The Bureau of Police Research & Development (BPR&D) is committed to ensuring the highest standards of information security in line with the Information Technology Act 2000, the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011, and the directions issued by CERT-In. The following measures are implemented to protect the confidentiality, integrity, and availability of the BPR&D website:
Security Infrastructure
Penetration Testing
Simulated penetration tests were conducted before launch, and additional tests were performed post-launch.
Vulnerability Audits
Known application-level vulnerabilities were audited and addressed before launch. Re-audits were conducted after major application modifications.
Access Control
Development & Deployment
All development work occurs in a separate environment. Code is tested on a staging server before being deployed to production via SSH and VPN, through a single point.
Content Moderation
Content contributed remotely is authenticated and undergoes moderation before being published on the production server. All content is checked for malicious content.
Logging & Monitoring
Detailed logs and audits are maintained for system, application, and access activities. Rejected access and exceptions are logged for review.
Maintenance & Patching
The IT team regularly reviews and installs system patches, bug fixes, and upgrades. Help Desk staff ensure the web pages are up and running and monitor for unauthorized changes.
Server Management
Administrator Roles
Designated administrator, Shri Ashok Agrawal (Senior Director NIC), oversees the policy implementation, security audits, and coordination with the Audit Team.
Automated Risk Assessment
The system undergoes automated vulnerability assessments both before and after the launch, with all identified vulnerabilities addressed.
