28 Security of Records Maintained in Electronic Form

28 Security of Records Maintained in Electronic Form

(1) The Managing Director, Company Secretary or any other director or officer of the company as the Board may decide shall be responsible for the maintenance and security of electronic records.

(2) The person who is responsible for the maintenance and security of electronic records shall-

(a) provide adequate protection against unauthorized access, alteration or tampering of records;

(b) ensure against loss of the records as a result of damage to, or failure of the media on which the records are maintained;

(c) ensure that the signatory of electronic records does not repudiate the signed record as not genuine;

(d) ensure that computer systems, software and hardware are adequately secured and validated to ensure their accuracy, reliability and consistent intended performance;

(e) ensure that the computer systems can discern invalid and altered records;

(f) ensure that records are accurate, accessible, and capable of being reproduced for reference later;

(g) ensure that the records are at all times capable of being retrieved to a readable and printable form;

(h) ensure that records are kept in a non-rewriteable and non-erasable format like pdf. version or some other version which cannot be altered or tampered;

(i) ensure that at least one backup, taken at a periodicity of not exceeding one day, are kept of the updated records kept in electronic form, every backup is authenticated and dated and such backups shall be securely kept at such places as may be decided by the Board;

(j) limit the access to the records to the managing director, company secretary or any other director or officer or persons performing work of the company as may be authorized by the Board in this behalf;

(k) ensure that any reproduction of non-electronic original records in electronic form is complete, authentic, true and legible when retrieved;

(l) arrange and index the records in a way that permits easy location, access and retrieval of any particular record; and

(m) take necessary steps to ensure security, integrity and confidentiality of records.