Security Policy

Website has been placed in protected zones with implementation of firewalls and IDS (Intrusion Detection System) and high availability solutions.

• Website was audited for known application-level vulnerabilities before the launch and all the known vulnerability was addressed.

• All the development works are done on separate development environment and are well tested on staging server before updating it on the production server.

• The content contributed through the content management system is thoroughly authenticated and are not published on the production server directly. Any content contributed has to go through the moderation process to the final publishing to the production server.

• All newly released system software patches; bug fixes and upgrades shall are expediently and regularly reviewed and installed on the web server.

Jamia Millia Islamia, does not automatically capture any specific personal information from users that allows identification individually. Jamia Millia Islamia will not sell, trade, or disclose personally identifiable information of its users to any unauthorized third party, except as required under law or Government policy.

Jamia Millia Islamia, takes every effort to ensure that the information published on the website (https://jmi.ac.in) is accurate and up to date. However, if any error or discrepancy is brought to notice, Jamia Millia Islamia shall make all reasonable efforts to correct the same as quickly as possible.

The information provided on the website is subject to change without prior notice. While every effort is made to keep the website operational and updated, Jamia Millia Islamia shall not be held responsible for any inconvenience caused due to technical issues beyond its control.

While using the website, certain non-personal information such as Internet Protocol (IP) address, browser type, operating system, date and time of access, and pages visited may be collected automatically for statistical analysis, system administration, and security purposes. This information does not identify individual users personally.

The collected information is used only for monitoring unauthorized access, misuse, or damage to the website and for improving the performance and user experience of the website. Any attempt to damage, disrupt, or gain unauthorized access to the website or its contents shall be dealt with strictly in accordance with applicable laws and regulations of the Government of India.

The official website of Jamia Millia Islamia (JMI), i.e., jmi.ac.in, uses a Content Management System (CMS) and related web technologies for publishing and managing dynamic content as per users’ requirements. The website/application has been security audited for known application-level vulnerabilities in accordance with the OWASP Top 10 guidelines, and identified vulnerabilities have been suitably addressed before deployment/public release.

The website shall be periodically audited by a CERT-In empaneled security auditing agency to ensure compliance with prevailing security guidelines and standards issued by the Government of India. The security audit shall be conducted at least once every year or whenever significant changes are made to the application, infrastructure, or dynamic functionality of the website, whichever is earlier

The Web Information Manager (WIM) and concerned technical team shall regularly review the website/application security requirements to ensure continued protection against emerging cyber security threats and vulnerabilities.

The Applications and database servers hosting the Jamia Millia Islamia’s website and Databases have been security audited. The hardening of the server has been done. The access to the server is restricted both physically and through the network as far as possible. The Logs are being maintained for authorized physical access to Jamia Millia Islamia’s website. The servers have been placed behind the Application firewall in order to make them hidden to the outside public.

All the development work is done on separate development environments and well tested on the staging server before updating it on the production server. The Ministry /Department Name website contents on the NIC Data Centre servers are uploaded using secured SSH and VPN through a single point. The contents are first checked by approval authority before publishing on the website.

All contents of the web pages are checked for intentional or unintentional malicious content before final upload of the same on the website. Audit and Log of all activities referring to the operating system, access to the system and access to applications are maintained and archived. All rejected access and services are logged and listed in exception reports for further scrutiny. All newly released system software patches, bug fixes and upgrades are deployed regularly and reviewed. The Antivirus has been deployed on the servers and is updated online.

The servers, applications, and databases hosting the official website of Jamia Millia Islamia (JMI), i.e., jmi.ac.in, are periodically security audited and monitored to ensure the confidentiality, integrity, and availability of the hosted services and information. Appropriate server hardening measures have been implemented in accordance with standard security practices and Government of India guidelines.

Access to the servers is restricted through suitable physical and network security controls, and logs are maintained for authorized physical and logical access to the systems. The production servers are protected through appropriate firewall and security mechanisms to minimize exposure to external threats and unauthorized access.

All development and testing activities are carried out in separate development and staging environments before deployment to the production environment. Website contents and application updates are uploaded through secure mechanisms such as SSH, VPN, or other secure authenticated channels, after proper review and approval by the authorized personnel.

All web content, files, and applications are checked for malicious or unauthorized content prior to publishing on the website. System logs, audit trails, and records related to operating systems, application access, and user activities are maintained and archived for security monitoring and compliance purposes. Unauthorized or rejected access attempts are logged and reviewed regularly for further investigation and corrective action.

Security patches, software updates, bug fixes, and system upgrades are applied periodically to maintain the security posture of the servers and applications. Updated antivirus and endpoint protection mechanisms are deployed on the servers and monitored regularly to safeguard the systems against malware and other cyber threats.

Jamia Millia Islamia takes security very seriously and has therefore taken every precaution to secure our borrowers' information. In order to secure the user’s information, Jamia Millia Islamis has implemented several security measures to prevent loss, theft, or misuse of any borrower data.

Jamia Millia takes information security seriously and has implemented appropriate security measures to safeguard the information available on the website and related web applications. Suitable administrative, technical, and security controls have been implemented to protect user information against unauthorized access, alteration, disclosure, loss, misuse, or destruction. Reasonable efforts are made to ensure the confidentiality, integrity, and availability of the data hosted on the website and associated systems.

Security mechanisms such as access control, secure authentication, monitoring, regular security reviews, and system updates are adopted to maintain a secure web environment and to protect the website and user information from cyber threats and unauthorized activities.

The official website of Jamia Millia Islamia (JMI), i.e., jmi.ac.in, is intended to be accessible to users in India as well as international users for academic, administrative, and informational purposes. Appropriate firewall configurations, network security controls, and access restrictions have been implemented to secure the website infrastructure against unauthorized access, malicious activities, and cyber threats.

The Web Information Manager (WIM) and System Administrators periodically review website access policies, traffic patterns, and security requirements to ensure secure and uninterrupted access to legitimate users. Based on security assessments, threat intelligence, and operational requirements, necessary firewall rules, IP restrictions, geo-blocking measures, or other security controls may be implemented or updated from time to time to mitigate cyber-attacks and safeguard the website and its services.

• Website infrastructure is protected using firewalls, intrusion detection systems (IDS), and continuous security monitoring.
• Regular application security audits are performed according to OWASP security guidelines.
• Development, staging, and production environments are maintained separately before deployment.
• CMS content follows an approval and moderation process before publication on the production server.
• Server hardening, security patches, software updates, antivirus protection, and system monitoring are performed regularly.
• Administrative access is controlled using secure authentication methods, including secure channels such as SSH/VPN.