Security Policy

CSIR Employee Portal

System Security Measures
Comprehensive security protocols protecting your employee data and portal access

Data Encryption

All data transmitted between your browser and our servers is encrypted using industry-standard TLS/SSL protocols. Your personal information, leave requests, and skeletal staff data are encrypted both in transit and at rest to ensure maximum protection.

Secure Authentication

The Employee Portal employs secure two-factor authentication through email and SMS verification codes. Your Staff ID and Surname are verified through secure channels before granting access. All authentication attempts are logged and monitored for suspicious activity.

Regular Security Audits

Our system undergoes regular security assessments, vulnerability scans, and penetration testing to identify and address potential security weaknesses proactively. Security updates are applied promptly to protect against emerging threats.

Access Control and Account Security
How your account and data are protected

Employee Verification

Access to the Employee Portal is restricted to verified CSIR employees. Your Staff ID and Surname are verified against our employee database before account activation. HR approval may be required for new employee registrations.

Session Management

User sessions are automatically terminated after periods of inactivity to prevent unauthorized access. You will be required to re-authenticate when accessing sensitive functions such as submitting leave requests or skeletal staff applications.

Activity Monitoring

All access to your employee data, leave requests, and skeletal staff submissions is logged and monitored. Unusual access patterns or unauthorized access attempts trigger immediate alerts to system administrators.

Your Responsibilities
Your role in maintaining account and data security

Account Security

  • Never share your Staff ID or Surname with unauthorized persons
  • Do not share verification codes sent to your email or phone with anyone
  • Keep your contact information (email and phone) up to date for security notifications
  • Report any suspicious activity or unauthorized access immediately
  • Log out of the portal when finished, especially on shared or public computers

Data Handling

All data accessed through the Employee Portal, including leave requests, skeletal staff information, and personal details, must be handled in accordance with CSIR policies and applicable regulations. Do not share sensitive employee information with unauthorized parties.

Secure Practices

  • Use secure networks when accessing the portal (avoid public Wi-Fi when possible)
  • Do not leave your computer unattended while logged into the portal
  • Ensure your email and phone accounts used for verification are secured
  • Report lost or stolen devices that may have access to your portal immediately
Incident Reporting
How to report security incidents or concerns

If you discover a security vulnerability, suspect unauthorized access to your account, notice suspicious activity in your leave requests or skeletal staff submissions, or experience any security-related issue, please report it immediately to the system administrators.

Contact Information:

Email: info@csirstrategicplan.org

When reporting incidents, please include: your Staff ID, description of the issue, time and date of occurrence, affected functions (leave requests, skeletal staff, etc.), and any relevant screenshots or error messages.

Policy Updates
Keeping our security policy current

This security policy is reviewed and updated regularly to reflect changes in technology, threats, and organizational requirements. Users will be notified of significant policy changes through the portal or via email. The last update date is displayed below.

Last Updated: February 18, 2026