Additional Privacy Policies
• Copyright policy- Moderate
Material featured on this PCI Web Site may be reproduced free of charge after taking proper permission by sending a mail to us. However, the material has to be reproduced accurately and not to be used in a derogatory manner or in a misleading context. Wherever the material is being published or issued to others, the source must be prominently acknowledged. However, the permission to reproduce this material shall not extend to any material which is identified as being copyright of a third party. Authorization to reproduce such material must be obtained from the departments/copyright holders concerned.
These terms and conditions shall be governed by and construed according to the Indian Laws. Any dispute arising under these terms and conditions shall be subject to the exclusive jurisdiction of the courts of India.
• Links to external websites/portals
At many places in this PCI Website, you shall find links to other Websites/ Portals/Web applications/Mobile apps. These links have been placed for your convenience. PCI is not responsible for the contents of the linked destinations and does not necessarily endorse the views expressed in them. Mere presence of the link or its listing on this PCI Website should not be assumed as endorsement of any kind. We cannot guarantee that these links will work all the time and we have no control over availability of linked destinations.
• Links to PCI Website by other websites
We do not object to you linking directly to the information that is hosted on
this PCI website and no prior permission is required for the same. However, we would like you to inform us about any links provided to
this PCI website so that you can be informed of any changes or updates in that. Also, we do not permit our pages to be loaded into frames on your site. The pages belonging to this PCI website must load into a newly opened browser window of the User.
| Sl. No. | External Links | Owned By |
|---|---|---|
| 1 | digipharmed.pci.gov.in/#/digipharmed | PCI |
| 2 | jobs.pcionline.co.in | PCI |
| 3 | www.india.gov.in | External |
| 4 | www.data.gov.in | External |
| 5 | gem.gov.in | External |
| 6 | pib.gov.in | External |
| 7 | prabhass.gov.in | External |
| 8 | External | |
| 9 | www.digilocker.gov.in | External |
| 10 | www.makeinindia.com | External |
| 11 | www.icsi.edu | External |
| 12 | uidai.gov.in | External |
| 13 | igod.gov.in | External |
| 14 | www.eci.gov.in | External |
| 15 | cpao.nic.in | External |
| 16 | PCI Inspection Mobile Application (Google Play Store) | Mobile App (PCI) |
| 17 | PCI Inspection Mobile Application (Apple App Store) | Mobile App (PCI) |
| 18 | central.pci.ac.in | PCI |
• Policy Statement for 2-tiered CMAP structure (for small websites)
The PCI Website of Pharmacy Council of India under Ministry of Health and Family Welfare represents a single department where most content is contributed by a single set of sources. We hereby adopt a 2-tiered structure to implement CMAP requiring minimum 2 officials to execute the CMAP roles, viz.,
- Contributor
- Moderator/Approver
Sections Contributor Moderator & Approver Home Page PCI IT Department Head Deputy Secretary and Registrar-Cum-Secretary News, Press Releases, Recruitments, Tenders etc. Respective User Department Heads Deputy Secretary and Registrar-Cum-Secretary Who’s Who, Organization Chart, Circular / Notifications Respective User Department Heads Deputy Secretary and Registrar-Cum-Secretary Acts, Documents, Forms, Reports etc. Respective User Department Heads Deputy Secretary and Registrar-Cum-Secretary
The PCI website is the face of the Government disseminating government information and services. This content Review Policy has been formulated to keep the content on the PCI website current and up-to-date. Since the type of the content on the PCI Website varies, different Review timelines are defined for the diverse content elements.
This Review Policy is based on different types of content elements, their validity and relevance as well as the archival policy.
| S. No. | Content Element | Frequency of Review | Reviewer | Approver |
|---|---|---|---|---|
| 1 | About Department / Members / Other Lists | As and when required; immediate for new department created | Respective Designated Responsible Member (DRM) / HoD of the respective group | Deputy Secretary and Registrar-Cum-Secretary |
| 2 | Regulations | Immediate for new regulations created | Respective Designated Responsible Member (DRM) / HoD of the respective group | Deputy Secretary and Registrar-Cum-Secretary |
| 3 | Policies | Immediate for new policies | Respective Designated Responsible Member (DRM) / HoD of the respective group | Deputy Secretary and Registrar-Cum-Secretary |
| 4 | Acts / Rules | Immediate for new acts/rules introduced | Respective Designated Responsible Member (DRM) / HoD of the respective group | Deputy Secretary and Registrar-Cum-Secretary |
| 5 | Circular / Notifications | Immediate for new circulars/notifications | Respective Designated Responsible Member (DRM) / HoD of the respective group | Deputy Secretary and Registrar-Cum-Secretary |
| 6 | Reports | Annually; immediate for new reports | Respective Designated Responsible Member (DRM) / HoD of the respective group | Deputy Secretary and Registrar-Cum-Secretary |
| 7 | Directories / Contact Details | Immediate for new contact details | Respective Designated Responsible Member (DRM) / HoD of the respective group | Deputy Secretary and Registrar-Cum-Secretary |
| 8 | What’s New | Immediate | Respective Designated Responsible Member (DRM) / HoD of the respective group | Deputy Secretary and Registrar-Cum-Secretary |
| 9 | Tenders | Immediate | Respective Designated Responsible Member (DRM) / HoD of the respective group | Deputy Secretary and Registrar-Cum-Secretary |
| 10 | Highlight | Immediate for new circulars/notifications | Respective Designated Responsible Member (DRM) / HoD of the respective group | Deputy Secretary and Registrar-Cum-Secretary |
| 11 | Banners | Immediate for new circulars/notifications | Respective Designated Responsible Member (DRM) / HoD of the respective group | Deputy Secretary and Registrar-Cum-Secretary |
| 12 | Photo Gallery | Immediate | Respective Designated Responsible Member (DRM) / HoD of the respective group | Deputy Secretary and Registrar-Cum-Secretary |
| 13 | Announcement | Immediate | Respective Designated Responsible Member (DRM) / HoD of the respective group | Deputy Secretary and Registrar-Cum-Secretary |
| 14 | Group-wise Contents | Immediate | Respective Designated Responsible Member (DRM) / HoD of the respective group | Deputy Secretary and Registrar-Cum-Secretary |
| 15 | Approved Institutions List | Real-time and immediate for new decisions conveyed by institutions | Respective Designated Responsible Member (DRM) / HoD of the respective group | Deputy Secretary and Registrar-Cum-Secretary |
The S. No. Content Element Entry Policy Exit Policy 1 About Department Whenever the department is realigned or its work distribution changes Perpetual (10 years) since date of entry into archival 2 Programme / Schemes Discontinuation of sanction of programmes/schemes for Central Sector, State Sector, or both Ten (10) years since date of discontinuation 3 Policies Discontinuation of policy by Government (Central/State) Perpetual (10 years) since date of entry into archival 4 Acts / Rules / Regulations Issued through the Gazette or passed by the Central or State Government Not Applicable 5 Circular / Notifications Overruling Office Memorandum or notification issued Ten (10) years since date of discontinuation 6 Documents / Publications / Reports Not Applicable Perpetual (10 years) since date of entry into archival 7 Directories / Contact Details (Centres) Not required Not Applicable 8 Tenders As soon as it loses relevance Ten (10) years since date of discontinuation 9 Banners As soon as it loses relevance Automatically after the expiry of the validity period 10 Photo Gallery As soon as it loses relevance Five (05) years since date of discontinuation 11 Group-wise Contents As soon as it loses relevance Five (05) years since date of discontinuation
a) PCI Website has been placed in protected zones with implementation of firewalls and IDS (Intrusion Detection System) and high availability solutions.
b) Before launch of the PCI website, simulated penetration tests have been conducted. Penetration testing has also been conducted 1 time after the launch of the PCI website.
c) PCI website has been audited for known application-level vulnerabilities before the launch and all the known vulnerability has been addressed.
d) Hardening of servers has been done as per the guideline of Cyber Security division before the launch of the PCI website.
e) Access to web servers hosting the PCI website is restricted both physically and through the network as far as possible.
f) Logs at 2 different locations are maintained for authorized physical access of PCI website servers.
g) Web-servers hosting the PCI website are configured behind IDS, IPS (Intrusion Prevention System) and with system firewalls on them.
h) All the development work is done in a separate development environment and is well tested on the staging server before updating it on the production server.
i) After testing properly on the staging server, the applications are uploaded to the production server using SSH and VPN through a single point.
j) The content contributed by/from remote locations is duly authenticated & is not published on the production server directly. Any content contributed has to go through the moderation process before final publishing to the production server.
k) All contents of the web pages are checked for intentional or unintentional malicious content before final upload to web server pages.
l) Audit and Log of all activities involving the operating system, access to the system, and access to applications are maintained and archived. All rejected accesses and services are logged and listed in exception reports for further scrutiny.
m) Help Desk staff at the PCI IT Team monitor the PCI website at intervals of 1 hour to check the web pages to confirm that the web pages are up and running, that no unauthorized changes have been made, and that no unauthorized links have been established.
n) All newly released system software patches; bug fixes and upgrades are expediently and regularly reviewed and installed on the web server.
o) On Production web servers, Internet browsing, mail and any other desktop applications are disabled. Only server administration related tasks are performed.
• Notice and Disclosures
PCI website will not sell, trade, or disclose the personally identifiable information of its website users to any unauthorized third parties.
• Data Quality and Access
PCI website takes all steps possible to ensure that the data on the website is accurate. While reviewing the website if something is found to be PCI admin department will make every effort to correct said information as quickly as possible. If it is found to be an inaccuracy with the entire system PCI admin department will work swiftly to correct the problem so that your web experience is as trouble- free as possible. Any change to your user account will not be reflected on the website until 1 business day. The information contained on the PCI website is subject to change without prior advance notice.
While using the PCI website certain information such as your IP Address and time spent on pages may be collected. This non- personal information is collected in order to monitor any unauthorized use or access to the PCI website. Anyone caught attempting to harm, steal information from, or otherwise damage the Pharmacy Council of India website will be prosecuted to the full extent of the law.
• Application Security Audit
A python based dJango Framework used with WAGTAIL (CMS) website for displaying the
information dynamically as per the users’ requests. The application has been security audited
for the known application-level vulnerabilities as per Top 10 OWASP and the application
security vulnerabilities have been addressed before the launch of the Portal
The website will be audited by Cert-in empaneled agency periodically. The periodicity shall be one year from the date of issue of certificate or additional changes in the dynamic content carried out whichever is earlier. A periodic check on the requirement of a security certificate is recommended to the web information manager in case there are changes in the functionality or any other environmental changes.
• Server Audit
The Applications and database servers hosting the PCI website and Databases have been security audited. The hardening of the server has been done. The access to the server is restricted both physically and through the network as far as possible. The Logs are being maintained for authorized physical access to PCI Admin The servers have been placed behind the Application firewall in order to make them hidden to the outside public. All the development work is done on separate development environment and well tested on the staging server before updating it on the production server. The PCI website contents on the Nextra Data Centre servers are uploaded using secured SSH and VPN through a single point. The contents are first checked by approval authority before publishing on the website. All contents of the web pages are checked for intentional or unintentional malicious content before final upload of the same on the website. Audit and Log of all activities referring to the operating system, access to the system and access to applications are maintained and archived. All rejected accesses and services are logged and listed in exception reports for further scrutiny. All newly released system software patches, bug fixes and upgrades are deployed regularly and reviewed. The Antivirus has been deployed on the servers and is updated online.
• Data Security
PCI admin takes security very seriously and has therefore taken every precaution to secure our borrowers' information. In order to secure the user’s information, PCI admin has implemented several security measures to prevent loss, theft, or misuse of any borrower data.
• Website Access Right
Whether website is accessible in India only and necessary firewall rule has been applied in the system.
• Website Architecture
The Department provides this website and the information it contains as a public service. This system is monitored to ensure proper operation, to verify the functioning of applicable security features, and for comparable purposes. Anyone using this system expressly consents to such monitoring.
Website is monitored periodically. The parameters like Performance, Functionality, Broken Links and Traffic Analysis are ensured for its optimal performance.
The Feedback mechanism through feedback form made available for taking feedback from the visitors. Also have a mechanism for feedback analysis It will help enhancements of the website as suggested by the visitors.