Government on India

Disclaimer and Policies

Disclaimer

Although information and contents of various departmental websites on this website have been provided with care and diligence, the State Election Commission of Maharashtra does not take responsibility on how this information is used or the consequences of its use. In case of any inconsistency/ confusion, the user should contact the concerned Department/Officer of the State Election Commission of Maharashtra for further clarifications.

Copyright Policy

Material featured on this website may be reproduced free of charge in any format or media without requiring specific permission. This is subject to the material being reproduced accurately and not being used in a derogatory manner or in a misleading context. Where the material is being published or issued to others, the source must be prominently acknowledged. However, the permission to reproduce this material does not extend to any material on this site which is identified as being the copyright of the third party.

Content Contribution, Moderation and Approval Policy (CMAP)

Content is created by the Nodal officers designated by the Web Information Manager. It is approved by the Web Information Manager and emailed to sec.mh@mah.gov.in is for publishing on the website of the State Election Commission of Maharashtra. We also ensure that the website content is free from offensive and/or discriminatory language.

Content received by the webmaster on the designated email ID sec.mh@mah.gov.in is published on the website through a web-based Content Management System within the same working day.

Sr. No. Content Element Frequency Reviewer Approver
1 Banners on Homepage Half yearly Nodal Officer Web Information Manager
2 Banners on internal pages Half yearly Nodal Officer Web Information Manager
3 Disclaimer and Policies Yearly Nodal Officer Web Information Manager
4 Accessibility statement Yearly Nodal Officer Web Information Manager
5 Help Yearly Nodal Officer Web Information Manager
6 Feedback Yearly Nodal Officer Web Information Manager
7 Contact Us Yearly Nodal Officer Web Information Manager

Content Archival Policy

Web Information Manager reviews entries under ‘News and Events’, ‘Tenders’ and ‘IT Policies’ sections, and take decision to archive the entries as stated below.

Sr. No. Content Element Entry Policy Exit Policy
1 News and Events As updated As per expiry date
2 Tenders As updated As per expiry date
3 Important Documents As updated As per expiry date

Content Review Policy

The Content Review Policy is prepared by the Nodal officers designated by the Web Information Manager. This policy is based on different type of content elements, in validity and relevance.

The entire website content is reviewed for syntax/grammar checks once in a month by the Web Information Manager.

Sr. No. Tab heading Frequency of review Reviewer Approver
1 About Us Yearly Nodal Officer Web Information Manager
2 Projects Yearly Nodal Officer Web Information Manager
3 Services Monthly Nodal Officer Web Information Manager

Hyperlinking Policy

Links to External Websites/Portals

At many places in this website, you shall find links to other websites/portals created and maintained by other Government, non-Government / private organisations. These links have been placed for your convenience. When you select a link, you are navigated to that website. Once on that website, you are subject to the privacy and security policies of the owners / sponsors of that website. The State Election Commission of Maharashtra is not responsible for the contents and reliability of the linked websites and does not necessarily endorse the views expressed in them. Mere presence of the link or its listing on this website should not be assumed as endorsement of any kind.

Links to the State Election Commission of Maharashtra’s website by other websites/portals

We do not object you for linking directly to the information that is hosted on our website and no prior permission is required for the same. However, we do not permit our pages to be loaded into frames of your site. Our website's pages must load into a newly opened browser window of the user.

Privacy Policy

As a general rule, this website does not automatically capture any specific personal information from you, (such as name, phone number or e-mail address), that allows us to identify you individually. This website records your visit and logs related to the following information for statistical purposes, such as Internet Protocol (IP) addresses, domain name, browser type, operating system, the date and time of the visit and the pages visited. We make no attempt to link these addresses with the identity of individuals visiting our website unless an attempt to damage the website has been detected. We will not identify users or their browsing activities, except when a law enforcement agency may exercise a warrant to inspect the service provider's logs. If website of the State Election Commission of Maharashtra requests you to provide personal information, you will be informed how it will be used if you choose to give it and adequate security measures will be taken to protect your personal information.

Terms and Conditions

This website is designed, developed and maintained by the Maharashtra Information Technology Corporation Limited. The content on this website is provided by the State Election Commission of Maharashtra and by accessing this website, you unconditionally accept to be legally bound by the terms and conditions. If you do not agree to the mentioned terms and conditions, please do not access the website.

Efforts have been made to ensure the accuracy and currency of the content on this website; however, the same should not be interpreted as a statement of law or used for any legal purposes. In case of any ambiguity or doubts, users are advised to verify / check with the concerned Department(s) and / or other source(s), and obtain appropriate professional advice.

Under no circumstances, website of the State Election Commission of Maharashtra will be liable for any expense, loss or damage including, without limitation, indirect or consequential loss or damage or any expense, loss or damage whatsoever arising from use, or loss of data, arising out of or in connection with the use of this website. These terms and conditions shall be governed by and construed in accordance with the Indian Laws. Any dispute arising under these terms and conditions shall be subject to the jurisdiction of the courts of India.

Website Monitoring Plan

Website Monitoring Policy is in place and the website is monitored periodically to address and fix the quality and compatibility issues around the following parameters:

Performance

Site download time is optimized for a variety of network connections as well as devices. All important pages of the website are tested for this.

Functionality

All modules of the website are tested for their functionality. The interactive components of the website such as feedback forms are working smoothly.

Broken Links

The website is thoroughly reviewed to rule out the presence of any broken links or errors.

Traffic Analysis

The site traffic is monitored to analyse the usage patterns as well as visitors.

Feedback

A proper mechanism for feedback is in place to carry out the changes and enhancements as suggested by the visitors.

Contingency Management Plan

A contingency plan is crucial to ensure preparedness and minimize the impact of defacement or natural calamities. Here are some general steps we considered while developing a contingency plan:

Risk Assessment: We have identified the potential risks and vulnerabilities our organization may face, such as defacement of property or natural calamities like floods, earthquakes, storms, or fires. We have assessed the likelihood and potential impact of each risk.

Emergency Response Team: We have established an emergency response team comprising key personnel from different departments. We have defined their roles and responsibilities in the event of an emergency. We have also designated a team leader who will coordinate the response efforts.

Communication Plan: We have established a clear communication plan to ensure effective communication with employees, stakeholders, and the public. This plan includes multiple channels of communication, such as email, text messages, social media, and designated communication points.

Data Backup and Recovery: We regularly backup critical data and store it securely in the cloud. We have established a data recovery plan to ensure the restoration of essential systems and data in the event of defacement or data loss.

Physical Security Measures: We have implemented security measures to protect our organization's assets, including surveillance systems, access controls, and alarms. We have also considered measures to protect against vandalism or defacement.

Insurance Coverage: We have reviewed and updated insurance policies to ensure they adequately cover potential damages resulting from defacement or natural calamities. We have consulted with insurance experts to understand the coverage and claims process.

Training and Drills: We regularly conduct training sessions and emergency drills to educate employees about emergency procedures and their roles during an emergency. These drills help ensure that everyone is prepared and familiar with the contingency plan.

Recovery and Restoration: We have developed strategies for post-event recovery and restoration of normal operations. We have identified key priorities, such as damage assessment, repairs, resuming essential services, and supporting affected employees.

Regular Plan Review and Updates: We continuously review and update our contingency plan to incorporate lessons learned from drills, real events, or changes in the organization's structure or operations. We also ensure that the plan remains current and relevant.

Business continuity plan

Developing a business continuity plan (BCP) specific to organization involves a thorough understanding of operations, critical processes, and potential risks. Here are some key steps we have considered to create a business continuity plan:

  1. Business Impact Analysis (BIA): We have conducted a comprehensive assessment of our organization's critical functions, processes, and dependencies and identified potential risks, determined the impact of disruptions on our operations, such as financial loss, reputational damage, and customer dissatisfaction.
  2. Risk Assessment: We have evaluated the risks specific to our organization, including natural disasters, cyber threats, supply chain disruptions, and any other potential hazards and prioritized the risks based on their likelihood and impact on our business.
  3. Recovery Objectives: We have determined the recovery time objectives (RTO) and recovery point objectives (RPO) for each critical process. RTO defines the acceptable downtime for a process, while RPO determines the maximum data loss permissible.
  4. Continuity Strategies: We have developed strategies to mitigate the impact of disruptions and ensure continuity of operations. This includes redundant systems, alternative suppliers, backup facilities, cloud-based services, and remote work arrangements. We have considered the costs, feasibility, and effectiveness of each strategy.
  5. Emergency Response Plan: We have established an emergency response team and defined their roles and responsibilities during an emergency. We have created a clear communication plan to ensure effective internal and external communication during the crisis. We have also identified primary and alternate means of communication.
  6. Data Backup and Recovery: We have implemented a robust data backup and recovery system. We regularly backup critical data and ensure secure offsite storage or cloud-based solutions. We also test data recovery procedures to ensure data integrity and availability.
  7. Incident Management: We have developed procedures to identify, report, and respond to incidents promptly. We have established protocols for escalation, decision-making, and coordination during an emergency and trained employees on incident management processes and their roles.
  8. Testing and Training: We regularly conduct BCP drills and exercises to test the effectiveness of the plan. We identify gaps or areas for improvement and update the plan accordingly. We also provide training to employees on their roles and responsibilities during an emergency.
  9. Plan Maintenance and Review: We continuously review and update our business continuity plan as our organization evolves or new risks emerge. We keep contact lists, emergency procedures, and recovery strategies up to date. We also conduct periodic audits to ensure compliance with the plan.

Defacement of the website under business continuity plan

Addressing the defacement of a website as part of a business continuity plan involves specific steps to restore the website's functionality, reputation, and security. Here is the approach we have for dealing with website defacement:

  1. Detection and Response:
    • We monitor our website regularly to detect any signs of defacement. Implement security measures like intrusion detection systems and web application firewalls to aid in early detection.
    • As soon as defacement is detected, we trigger our incident response plan and notify our designated response team.
    • We assess the extent of the defacement and gather evidence. Take screenshots or capture the defaced pages for documentation purposes.
  2. Isolate and Investigate:
    • We immediately isolate the affected website to prevent further damage or compromise.
    • We conduct a thorough investigation to determine the cause and extent of the defacement. Identify any potential vulnerabilities or weaknesses in our website's security.
  3. Restore from Backup:
    • We initiate the restoration process from a known backup that predates the defacement. Ensure that the backup is clean and free from any malicious code or vulnerabilities.
    • We verify the integrity of the backup and validate that the restored website is functioning correctly.
  4. Patch and Secure:
    • We identify and address any vulnerabilities or weaknesses that led to the defacement. Update our website's software, plugins, themes, and any other components to their latest versions.
    • We implement robust security measures, such as strong authentication mechanisms, regular security audits, and web application firewalls, to safeguard against future defacement attempts.
  5. Review and Test:
    • We conduct a thorough review of the incident and identify any lessons learned. Assess the effectiveness of our response and recovery efforts.
    • We perform penetration testing or vulnerability assessments to identify and address any remaining security gaps.
    • Regularly test our website's security and functionality to ensure ongoing protection against defacement or other threats.
  6. Communication and Reputation Management:
    • We have developed a communication plan to inform our stakeholders, customers, and users about the incident, the steps taken to address it, and any measures implemented to prevent future incidents.
    • We are transparent and proactive in addressing any concerns or questions raised by stakeholders.
    • We monitor our website's reputation and respond promptly to any negative impact resulting from the defacement. We engage in public relations activities as necessary to restore trust and confidence.

Data corruption as per DR

Resolving data corruption from a Disaster Recovery (DR) site involves a systematic approach to restore data integrity and ensure business continuity. Here are the general steps to address data corruption from a DR site:

  1. Identify and Isolate Corrupted Data:
    • Determine the scope and extent of the data corruption. Identify the specific files, databases, or systems affected by the corruption.
    • Isolate the corrupted data to prevent further damage or spreading of the corruption. This involve disconnecting affected systems from the network or disabling access to corrupted files.
  2. Determine the Source and Cause:
    • Investigate the cause of the data corruption. It could be due to hardware failures, software bugs, human error, malware, or other factors.
    • Determine whether the corruption originated from the primary site or occurred during the replication process to the DR site. This information helps in identifying the appropriate resolution steps.
  3. Restore from Backup:
    • With clean backups of the affected data, initiate the restoration process from a known good backup. Ensure that the backup is unaffected by the data corruption.
    • Verify the integrity of the backup and validate the restored data to ensure it matches the expected state.
  4. Data Synchronization and Reconciliation:
    • If the data corruption occurred during replication to the DR site, initiate a synchronization process to reconcile the corrupted data.
    • Depending on the replication method and technologies used, consult the documentation or contact the vendor for guidance on how to synchronize and resolve any discrepancies.
  5. Data Repair and Recovery:
    • In cases where the corrupted data cannot be restored from backups or synchronization alone, consider data repair techniques. This involve using specialized tools or engaging data recovery experts to salvage and repair the corrupted data.
  6. Data Validation and Testing:
    • Once the data restoration and repair processes are complete, validate the integrity and accuracy of the recovered data. Perform thorough testing and verification to ensure that the data is usable and free from corruption.
  7. System and Process Improvements:
    • Analyse the root cause of the data corruption incident and identify any underlying vulnerabilities or weaknesses in systems or processes.
    • Implement appropriate measures to prevent future data corruption incidents. This involve hardware upgrades, software patches or updates, improved backup and replication procedures, or enhanced data validation checks.
  8. Documentation and Communication:
    • Document the steps taken to resolve the data corruption issue, including the root cause analysis and the actions performed to recover the data.
    • Communicate with relevant stakeholders, such as IT teams, management, and affected users, to keep them informed about the incident, resolution, and any preventive measures implemented.

Natural disasters according to DR and DC and vice versa

DR (Disaster Recovery) and DC (Data Centre) are closely related concepts, and they both play critical roles in mitigating the impact of natural disasters on business operations. Here's an overview of how they relate to each other:

  1. Disaster Recovery (DR):
    • DR refers to the strategies, processes, and procedures put in place to recover and restore critical business functions and IT systems after a disruptive event, such as a natural disaster.
    • A DR plan outlines the steps to be taken to minimize downtime, recover data, and resume operations in the event of a disaster.
    • DR typically involves maintaining redundant systems, data backups, and alternate infrastructure at an off-site location to ensure business continuity.
  2. Data Centre (DC):
    • A data centre is a physical facility that houses computer systems, servers, networking equipment, and storage resources required for processing and storing data.
    • Data centres are designed to provide a controlled and secure environment for housing critical IT infrastructure.
    • They include redundant power supplies, cooling systems, fire suppression measures, and physical security measures to protect the equipment and ensure uninterrupted operation.

Interconnection between DR and DC in the context of natural disasters:

  1. DR Site Location:
    • The DR site is typically located in a geographically separate area from the primary data centre to mitigate the impact of localized natural disasters. For example, if the primary data centre is in a flood-prone area, the DR site may be situated in a region less susceptible to flooding.
  2. Data Replication and Backup:
    • Data replication is a key component of DR, where critical data is continuously or periodically copied from the primary data centre to the DR site. This ensures that in the event of a natural disaster, the most up-to-date data is available for recovery and restoration.
    • Backup copies of data are stored at the DR site, often using techniques such as tape backups, disk-to-disk backups, or cloud-based backups. These backups provide additional layers of data protection and help facilitate recovery.
  3. Failover and Recovery Procedures:
    • In the event of a natural disaster that affects the primary data centre, DR procedures are initiated to switch operations to the DR site seamlessly. This can involve activating redundant systems, restoring data from backups, and redirecting network traffic.
    • The DR plan outlines the specific steps and processes required to recover and restore critical systems and operations, ensuring minimal disruption and downtime.
  4. Continuous Monitoring and Testing:
    • Both the primary data centre and the DR site are subject to continuous monitoring to ensure their availability and readiness to handle potential disasters.
    • Regular testing and validation of the DR plan and systems are conducted to ensure their effectiveness and identify any areas for improvement. These tests simulate disaster scenarios and assess the ability to recover data and resume operations.
  5. Disaster Recovery (DR):
    • Natural disasters, such as hurricanes, earthquakes, floods, wildfires, or severe storms, pose a threat to the availability and integrity of IT systems and data.
    • DR focuses on implementing strategies and procedures to recover IT infrastructure, applications, and data after a disaster occurs. This includes restoring critical systems, data, and operations to minimize downtime and ensure business continuity.
    • DR plans consider the potential impact of various natural disasters on the primary data centre and define procedures to shift operations to a secondary site (DR site) if the primary site becomes unavailable or compromised.
    • DR sites are typically geographically distant from the primary data centre, reducing the risk of both sites being affected by the same natural disaster.
  6. Data Centres (DC):
    • Data centres are facilities that house IT infrastructure, including servers, storage systems, networking equipment, and power and cooling infrastructure.
    • The location of data centres is crucial in mitigating the risks posed by natural disasters. It's important to choose data centre locations that are less prone to specific natural disasters common to the region, such as areas with low flood risk or seismic activity.
    • Data centres implement physical security measures, redundancy in power and cooling systems, fire suppression systems, and other disaster mitigation techniques to protect the infrastructure from natural disasters.
    • Data centres also employ backup systems and data replication techniques to ensure data availability and minimize the risk of data loss in the event of a natural disaster.
  7. Interdependence:
    • Natural disasters can impact both the primary data centre and the DR site, depending on their geographical proximity and the scope of the disaster.
    • To mitigate this risk, organizations opt for geographically diverse DR sites located in areas less prone to the same types of natural disasters as the primary data centre. This helps ensure that if one site is affected, the other site remains operational.
    • Data replication and backup mechanisms, such as asynchronous replication or cloud-based backups, used to maintain up-to-date copies of critical data at the DR site, reducing the risk of data loss in case of a disaster.
  8. Testing and Preparedness:
    • Regular testing and drills are essential for both DR and DC to assess their readiness in the face of natural disasters.
    • Organizations conduct simulated disaster scenarios, such as table top exercises or full-scale recovery tests, to validate the effectiveness of DR plans and procedures.
    • Data centres regularly review and update disaster mitigation strategies, including physical security measures, infrastructure redundancies, and compliance with relevant safety and building codes.

Website Security Policy

The State Election Commission of Maharashtra uses secured servers for this website. We have taken a number of steps to safeguard the integrity of its data and to provide reasonable protection of private information that is in our possession.

For information security purposes, the computer systems that host our website, employs software programs to monitor network traffic to identify unauthorized attempts to compromise its devices. If security monitoring reveals possible evidence of criminal activity, information pertaining to such activity may be provided to law enforcement officials.