sent via email.

If an employee is not sure that an email, they received is safe, they can ask our IT
department

We remind our employees to keep their anti-malware programs updated.

6.3 Instant Messaging and Collaboration Tools

IM allows users to exchange text messages in real time, making it convenient for quick
questions, updates, and discussions. IM platforms typically support group chat, enabling
multiple users to participate in a single conversation. Many IM tools allow users to share
files, images, documents, and other media directly within the chat interface. E.g., New Talk,
Teams etc.,

Tools like Google Workspace (formerly G Suite) and Microsoft 365 enable real-time
collaboration on documents, spreadsheets, and presentations. Cloud storage services like
OneDrive allow teams to store, share, and collaborate on files and documents.
Best Practices for Using IM and Collaboration Tools, ensure that the tools used are
compliant with your organization's security and data privacy policies. Provide training and
guidelines for proper tool usage, including etiquette and security practices.
Effective use of instant messaging and collaboration tools can enhance communication,
streamline workflows, and improve overall productivity, especially in today's dynamic work
environments.

7 Internet Usage Policy

The Internet Usage Policy provides guidelines for acceptable use of the
organization’s Internet network to devote Internet usage to enhance work
productivity and efficiency and ensure safety and security of the Internet network,
organizational data, and the employees.

7.1 Internet Access Policies

Internet is a paid resource and therefore shall be used only for office work. The
 Document Name: Issued by Approved By Original Release Effective
HO - IT IT Head 03rd Apr 2023 15th Sep 2023
Information
Technology Policy Page Version Revised On Replaces Version
#0.01 15th Sep 2023 0
10of1
organization reserves the right to monitor, examine, block, or delete any/all incoming or
outgoing internet connections on the organization’s network. The organization has systems
in place to monitor and record all Internet usage on the organization’s network including
each website visit, and each email sent or received. The Management Committee can
choose to analyse Internet usage and publicize the data at any time to assure Internet usage
is as per the IT Policy. The organization has installed an Internet Firewall to assure safety
and security of the organizational network. Any employee who attempts to disable, defeat, or
circumvent the Firewall will be subject to strict disciplinary action.

7.2 Social Media Usage

Employees are solely responsible for the content accessed and downloaded using
Internet facility in the office. If they accidentally connect to a website containing material
prohibited by the organization, they should disconnect from that site immediately. During
office hours, employees are expected to spend limited time to access news, social media,
and other websites online, unless explicitly required for office work. Employees are not
allowed to use Internet for non-official purposes using the Internet facility in office.
Employees should schedule bandwidth-intensive tasks like large file transfers, video
downloads, mass e-mailing etc. for off-peak times.

7.3 Website Access and Filtering

Website access and filtering policies are important components of an organization's

cybersecurity and IT governance strategy. These policies define the rules and guidelines for
accessing and filtering websites on corporate networks and devices.

Clearly state prohibitions, such as accessing malicious websites, engaging in illegal

activities, or visiting sites that may contain offensive or inappropriate content.

Describe the website filtering mechanisms in place, whether through hardware or software
solutions.

Explain the criteria used for filtering, which may include categories (e.g., social media,
gaming, adult content), specific URLs, and keywords.

Implementing and enforcing website access and filtering policies can help organizations
mitigate cybersecurity risks, improve productivity, and ensure compliance with legal and
regulatory requirements. It is important to communicate these policies clearly to all
employees and regularly review and update them to address emerging threats and changing
business needs.

8 Software Usage Policy

8.1 Objective
The Software Usage Policy is defined to provide guidelines for appropriate
installation, usage and maintenance of software products installed in organization-
owned computers.
 Document Name: Issued by Approved By Original Release Effective
HO - IT IT Head 03rd Apr 2023 15th Sep 2023
Information
Technology Policy Page Version Revised On Replaces Version
#0.01 15th Sep 2023 0
11of1
8.2 General Guidelines
 Third-party software (free as well as purchased) required for day-to-day work will
be pre- installed onto all company systems before handing them over to
employees. A designated person in the IT Dept. can be contacted to add to/delete
from the list of pre-installed software on organizational computers.
 No other third-party software – free or licensed can be installed onto a computer
system owned or provided to an employee by the organization, without prior
approval of the IT Dept.
 To request installation of software onto a personal computing device, an
employee needs to send a written request via the IT Ticket System or IT Support
Email.
 Any software developed & copyrighted by the organization belongs to the
organization. Any unauthorized use, storage, duplication, or distribution of such
software is illegal and subject to strict disciplinary action.
8.3 Compliance
 No employee is allowed to install pirated software on official computing systems.
 Software purchased by the organization or installed on organizational computer
systems must be used within the terms of its license agreement.
 Any duplication, illegal reproduction, or unauthorized creation, use and
distribution of licensed software within or outside the organization is strictly
prohibited. Any such act will be subject to strict disciplinary action.
 The IT Dept. procedures & guidelines need to be followed to purchase new
software (commercial or shareware) for official purposes. All approved software
will be purchased through the Procurement Dept., unless informed/permitted
otherwise.
 Any employee who notices misuse or improper use of software within the
organization must inform his/her Reporting Manager(s).

8.4 Software Registration

 Software licensed or purchased by the organization must be registered in the
name of the organization with the Job Role or Department in which it will be used
and not in the name of an individual.
 After proper registration, the software may be installed as per the Software Usage
Policy of the organization. A copy of all license agreements must be maintained
by the IT Dept.
 After installation, all original installation media (CDs, DVDs, etc.) must be safely
stored in a designated location by the IT Dept.

8.5 Software Audit

 The IT Dept. will conduct periodic audit of software installed in all company-
owned systems to make sure all compliances are being met.
 Prior notice may or may not be provided by the IT Dept. before conducting the
Software Audit.
 During this audit, the IT Dept. will also make sure the anti-virus is updated, the
system is scanned and cleaned and the computer is free of garbage data,
viruses, worms, or other harmful programmatic codes.
The full cooperation of all employees is required during such audits.
 Document Name: Issued by Approved By Original Release Effective
HO - IT IT Head 03rd Apr 2023 15th Sep 2023
Information
Technology Policy Page Version Revised On Replaces Version
#0.01 15th Sep 2023 0
12of1

9 Hardware Usage and Maintenance

hardware usage and maintenance policy are essential for organizations to
ensure the proper functioning and longevity of their hardware assets while minimizing
downtime and repair costs. This policy applies to all employees, contractors, and authorized
users who have access to and are responsible for hardware assets owned or used by
Tsugami Precision Engineering India Pvt. Ltd.

9.1 Computer and Device Usage

Hardware assets are to be used solely for official business purposes in alignment with
Tsugami Precision Engineering India Pvt., Ltd., mission, and goals.

Employees should handle hardware equipment with care to prevent physical damage. This
includes avoiding spills, drops, and unnecessary stress on devices.

All hardware, including computers and networking equipment, must have up-to-date security
patches and firmware updates installed promptly.

9.2 Equipment Maintenance and Repair

Employees are responsible for periodic maintenance might be necessary. This
can include tasks like cleaning the keyboard and screen of laptops, replacing thermal paste
on CPUs, or defragmenting hard drives (for traditional HDDs).

Employees should promptly report hardware issues, malfunctions, or damage to the IT

department. Hardware maintenance and repair requests should be submitted through the
designated channels.

Different types of hardware may have specific maintenance requirements, so consult the
user manuals or documentation provided by the manufacturers for device-specific guidance.
Following these guidelines can help extend the lifespan and reliability of your hardware,
saving you time and money in the long run.

9.3 Printing and Scanning Polices

This policy defines the guidelines and rules for the responsible use of printing
and scanning equipment within Tsugami Precision Engineering India Pvt., Ltd., to promote
efficiency, reduce waste, enhance security, and comply with applicable laws and regulations.

Printing should be limited to official business purposes and tasks directly related to job
responsibilities.

Whenever possible, employees are encouraged to use the duplex (double-sided) printing
option to reduce paper consumption.

Employees are encouraged to review documents on-screen and print only necessary
portions to reduce paper and ink/toner consumption.

Scanning should be used for legitimate business purposes, such as digitizing documents,
archiving records, or sending digital copies.
 Document Name: Issued by Approved By Original Release Effective
HO - IT IT Head 03rd Apr 2023 15th Sep 2023
Information
Technology Policy Page Version Revised On Replaces Version
#0.01 15th Sep 2023 0
13of1
When scanning sensitive or confidential information, take precautions to ensure secure
handling and storage of scanned files. Follow data security policies and procedures.

Minimize unnecessary printing and scanning to conserve paper, ink/toner, and energy.

10 Disaster Recovery and Business Continuity

Tsugami Precision Engineering India Pvt., Ltd., is committed to maintaining the
continuity of its operations in the event of a disaster, disruption, or unforeseen event. This
policy establishes guidelines for disaster recovery and business continuity planning to
mitigate risks and ensure minimal disruption to essential functions.

10.1 Backup and Restore Procedures

The purpose of this document is to define the procedures for creating, managing,
and restoring backups to ensure the integrity and availability of critical data for Tsugami
Precision Engineering India Pvt., Ltd.

Data owners are responsible for identifying critical data, specifying backup requirements,
and ensuring data protection measures are in place.

The IT department is responsible for implementing and managing backup solutions,

performing backups, testing backups, and restoring data when necessary. Any data loss or
backup-related incidents must be reported to the IT department promptly for investigation
and resolution.

All employees are required to comply with these backups and restore procedures and
associated policies.

The IT department is responsible for implementing technical solutions that support business
continuity, ensuring data backup and recovery procedures, and maintaining IT infrastructure
resilience.

10.2 Disaster Recovery Testing

Consider different disaster scenarios that could impact organization, such as
hardware failures, data corruption, cyberattacks, natural disasters, or power outages. Create
specific test scenarios that mimic these events.

Develop a detailed test plan that outlines the scope of the test, the resources required, the
steps to be followed, and the success criteria. Share this plan with all involved team
members.

Set up a separate testing environment that mirrors your production environment as closely
as possible. This environment should include all the necessary hardware, software, and
data.

Monitor the test closely, and document the results, including the time it takes to recover
systems and data, any issues encountered, and how effectively the DR plan was executed.

Ensure that employees involved in disaster recovery are adequately trained and prepared for
their roles during a real disaster.
 Document Name: Issued by Approved By Original Release Effective
HO - IT IT Head 03rd Apr 2023 15th Sep 2023
Information
Technology Policy Page Version Revised On Replaces Version
#0.01 15th Sep 2023 0
14of1
11. Laptop theft policy
A laptop theft policy is a set of guidelines and procedures that an organization puts in

place to prevent and respond to laptop theft. This policy aims to protect sensitive data,

minimize the financial impact of theft, and ensure the security of laptops and their contents.

Below are the key components to include in a laptop theft policy:

12.1. Employee Action:

First should complaint to the legal administration (Police) and management.

A CSIR copy should be provided to the head office by hand or courier.

After 1month if they do not get the laptop, Employee must be collected and provide the
Non- traceable Certificate at management from the police station.

12 Policy Review and Updates

16.1 Policy Review Process

16.2 Revision History

------------------------------------End of
Document----------------------------------