Standard 7. HEALTH AND SAFETY
INFORMATION TECHNOLOGY POLICY
ADUC ensures the appropriate authenticity and integrity of its data in its domain and ownership, related to all the stakeholders.
Each Faculty, Staff, and Student are assigned individual Login IDs for the IT and support services. Accordingly, access to the services is provided through EIAS (Electronic Intelligent Academic System) as the ERP software and Content Management System.
The EIAS consist of all the academic and personal data of Faculty, Student, and Staff. The data entered in the system is done by the owner of data through their Login IDs as follows:
Student Personal records
Student Academic records
Faculty as per course allocation
Faculty Personal and Professional records
Head, Human Resource
Dir. Admin. & Finance
Institutional Manuals and Catalogues
Director, Institutional Effectiveness
ADUC Practice three levels of Data Security.
To have a replica of the entire data from EIAS in encrypted form. The backup of entire data from EIAS is taken fortnightly in the ADUC Institutional Google Drive (Cloud backup).
In case of any change or modification of data, a log is maintained by the IT department for each transaction. Any such transaction needs authorization as per the following:
Vice President for Academic Affairs in case of Student records,
Dir. Admin & Finance in case of Faculty and Financial records
President in case of Institutional Manuals and Catalogues.
Each student’s academic record is printed physically and stored in the Records room on a semester basis. At the end of each academic year, an audit is conducted by the IE office to ensure data integrity and security.
At ADUC, IT services are provided through a Gigabit Ethernet with OFC Backbone and Wi-Fi coverage across all the floors. That includes the Computer Labs, Apple Macintosh Lab, Engineering Labs, Language Lab, Multimedia Room, and TV Studio.
Internet with a speed of 500 Mbps is available in all the classrooms, computer labs, library, and faculty/staff offices.
Classrooms and laboratories are equipped with Smart Interactive Boards, Multimedia Projectors, and broadband Internet access.
More than 250 Computers, Desktop PCs, Notebooks, and Apple iMacs have the latest Intel Core i7 and Core i5 processors.
EIAS is hosted on a rented dedicated server.
HP ProLiant servers for Active Directory and central file sharing, power backed up by APC Smart-ups.
12TB + 8TB Network storage for Data Backup.
ALDAR University College has 12 different labs (Computer, Engineering, Cisco, Multimedia and TV studio)
15 Core i7 HP Desktop computers are installed in the library with internet and printing facility for students.
OFC backbone Gigabit network, based on structured cabling.
The Network is being managed by Cisco Catalyst 3850 Layer 3 and Cisco Catalyst 2960 Switches, and Fortinet Fortiguard 200D firewall.
Provides both wired and wireless access across the entire campus.
Every Faculty and staff member is assigned a computer for official use.
Active Directory is implemented in ADUC, and every Faculty, staff member, and student has an account to access the ADUC network.
Printing services for Staff and Faculty are provided on their office floors, while students can print from the library using their PIN codes. The cashier is issuing this after paying a certain amount.
Computer Hardware Replacement/upgrade Plan
Considerations for replacing/upgrading academic computers will include the following:
The capability to run all software applications currently being taught in the classroom or laboratory.
The capability to run any new software applications that may be taught during the upcoming academic year.
The age of the computer (e.g. 3-5 years).
After considering above points School Deans recommend replacement/upgrade of the computers in use.
Faculty and staff who requires the most current computers i.e.; teaching computing or technology intensive classes and research personnel will have their Computers replaced every two/three years.
Computers of other staff will be replaced every three/five years.
Software Upgrade/Replacement Plan
IT department is committed to use latest software in ADUC.
Updates of O/S and applications are done during maintenance of the computers.
Critical updates released by the vendors are updated within a week after their release.
Operating systems of lab computers is upgraded to the new version after confirmation that all applications in use are is stable working condition.
Applications upgrade are done upon release of new version.
If there is requirement of previous version of any application for some computers, then no upgrade will be done.
Antivirus and Firewall updates are done automatically on daily basis and confirmed during computer maintenance.
Having a subscription of Microsoft Volume License ADUC has access to all existing and new releases of Microsoft products in use.
Subscription renewal of other software is also done on yearly basis i.e. Adobe, Fortinet, Eset.
Open Source software i.e.; Moodle, Xampp are upgraded after confirmation of stable working of the new releases and all required features.
Appropriate Use of Technology Resources
On-Campus Central Storage and Active Directory
The IT department uses Active Directory to manage the Faculty, Staff, and student logins. Every staff/faculty and a student has a username to access the ADUC network. Several Group policies control access to different devices/objects.
For the security and integrity of Faculty, students, and staff data, a Central File Server is installed. Simultaneously, the file server’s automatic back-up is taken daily on a Network Attached Storage.
Google Workspace for Education
ADUC is subscribed to Google Workspace for education. The main applications in use are
Microsoft Volume Licensing
ADUC is subscribed for Microsoft Volume licensing for significant applications in use.
Resource Mate library software is available in the library as well as on the student portal. By this, students can search books from the library even if they are not on campus.
IT staff help faculty with more advanced needs, such as incorporating digital learning and streaming media, webcasting, or PowerPoint Web lectures into their course materials.
Technology Workshops for Faculty and Students
To train Faculty and Students for different IT tools, “Technology Workshops” are delivered to efficiently use these tools in their teaching/research work and studies, i.e., Google Classroom, EIAS.
Orientation for Students
At the start of every semester, an Orientation session about IT services is delivered to all the students to use IT services to benefit their studies effectively.
Different Self Study Guidelines/Videos are available on the LMS site about IT services and other commonly used tools.
Software Systems in use
ADUC IT team has developed an ERP system and providing regular updates and Support. ERP has the following modules
EIAS (Electronic Intelligent Academic Solution)
EIAS is an Academic Smart ERP Software that allows ADUC to facilitate all the Academic procedures and increase teamwork Activities by integrating all the departments Such as Accounting, Registration, Admission in one framework.
EIAS is an executive module for managing the entire data related to students, admission, registration, courses, attendance, assessments, scheduling, student marks, certificates, statistics, etc. The admin staff can access the system based on the roles and permissions allotted to them in the system.
The Accounting Module has student fees management system and payroll management. Students and ADUC invoices and receipts can be synced across the software.
Its main features are created invoices, add receipts, add fee concession/scholarship, Ledger, journal, payments, payroll management.
It gives the flexibility to print invoices and receipts directly from the system with customizable headers and footers.
With the HR Module, all ADUC faculty & staff information will be organized along with their details. This module will maintain proper records of details, attendance, leaves, pay slip, salary register, contracts.
Its most essential features are managing employee leaves, correspondence letters, Document expiry report, employee attendance report.
CRM module used in the Department of Training and Consultation Centre. CRM module follows the procedures right from query to registration. This module tracks complete student’s details by phone, e-mail, walk-ins and provides proper follow-up to all inquiries. Moreover, users can track all types of communication correspondence status and the success rate of inquiries. Its quick response to dealing inquiries ensures the growth of the institution. The salesmen can prepare quotations and register the clients to the desired courses. It also helps the admin staff manage student records, attendance, courses, salespeople, sales details.
Through the portal, a student can register online for his courses; simultaneously, the student will have access to his timetable, grades, academic adviser, academic records, fee details, Study plans, and digital library.
They have access to their schedules, student advising, student attendance, students’ marks sheet, exam schedule, and digital library.
Equipment and Software Technical Support
The purpose of this document is to outline the security procedures that are enforced within ALDAR University College. The procedures stated here apply to all employees of ADUC. There will be no exceptions made to this policy under any circumstances. Access will be blocked if any employee is found violating this policy.
User Identification and Passwords
Each user is allocated an individual user name and password. Logon passwords must not be written down or disclosed to another individual. The owner of a particular user name will be held responsible for all actions performed using his user name.
Staff must notify the IT Help Desk when moving to a new position or location; this ensures that the necessary setups to provide fast access to the mail and file servers can be put in place.
Management must notify IT of staff changes that might affect security.
All user accounts have the following password settings:
Minimum password length of 7 characters.
A combination of alpha, numeric and special characters should be used.
Users are forced to change their passwords every 40 days.
Users cannot repeat passwords.
Accounts are locked after Five incorrect login attempts.
OTP privacy for first-time use on any PC.
All Systems/Servers’ passwords must be changed after every three months or when an IT employee leaves ADUC.
Passwords must not be easily guessed (i.e., Names, months of the year, days of the week, usernames, etc. must not be used as passwords).
Protection from Malicious Software and Intrusions.
Malicious software, or “malware”, comes in many forms – viruses, worms, Trojan horses, denial of service attacks, botnets, spyware, adware, spam relays, etc. All pose a security risk, some of which are a severe threat to the confidentiality, integrity, or availability of information and technology resources. Appropriate precautions must be taken to protect systems and information from compromised by malware. To that end, the IT department may require installing essential security software on computers connected to the campus network.
The following sections define specific requirements for antivirus, spyware/adware. Assuring the validity of malware protection software is the responsibility of each user and IT Helpdesk.
All computers accessing ADUC network or information technology resources must be running active, up-to-date virus protection software.
Antivirus software must be activated when the computer boots up and remain active at all times during its operation.
Real-time file scanning must be enabled where files are scanned for malicious anomalies before they are written to the hard drive.
Virus definition files must be up-to-date with the most current version available from the vendor.
Checking for and installing updates to virus definition files and antivirus software must be automated and performed daily.
Comprehensive virus scans of all local hard drives must be performed at least weekly.
All systems connected to the ADUC network and the applications and databases running on those systems must have the latest security patches available from the respective vendors applied.
Access to Electronic Data
All information held on the networks, including e-mail, file systems, and databases, are ADUC’s property.
Employee official data can be processed upon the consent of the person concerned. Declarations of consent must be submitted voluntarily. Involuntary consent is void. The declaration of consent must be obtained in writing or electronically for documentation. In certain circumstances, consent may be given verbally, in which case it must be properly documented.
Requests to access the computer account of a member of staff who is absent from the office must be directed to the IT Help Desk in writing by the “Relevant Manager”. The access is given effect by changing the user’s password and allowing the “Relevant Manager” or a colleague to access the account directly. Where this access is granted, it must be used for inquiry purposes only.
Staff must not issue any information to third parties unless they have the authorization to do so.
Users are only permitted to access electronic information and data that they require to perform their duties.
If confidential information is lost, either through loss/damage of a computer, back-up media, or other security breaches, the IT Help Desk resource must be notified immediately.
All computers must be switched off at the end of the day. This action erases residual information in the computer’s memory and helps stop the spreading of overnight malware/spyware software installations.
Third-Party Access can be defined as “The granting of access to ADUC IT resources or data to an individual who is not an employee of The ALDAR University College.”
Examples of third parties include:
A software vendor who is providing technical support.
Contractor or consultant.
Further requirements for granting Third Party Access are:
Risk analysis process.
Approval by Data Owner.
Approved by the Head of IT.
Third-party access will only be permitted to facilities and data required to perform specific agreed tasks as identified.
Third-party access will be audited randomly for security violations, improper use, and assessment of need.
IT Employee Screening
All employees will be screened via a criminal background check by a third-party entity in addition to standard HR screening procedures (i.e., employment verification, credit reference, etc.).
A Biometric System monitors server room access. Moreover, only authorized staff has server room access.
Physical access to servers in the data center will be restricted to Systems administrators only.
The Data Center will be monitored daily.
Network wiring and equipment – Network wiring and equipment rooms and cabinets must be locked when unattended, with access limited to authorized personnel (typically network support staff) and visitors escorted by saying authorized personnel. Other network cabling and devices should likewise be physically secured where feasible. Core network facilities should have the date and time of entry and departure recorded.
All office doors should remain locked after working hours or when offices are unattended for a prolonged period.
Mobile storage devices – Mobile storage devices should be stored securely when unattended—storage in a locked cabinet or closet, storage in a locked private office. Encrypting data stored on mobile devices, such as whole disk encryption on laptop computers, likewise reduces the risk of a breach of ADUC Data resulting from theft, loss, or unauthorized access. When traveling with mobile storage devices or using them in public places, appropriate security precautions should be taken to prevent loss, theft, damage, or unauthorized access.
Usernames and Passwords
Usernames and passwords are for individual use only and must not normally be disclosed to third parties, whether within or outside ADUC.
Any user knowing or believing that they have disclosed their account details, or who knows or
Suspects that their e-mail account has been compromised must contact the IT Helpdesk immediately to outline the situation.
Where a person has left employment with ADUC, that person’s line manager shall send a written request to the IT Help Desk to be granted access to that person’s mailbox.
Confidentiality and Privacy
E-mail, social network sites, and other forms of electronic communication are considered inherently insecure communication methods. There is no guarantee that the recipient of a message is genuine, nor is there any guarantee that a message’s sender is genuine. IT department advises that data classified as Confidential should not normally be sent by e-mail unless additional measures are taken (such as sending the data to be transmitted in an encrypted attachment)
Once a message has been “SENT”, recipients may intentionally or accidentally forward the message to other individuals; therefore, users of electronic messaging should not expect that any electronic message will remain private.
Appropriate Use of Email Systems
The use of ADUC provided e-mail or any other electronic messaging system provided by or used on behalf of ALDAR University College is subject to all relevant laws, policies, codes of practice, and guidelines.
ADUC e-mail is provided for conducting the business. While individuals may use their personal accounts for personal communication, the account remains the property of ADUC, and any communication using it should not be considered private. The ADUC e-mail is subject to the Monitoring and Logging Policy.
Users by e-mail or other third party supplied electronically messaging used on behalf of ALDAR University College must not send messages or message content that may harass or offend (including racist, sexist, defamatory, or obscene material).
Staff mailboxes will be disabled at the time of termination of the staff member’s employment.
Students’ mailboxes will be terminated at the end of their program or cancellation from ADUC.
IT Support Policy
Purpose and Scope
ADUC IT provides computer and information systems support for all ADUC Faculty, staff, and students. The IT support policy aims to describe the basic level of service that will be ensured, the limits of the IT Support capabilities, and what will be supported or not supported.
“IT Support” is defined as any queries made by Faculty, staff, or students to the IT Support regarding any failures, problems, and other matters relating to the operation of computer labs, library, classrooms, and faculty/staff office computers/workstations, servers, software, telephony, printers, and other IT-related equipment.
Support is provided for all software packages and operating systems in use at
ADUC EIAS System (Admission, CRM, HR, Accounting, Online portals)
Multimedia and engineering labs
Personal installed or unlicensed software on official computers, including screensavers, games, and obsolete applications, will not be supported. Installation of unauthorized software is a violation of the ADUC policy.
Support is provided for all hardware and devices, including all parts of the PC. Hardware faults will be diagnosed accordingly. The IT Support will attempt to fix hardware defects to the best of its ability but may need to send equipment for repair to the vendor. In such a case, a replacement will be provided to the user, if possible.
IT Support can be reached via e-mail firstname.lastname@example.org, or telephone 333 from 8:00 am to 10:00 pm throughout the week. After receiving the call, the complaint will be logged in the “Service Request System” and handled by the concerned staff.
After resolution, the technician gives the feedback, and the supervisor will close the complaint.
The target resolution time for the problem is 1 hour from the time the problem is registered. Depending on the nature of some of the problems received, some requests may take longer to process.
Each complaint will be logged based on the below-ranking criteria. Emergency calls shall be given first response, even if work has begun on the other call.
Users cannot work due to a partial or complete network outage.
Unavailability of any application due to Server problem.
Classroom computers problem
Lab computers problem
Network connectivity is slow or unresponsive
All other complaints will be considered normal.
ALDAR University College will use Zoom Video Meetings for online classes.
Zoom Meetings are scheduled for all the sections and published in the EIAS system.
Instructors can see Zoom meeting links in the instructor dashboard on the attendance page of each section. They will be redirected to the meeting when they will click the meeting link.
Waiting rooms will be enabled in all the meetings to verify the student before the instructor admits him in the class.
Students will use their “Student ID + Name” as a participant name to enter the zoom class.
All Meetings will be password protected.
Students can see zoom meetings links in their portal in “My course schedule” to join the class; they have to click the meeting link.
Zoom classes are recorded and shared with students on the request.
Google Meet will be used as a back-up meeting option if zoom malfunctioning, and students will be informed/invited through their e-mails.
Google Classroom will be used for Content Management
Google Forms will be used for assessment.
Turnitin and Autoproctor will be used for the integrity and authenticity of assessments.
IT Support Plan for E-Learning
IT Support is available from 8:00 am to 10:00 pm on all days of the week.
Send an e-mail for any technical/IT issue to email@example.com, and the issue will be addressed in 30 minutes.
In case of any Urgent issue, Students, Faculty, and Staff can contact IT on the following phone and WhatsApp, and the issue will be addressed immediately.
Full Contact Numbers of the IT Support team as per the duty hours are detailed in the ADUC IT Manual.
IT staff will guide you for the solution on the phone, share screenshots/information via WhatsApp and e-mail, and try to solve your issue.
If IT staff needs remote access to your computer/Laptop, you will be requested to provide the access through TeamViewer or any desk, and IT staff will troubleshoot and fix your issue.
E-mail and Portal password requests will be addressed in 30 minutes.
Complaints received from website chat, and WhatsApp will be forwarded to IT and IT staff to address the issue.
Zoom classes/meetings are monitored in real-time through Zoom Dashboard, and in case of any issue, IT will fix it immediately.
Zoom meeting logs are analyzed daily to verify the meeting integrity.
e-Learning Infrastructure Upgrade Plan
ADUC IT department is committed to using the best available infrastructure for its online and campus classes.
To make students more active in online classes, ADUC IT has the following plan
Students’ attendance will be imported directly from zoom logs.
Zoom meetings are already integrated into the student portal. Google e-mail and Classroom will be integrated into the student portal.
One blended learning classroom has been prepared using state-of-the-art Audio/Video technology for video conferencing and a Digital board for instructor use.
Motion following video camera for instructor and the students are installed. Participation in any activity/discussion by the class students’ one centralized microphone & speaker is also installed.
Ten more blended learning classrooms with centralized audio/video and digital boards will be prepared.
To make online lectures more interesting, an online content developer and designer are hired.
Purpose and Scope
The purpose of this policy is as follows
To safeguard the information assets of ALDAR University College.
To prevent data loss in the case of accidental deletion or corruption of data, system failure, or disaster.
To permit timely restoration of information, an academic database, students’ records, and business processes should such events occur.
To manage and secure back-up and restoration processes and the media employed in the process.
This policy applies to all servers/online data in the Information Technology (IT).
Back-up retention periods are in contrast to retention periods defined by legal or business requirements.
System back-ups are not meant for the following purposes:
Archiving data for future reference.
Maintaining a versioned history of data
Systems will be backed up according to the schedule below
Online Classes recordings and logs will be backed up daily on Google Cloud.
Active Directory, EIAS, Accounting, and HR systems database.
A full back-up on the server will be taken daily.
Moodle Courses back-up will be taken on every Saturday.
Library System database full back-up will be taken on every Saturday.
Centralized File server full back-up will be taken on daily.
Network-attached storage full back-up will be taken on the 3rd of every month on an external hard disk.
Back-up stored period as described below:
Online class recordings will not be deleted periodically.
Daily back-up will be deleted after every 15 days
Weekly back-up will be deleted after every four weeks
Monthly back-up will be deleted after one year
Back-up drive stored as described below:
Daily back-up will be stored on a Network Storage and Google drive.
Back-up from Network-attached storage will be deleted bi-weekly.
Back-ups will be verified periodically.
Daily, logged information generated from each back-up job will be reviewed for the following purposes:
To check for and correct errors.
To monitor the duration of the back-up job.
To check the size of the back-up.
IT will identify problems and take corrective action to reduce any risks associated with failed back-ups.
Random test restores will be done once a week to verify that back-ups have been successful
In the event of a catastrophic system failure, off-site backed-up data will be made available to users within two working days if the destroyed equipment has been replaced by that time.
In the event of a non-catastrophic system failure or user error, on-site backed-up data will be made available to users within one working day.