Uploaded by A.wilwin joseph

AIMS UNIT - 5

advertisement
UNIT – 5
Cryptography
Claude E. Shannon is considered by many to be the father of mathematical cryptography.
Shannon worked for several years at Bell Labs, and during his time there, he produced an
article entitled "A mathematical theory of cryptography".
Cryptography refers to secure information and communication techniques derived from
mathematical concepts and a set of rule-based calculations called algorithms, to transform
messages in ways that are hard to decipher.
Cryptography can be broken down into three different types:



Secret Key Cryptography.
Public Key Cryptography.
Hash Functions.
Secret-key cryptography is also called symmetric cryptography because the same key is used
to both encrypt and decrypt the data. Well-known secret-key cryptographic algorithms
include Advanced Encryption Standard (AES),
Public key cryptography involves a pair of keys known as a public key and a private key (a
public key pair), which are associated with an entity that needs to authenticate its identity
electronically or to sign or encrypt data. Each public key is published and the corresponding
private key is kept secret.
A cryptographic hash function is a mathematical function used in cryptography. Typical
hash functions take inputs of variable lengths to return outputs of a fixed length. A
cryptographic hash function combines the message-passing capabilities of hash functions
with security properties.
Cryptography is used in many applications like
Banking transactions cards
Computer passwords
E- commerce transactions
Cryptography in Everyday Life






Authentication/Digital Signatures. Authentication and digital signatures are a very important
application of public-key cryptography.
Time Stamping.
Electronic Money.
Secure Network Communications.
Anonymous Remailers.
Disk Encryption.
What type of math is used in cryptography?
Analytical Skills Cryptography professionals need to have a strong understanding of
mathematical principles, such as linear algebra, number theory, and combinatorics.
Professionals apply these principles when they are designing and deciphering strong
encryption systems.
There are five pillars of cryptology:





Confidentiality: keep communication private.
Integrity: detect unauthorized alteration to communication.
Authentication: confirm identity of sender.
Authorization: establish level of access for trusted parties.
Non-repudiation: prove that communication was received.
THE BENEFITS OF CRYPTOGRAPHY
The techniques that cryptographers utilize can ensure the confidential transfer of private
data. Techniques relating to digital signatures can prevent imposters from intercepting
corporate data, while companies can use hash function techniques to maintain the integrity of
data.
A cryptographic algorithm is the mathematical equation used to scramble the plain text and
make it unreadable. They are used for data encryption, authentication and digital signatures.
Common Encryption Algorithms
1. Triple DES
Triple DES was designed to replace the original Data Encryption Standard (DES) algorithm,
which hackers eventually learned to defeat with relative ease. At one time, Triple DES was
the recommended standard and the most widely used symmetric algorithm in the industry.
Triple DES uses three individual keys with 56 bits each. The total key length adds up to 168
bits, but experts would argue that 112-bits in key strength is more accurate. Despite slowly
being phased out, Triple DES has, for the most part, been replaced by the Advanced
Encryption Standard (AES).
2. AES
The Advanced Encryption Standard (AES) is the algorithm trusted as the standard by the U.S.
Government and numerous organizations. Although it is highly efficient in 128-bit form,
AES also uses keys of 192 and 256 bits for heavy-duty encryption purposes.
AES is largely considered impervious to all attacks, except for brute force, which attempts to
decipher messages using all possible combinations in the 128, 192, or 256-bit cipher.
3. RSA Security
RSA is a public-key encryption algorithm and the standard for encrypting data sent over the
internet. It also happens to be one of the methods used in PGP and GPG programs. Unlike
Triple DES, RSA is considered an asymmetric algorithm due to its use of a pair of keys.
You've got your public key to encrypt the message and a private key to decrypt it. The result
of RSA encryption is a huge batch of mumbo jumbo that takes attackers a lot of time and
processing power to break.
4. Blowfish
Blowfish is yet another algorithm designed to replace DES. This symmetric cipher splits
messages into blocks of 64 bits and encrypts them individually. Blowfish is known for its
tremendous speed and overall effectiveness. Meanwhile, vendors have taken full advantage
of its free availability in the public domain. You'll find Blowfish in software categories
ranging from e-commerce platforms for securing payments to password management tools,
where it protects passwords. It's one of the more flexible encryption methods available.
5. Twofish
Computer security expert Bruce Schneier is the mastermind behind Blowfish and its
successor Twofish. Keys used in this algorithm may be up to 256 bits in length, and as a
symmetric technique, you only need one key. Twofish is one of the fastest of its kind and
ideal for use in hardware and software environments. Like Blowfish, Twofish is freely
available to anyone who wants to use it.
What Is ServiceNow? – A Cloud Solution For Your Enterprise
The IT sector today aims to achieve optimal efficiency. However, this is not an easy task as
they face many roadblocks on the way. Legacy systems are still in use, which can slow them
down considerably. In this what is ServiceNow blog, I’ll be going into how ServiceNow
came into existence in the ITSM sector, as well as how it’s grown to become a fullfledged enterprise cloud solution.
We will discuss the following topics:





Why ServiceNow?
What Is ServiceNow?
ServiceNow Architecture
ServiceNow Applications
Creating A Personal Developer Instance
What is the use of ServiceNow? (Why ServiceNow?)
ServiceNow is a ticketing tool that processes and catalogs customer service requests. You can
raise requests that deal with incidents, changes, problems, and other services using tools like
ServiceNow.
ServiceNow had its roots set in ITSM since 2012. However, with changing technology and
the advent of cloud, it created its niche as a cross-departmental platform which functions as
an enterprise cloud solution which is built on top of all other applications. Its ability to
create workflows which automate the process of data extraction makes it a unique offering in
today’s cloud space.
ServiceNow has a raving customer base which returns to its platform each year. Let’s now
look at the different cloud deployment models and where ServiceNow fits in.
IaaS(Infrastructure as a service)


In short, IaaS gives you a server in the cloud(virtual machine) that you have complete
control over.
In Iaas, you are responsible for managing everything from the Operating System on
up to the application you are running.
PaaS(Platform as a Service)



With PaaS, you have a combination of flexibility and simplicity.
Flexible because it can be tailored to the application’s needs.
Simple as no need of OS maintenance, versions, patches.
SaaS(Software as a Service)



A software distribution model in which a third-party provider hosts applications.
Instead of installing and maintaining software, you simply access it via the Internet.
Automatic updates reduce the burden on in-house IT staff.
Where does Service Now fit in? Is ServiceNow a SaaS?
ServiceNow which started off on a SaaS model catering to ITSM, has also ventured into PaaS
cloud model, in which the entire organization’s business processes can be managed by a
single system of record. ServiceNow provides the infrastructure needed to perform data
collection, storage, as well as application development all on a single platform. Although
ServiceNow does not provide an in-house Iaas deployment model it does support integration
to Microsoft Azure which is an IaaS model.
It offers configuration management database (CMDB) along with service mapping which
powers service-aware applications. Service mapping shows the dependencies amongst the
organization’s assets. This leads to much-needed visibility into the business environment.
Great, now let us try to address the most essential question of this blog, what is ServiceNow?
What Is ServiceNow?
ServiceNow was founded in 2004 and stepped foot in the ITSM (Information Technology
Service Management) field and provided competition to established players like IBM
and HP. Today it is not just limited to ITSM, even though it still forms a major part of its
revenue. Now, it is has diversified into 5 major services which include IT, Security, HR
Service Delivery, Customer Service and Business Applications. ServiceNow is an
integrated cloud solution which combines all these services in a single system of record.
ServiceNow’s Vice President Dominic Phillips, in one of his keynotes, pointed out that while
we are witnessing so much “disruption” in the consumer sector, there is a lack of efficiency
in internal business workflows inside organizations.
In today’s digital era, the ease of access that Uber and Airbnb provide while booking a cab or
reserving a table is the kind of experience ServiceNow wants to provide to its customers
within the enterprise.
Let us now move forward to understand how ServiceNow works by looking at its
architecture.
ServiceNow Architecture
The majority of cloud service offerings today, run on the age-old Multi-tenant architecture
like AWS, Azure, Salesforce, Oracle, etc. The Multi-tenant architecture creates a
single instance which serves multiple customers. This usually deals with complex databases
which demand frequent maintenance, often leading to unavailability of resources to
customers. This is why ServiceNow has adopted a Multi-instance architecture.
Multi-instance architecture: A unique instance is created for each employee which
maintains a separate resource stack. This gives us the freedom to deal with each user’s
specific needs, enabling us to deal on a customer-customer basis. E.g. customer upgrades
can be deployed with respect to compliance requirements as well as the enterprise’s current
needs.
In our diagram shown below, 3 customers have unique instances each with an isolated pool of
resources. What this means is, while the hardware is shared, the software: Application,
Middleware and Database are all separately maintained. Data Isolation is a huge advantage.
This is why the performance of one customer is not influenced by another customers
instance. Neat, isn’t it?
IT Service Desk
A report found that 15 hrs out of 45 hrs in a work week are spent doing non-work related
tasks. It was identified that this is due to the outdated ITSM software in use.
In ServiceNow, employees are provided with a self-service portal where they can avail IT
Services by messaging the concerned department staff. ServiceNow was able to bring the
ease of use of social media apps to the ITSM sector which was still lagging behind with
legacy systems.
With ConnectChat, the staff can reply in real time. This can be seen as an improvement over
the traditional mailing system where messages had to be sent back and forth. This supports
the sharing of files across departments. An employee can attach incident files as part of the
conversation enabling technicians who can then directly look up the incident records and
service the request. If a user is unsure which technician is on duty he can create a group with
all technicians as members. Visual taskboards allow you to assign tasks to different
departments with just a drag and drop gesture.
Resolving Security Threats
In spite of having a sophisticated security management mechanism in place for threat
detection, when there is a security breach, most companies face an uphill task of resolving the
problem.
ServiceNow uses structured workflows which helps prioritize risks based on their severity
and their impact on the organization.
Threat research would normally take up to 45 minutes using spreadsheets and manual
processing.
However, automated tools provide this information inside the platform which reduces the
time involved to under 20 seconds.
HR Service Delivery
Ever wondered how HR spends most of its time doing repetitive tasks like employee
onboarding when they should actually be focusing on strategic tasks instead?
ServiceNow wants to do away with all that manual processing. These tasks span across
different departments like IT, Facilities, Legal and Finance. ServiceNow’s single platform
can be used to connect HR workflows with all these departments. Decision making is made
easy with its tracking and trending tools. HR is now powered with consumerlike customizable forms to deliver satisfactory service to employees.
Customer Service
The need of the hour is to provide uninterrupted quality service yet keeping the cost
constraint in mind. ServiceNow is transforming Customer Service into a Team Sport.
Unlike CRM(Customer Relationship Management) which is limited to customer engagement,
ServiceNow Customer Service Management (CSM) operates by Connecting the right people,
systems and workflows.
Customer Service is not limited to just resolving customer tickets. Whenever a customer is
facing an issue, we need to find its root cause. This will reduce case(tickets) volume in the
long run. ServiceNow comes with Service Mapping which provides cross-functional
information to discover the initial point where the error was first noticed.
ServiceNow makes it easy to dispatch across different departments like engineering, field
services, legal, etc. Take the example of the coffee maker that’s not working. The field agent
is notified of its possible problem even before he starts his conversation with the customer.
The customer is notified proactively with real-time notifications ensuring customer
satisfaction and resolving issues at lightspeed.
Business Applications
ServiceNow comes with a drag and drop approach which allows you to customize Business
Apps without writing a single line of code. For the experienced developer, you will never
have to start from scratch again as you can choose from reusable components, workflows and
link barriers across departments using information from the cloud.
Let’s now move ahead in this what is ServiceNow blog and understand what is a PDI.
Personal Developer Instances (PDI)
PDIs are meant for a walkthrough of the ServiceNow features. It can be used by developers,
customers or even partners. The motive behind this instance is, it does not interfere with
the production instance. Application ideas can be tested on PDI’s however, it will not be
added to the final application repository.
Instances may be kept as long as there is regular activity. To be considered as active you need
to either create applications or write scripts within 14 days. Now that we are aware of PDI’s,
let’s move ahead and explore the ServiceNow Platform.
Creating A Personal Developer Instance(PDI)
To request a personal developer instance, the ServiceNow developer program provides you
with a fully-functional instance, sized for single developer use. Let’s explore the two options
to request a personal developer instance.
Step1: Log into the developer site at https://developer.servicenow.com.
Step2: Request a PDI by doing any of the following actions.

From the dashboard homepage, click Request Instance.
From any page on the developer site, navigate to Manage >> Instance and click Request
Instance.
On successful registration, you will get an instance copy as shown above. You can click on
the URL and login with your credentials.
The ServiceNow User Interface is as shown below. We are logged in as System
Administrator. Its main screen consists of the following three elements:
1. Banner: This contains the ServiceNow Logo on the left top corner. On the right, you
will find the Global Search Engine, Connectchat, Help Menu and Settings.
2. Application Navigator: We have a list of the business applications and modules.
3. Content frame: It consists of different data formats like Forms, Lists, etc.
The diagram below consists of the overview of the Administrator Homepage.
Customization of UI
Moving ahead in this what is ServiceNow blog let us see how we can customize the User
Interface of our developer instance. A user with the admin role can make changes to the UI
settings. By default, we use the UI 16 interface. Let me show you how to modify the caption
text and add a Banner image.
Step 1: Search for system properties. Look for basic configuration tab.
This gives you access to the system Configuration settings.
Step 2: You can now set the Page header caption and also update the Banner image.
Below you will find the updated Banner image and header caption.
Moving ahead, let us now learn how to create reports in ServiceNow.
Creating A Report
Step 1: We can create reports from an existing table or data source. In our example, we will
generate a report from the existing Incident table which holds all Incidents.
Step 2: To display our reports, we can choose from bar graphs, pie charts and a host of other
options. In our example, we will choose the bar graph option.
Step 3: We group our report according to the state parameter. This distributes the Incidents
into open, in progress, closed and resolved states.
Step 4: We can customize the report according to our style requirements. Once generated, our
report can be shared with other users and groups.
Cool isn’t it? Now let us break down another neat feature of ServiceNow. One that we have
already mentioned which is workflows.
Workflows
Workflows provide task progress. This can be seen in the stage field of the
workflow. Workflows are used to assess each stage in a process and automate day to day
tasks. This can be compared to Amazon order fulfillment. ServiceNow capitalized the lack of
a major player in the ITSM field. This is just one of the examples of consumer like appeal
that they bring to the table in ITSM.
The different stages of workflows in ServiceNow are as follows: Waiting for Approval,
Fulfillment, Configuration, Delivery and Completed. Each stage denotes whether the task
is In progress, Pending or Completed state. An assignee is automatically sent a
reminder highlighting his task’s current progress.
Figure: What Is ServiceNow – Workflows
This brings us to the end of this what is ServiceNow blog. Hope this was informative and
helpful to you. Happy Learning!!
If you found this blog on “What is ServiceNow?” useful, check out the ServiceNow Admin
Certification course by Edureka, a trusted online learning company with a network of more
than 250,000 satisfied learners spread across the globe. This course will give you a strong
hold on the ServiceNow platform with a full depth coverage right from administrative
functions as well automated workflows.
Got a question for us? Please mention it in the comments section and we will get back to you.
Introduction to Healthy, Safe and Secure Working Environments
A person must be aware of her/his organisation's health, safety and security procedures, and
follow them at work. Before you begin work, always: ensure risk assessments, if any.
A safe work environment is about more than just preventing injuries or the spread of disease,
it is about making employee well-being a priority. A safe workplace is one where employees
feel secure and enjoy a safe space, company values, and a positive co-working environment
that encourages respect for everyone.
Environment, health and safety (EHS) is the set that studies and implements the practical
aspects of protecting the environment and maintaining health and safety at occupation. In
simple terms it is what organizations must do to make sure that their activities do not cause
harm to anyone.
What is Workplace Safety?
Workplace safety is a composite field related to safety, health and welfare of people at work.
It narrates the strategy and methods in place to ensure health and safety of employees within
a workplace.
Workplace safety includes employee awareness related to the knowledge of basic safety,
workplace hazards, risks relating to hazards, implementation of hazard preventions, and
putting into practice necessary safer methods, techniques, process, and safety culture in the
workplace.
It also includes safety rules and regulations designed mostly on the basis of existing
government policies. Every organization puts in place a number of safety rules and
regulations for its people. Safety training and education for employees is imparted
periodically with a view to making them aware about and updating them with latest safety
measures.
Workplace safety is about putting a stop to injury and sickness to employees in the
workplace. Therefore, it is about safeguarding assets and health and life of the employees. It
also features in cutting down the cost of lost-work hours, time spent in putting short-term
help and the schedule and services that may fall off due to less of service providers, pressure
on those providers who are selecting the absent employees portion or poor case, having to
shut out or shut down a program due to lack of providers.
Need for Workplace Safety
Before analyzing various aspects of workplace safety, it is pertinent to know the reasons for
ensuring safety in life. We attach top priority to safety and security in places we live, stay,
visit or work in.

To Say no to Accidents − Accidents are fallouts of recklessness and lack of
responsibility. When we don’t follow required safety norms we end up in getting
injured or even in ending our valuable lives. It is true with regard to our home and
workplace alike.





To Stay Healthy and Energetic − We should have a healthy food habit, which is
itself a safety measure, to keep us healthy and lively for work at home and in
workplaces.
To have Longevity in Life − We should take care of ourselves everywhere we are
and of others for leading a safe and meaningful life.
To create Public Awareness − Promotion of safety norms everywhere creates public
awareness and discipline. It is true of workplaces and motivates new employees to
take up safety measures necessary for their safety.
To avoid loss of Property and Life − The basic aim of safety measures is to prevent
the occurrences of mishaps and hazards that sometimes cause heavy loss of life and
property.
To Devise Planning for Safety − Need for safety paves the way for devising an
effective planning for all-round safety of employees in an organization.
Basic Objectives of Workplace Safety
The basic objectives of workplace safety are as follows −







Preservation of and assistance for employees’ or workers’ health and well-being
Enhancing workability of employees by ensuring a safe and congenial work
environment
Growth of the organization that remains free from prospective hazards and mishaps
Encouraging a favorable social climate in the organization that motivates the
employees to work efficiently towards organizational progress and prosperity
Secure the health and safety of workers and workplace by eliminating or minimizing
risks
Achieve higher productivity among the employees by providing a safe and secure
environment
Focus on employees’ safety and health arising from chemicals and hazardous elements
used at workplaces.
Safety Enforcement in working Environement
Importance
Enforcement is a crucial component of work and environmental safety as it reinforces the
safety rules that serve to protect you. The primary role of enforcement is to reduce
incidents, save lives, and facilitate a hazard-free and efficient work environment.
Purpose
The purpose of safety rule enforcement is the protection of all employees. One employee's
unsafe behavior can affect the safety of other employees and safety is too important to allow
unsafe behavior or unsafe conditions. t. It is each employee's responsibility to work and act
safely every day on every job.
A safe work environment is about more than just preventing injuries or the spread of disease,
it is about making employee well-being a priority. A safe workplace is one where
employees feel secure and enjoy a safe space, company values, and a positive co-working
environment that encourages respect for everyone.
Hazard Prevention and Control
Effective controls protect workers from workplace hazards; help avoid injuries, illnesses, and
incidents; minimize or eliminate safety and health risks; and help employers provide workers
with safe and healthful working conditions. The processes described in this section will help
employers prevent and control hazards identified in the previous section.
To effectively control and prevent hazards, employers should:





Involve workers, who often have the best understanding of the conditions that create
hazards and insights into how they can be controlled.
Identify and evaluate options for controlling hazards, using a "hierarchy of controls."
Use a hazard control plan to guide the selection and implementation of controls, and
implement controls according to the plan.
Develop plans with measures to protect workers during emergencies and nonroutine
activities.
Evaluate the effectiveness of existing controls to determine whether they continue to
provide protection, or whether different controls may be more effective. Review new
technologies for their potential to be more protective, more reliable, or less costly.
Action item 1: Identify control options
A wealth of information exists to help employers investigate options for controlling identified
hazards. Before selecting any control options, it is essential to solicit workers' input on their
feasibility and effectiveness.
How to accomplish it
Collect, organize, and review information with workers to determine what types of hazards
may be present and which workers may be exposed or potentially exposed. Information
available in the workplace may include:




Review sources such as OSHA standards and guidance, industry consensus standards,
National Institute for Occupational Safety and Health (NIOSH) publications,
manufacturers' literature, and engineering reports to identify potential control
measures. Keep current on relevant information from trade or professional
associations.
Investigate control measures used in other workplaces and determine whether they
would be effective at your workplace.
Get input from workers who may be able to suggest and evaluate solutions based on
their knowledge of the facility, equipment, and work processes.
For complex hazards, consult with safety and health experts, including OSHA's Onsite Consultation Program.
Action item 2: Select controls
Employers should select the controls that are the most feasible, effective, and permanent.
How to accomplish it






Eliminate or control all serious hazards (hazards that are causing or are likely to cause
death or serious physical harm) immediately.
Use interim controls while you develop and implement longer-term solutions.
Select controls according to a hierarchy that emphasizes engineering solutions
(including elimination or substitution) first, followed by safe work practices,
administrative controls, and finally personal protective equipment.
Avoid selecting controls that may directly or indirectly introduce new hazards.
Examples include exhausting contaminated air into occupied work spaces or using
hearing protection that makes it difficult to hear backup alarms.
Review and discuss control options with workers to ensure that controls are feasible
and effective.
Use a combination of control options when no single method fully protects workers.
Action item 3: Develop and update a hazard control plan
A hazard control plan describes how the selected controls will be implemented. An effective
plan will address serious hazards first. Interim controls may be necessary, but the overall goal
is to ensure effective long-term control of hazards. It is important to track progress toward
completing the control plan and periodically (at least annually and when conditions,
processes or equipment change) verify that controls remain effective.
How to accomplish it





List the hazards needing controls in order of priority.
Assign responsibility for installing or implementing the controls to a specific person
or persons with the power or ability to implement the controls.
Establish a target completion date.
Plan how you will track progress toward completion.
Plan how you will verify the effectiveness of controls after they are installed or
implemented.
Action item 4: Select controls to protect workers during nonroutine operations and
emergencies
The hazard control plan should include provisions to protect workers during nonroutine
operations and foreseeable emergencies. Depending on your workplace, these could include
fires and explosions; chemical releases; hazardous material spills; unplanned equipment
shutdowns; infrequent maintenance activities; natural and weather disasters; workplace
violence; terrorist or criminal attacks; disease outbreaks (e.g., pandemic influenza); or
medical emergencies. Nonroutine tasks, or tasks workers don't normally do, should be
approached with particular caution. Prior to initiating such work, review job hazard analyses
and job safety analyses with any workers involved and notify others about the nature of the
work, work schedule, and any necessary precautions.
How to accomplish it





Develop procedures to control hazards that may arise during nonroutine operations
(e.g., removing machine guarding during maintenance and repair).
Develop or modify plans to control hazards that may arise in emergency situations.
Procure any equipment needed to control emergency-related hazards.
Assign responsibilities for implementing the emergency plan.
Conduct emergency drills to ensure that procedures and equipment provide adequate
protection during emergency situations.
Action item 5: Implement selected controls in the workplace
Once hazard prevention and control measures have been identified, they should be
implemented according to the hazard control plan.
How to accomplish it



Implement hazard control measures according to the priorities established in the
hazard control plan.
When resources are limited, implement measures on a "worst-first" basis, according
to the hazard ranking priorities (risk) established during hazard identification and
assessment. (Note, however, that regardless of limited resources, employers have an
obligation to protect workers from recognized, serious hazards.)
Promptly implement any measures that are easy and inexpensive—e.g., general
housekeeping, removal of obvious tripping hazards such as electrical cords, basic
lighting—regardless of the level of hazard they involve.
Action item 6: Follow up to confirm that controls are effective
To ensure that control measures are and remain effective, employers should track progress in
implementing controls, inspect and evaluate controls once they are installed, and follow
routine preventive maintenance practices.
How to accomplish it

Track progress and verify implementation by asking the following questions:
 Have all control measures been implemented according to the hazard control
plan?
 Have engineering controls been properly installed and tested?





Have workers been appropriately trained so that they understand the controls,
including how to operate engineering controls, safe work practices, and PPE
use requirements?
 Are controls being used correctly and consistently?
Conduct regular inspections (and industrial hygiene monitoring, if indicated) to
confirm that engineering controls are operating as designed.
Evaluate control measures to determine if they are effective or need to be modified.
Involve workers in the evaluation of the controls. If controls are not effective,
identify, select, and implement further control measures that will provide adequate
protection.
Confirm that work practices, administrative controls, and personal protective
equipment use policies are being followed.
Conduct routine preventive maintenance of equipment, facilities, and controls to help
prevent incidents due to equipment failure.
NATIONAL POLICY ON SAFETY, HEALTH AND ENVIRONMENT AT WORK PLACE
1. PREAMBLE
1.1 The Constitution of India provide detailed provisions for the rights of the citizens and also
lays down the Directive Principles of State Policy which set an aim to which the activities
of the state are to be guided.
1.2 These Directive Principles provide (a) for securing the health and strength of employees,
men and women; b) that the tender age of children are not abused; c) that citizens are not
forced by economic necessity to enter avocations unsuited to their age or strength; d) just
and humane conditions of work and maternity relief are provided; and e) that the
Government shall take steps, by suitable legislation or in any other way, to secure the
participation of employee in the management of undertakings, establishments or other
organisations engaged in any industry.
2. GOALS:
The Government firmly believes that building and maintaining national preventive
safety and health culture is the need of the hour. With a view to develop such a culture
and to improve the safety, health and environment at work place, it is essential to
meet the following requirements:2.1 providing a statutory framework on Occupational Safety and Health in respect of all
sectors of industrial activities including the construction sector, designing suitable control
systems of compliance, enforcement and incentives for better compliance.
2.2 providing administrative and technical support services.
2.3. providing a system of incentives to employers and employees to achieve higher health
and safety standards .
2.4 providing for a system of non-financial incentives for improvement in safety and health.
2.5. establishing and developing the research and development capability in emerging areas
of risk and providing for effective control measures.
2.6. Focusing on prevention strategies and monitoring performance through improved data
collection system on work related injuries and diseases.
2.7 Developing and providing required technical manpower and knowledge in the areas of
safety, health and environment at workplaces in different sectors.
2.8 Promoting inclusion of safety, health and environment, improvement at workplaces as an
important component in other relevant national policy documents.
2.9 Including safety and occupational health as an integral part of every operation.
3. OBJECTIVES:
3.1 The policy seeks to bring the national objectives into focus as a step towards
improvement in safety, health and environment at workplace. The objectives are to achieve:a)
Continuous reduction in the incidence of work related injuries, fatalities, diseases,
disasters and loss of national assets.
b) Improved coverage of work related injuries, fatalities and diseases and provide for a more
comprehensive data base for facilitating better performance and monitoring.
c) Continuous enhancement of community awareness regarding safety, health and
environment at workplace related areas.
d) Continually increasing community expectation of workplace health and safety standards.
e) Improving safety, health and environment at workplace by creation of “green jobs”
contributing to sustainable enterprise development.
4. ACTION PROGRAMME
For the purpose of achieving the goals and objectives, the following action programme is
drawn up and where necessary time bound action programme would be initiated, namely:4.1. Enforcement
4.1.1 by providing an effective enforcement machinery as well as suitable provisions for
compensation and rehabilitation of affected persons;
4.1.2 by effectively enforcing all applicable laws and regulations concerning safety, health
and environment at workplaces in all economic activities through an adequate and effective
labour inspection system;
4.1.3 By establishing suitable schemes for subsidy and provision of loans to enable effective
implementation of the policy;
4.1.4 by ensuring that employers, employees and others have separate but complementary
responsibilities and rights with respect to achieving safe and healthy working conditions;
4.1.5 by amending expeditiously existing laws relating to safety, health and environment and
bring them in line with the relevant international instruments;
4.1.6 by monitoring the adoption of national standards through regulatory authorities;
4.1.7 by facilitating the sharing of best practices and experiences between national and
international regulatory authorities;
4.1.8 by developing new and innovative enforcement methods including financial incentives
that encourage and ensure improved workplace performance;
4.1.9 by making an enabling legislation on Safety, Health and Environment at Workplaces.
4.1.10 by setting up safety and health committees wherever deemed appropriate;
4.2 National Standards
4.2.1 by developing appropriate standards, codes of practices and manuals on safety, health
and environment for uniformity at the national level in all economic activities consistent with
international standards and implementation by the stake holders in true spirit;
4.2.2 by ensuring stakeholders awareness of and accessibility to applicable policy,
documents, codes, regulations and standards;
4.3 Compliance
4.3.1 by encouraging the appropriate Government to assume the fullest responsibility for the
administration and enforcement of occupational safety, health and environment at workplace,
provide assistance in identifying their needs and responsibilities in the area of safety, health
and environment at workplace, to develop plans and programmes in accordance with the
provisions of the applicable Acts and to conduct experimental and demonstration projects in
connection therewith;
4.3.2 by calling upon the co-operation of social partners in the supervision of application of
legislations and regulations relating to safety, health and environment at work place;
4.3.3 by continuous improvement of Occupational Safety and Health by systems approach to
the management of Occupational Safety and Health including developing guidance on
Occupational Safety and Health management systems, strengthening voluntary actions,
including mechanisms for self regulatory concept and establishing auditing mechanisms
which can test and authenticate occupational safety and health management systems;
4.3.4 by providing specific measures to prevent catastrophes, and to co-ordinate and specify
the actions to be taken at different levels, particularly in the industrial zones with high
potential risks;
4.3.5 by recognising the best safety and health practices and providing facilitation for their
adoption.
4.3.6 by providing adequate penal provisions as deterrent for violation of laws for the time
being in force;
4.3.7 by encouraging all concerned to adopt and commit to “Responsible Care” and / or
“Corporate Social Responsibility” to improve safety, health and environment at workplace
performance;
4.3.8 by ensuring a suitable accreditation machinery to recognise institutions, professionals
and services relating to safety, health and environment at workplace for uniformity and
greater coverage as also authenticating safe management system;
4.3.9 by encouraging employers to ensure occupational safety and health management
systems, establish them in efficient manner to improve workplace safety and health;
4.3.10 by specifically focusing on such occupational diseases like pneumoconiosis and
silicosis; developing a framework for its prevention and control as well as develop technical
standards and guidelines for the same;
4.3.11 by promoting safe and clean technology and progressively replacing materials
hazardous to human health and environment;
4.4 Health and Safety Awareness
4.4.1 by increasing awareness on safety, health and environment at workplace through
appropriate means;
4.4.2 by providing forums for consultations with employers’ representatives, employees
representatives and community on matters of national concern 8 relating to safety, health and
environment at work place with the overall objective of creating awareness and enhancing
national productivity;
4.4.3 by encouraging joint labour-management efforts to preserve, protect and promote
national assets and to eliminate injuries and diseases arising out of employment;
4.4.4 by raising community awareness through structured, audience specific approach;
4.4.5 by continuously evaluating the impact of such awareness and information initiatives;
4.4.6 by maximizing gains from the substantial investment in awareness campaigns by
sharing experience and learning;
4.4.7 by suitably incorporating teaching inputs on safety, health and environment at work
place in schools, technical, medical, professional and vocational courses and distance
education programme;
4.4.8 by securing good liaison arrangements with the International organisations;
4.4.9 by providing medical criteria wherever necessary which will assure insofar as
practicable that no employee will suffer diminished health, functional capacity, or life
expectancy as a result of his work place activities and that in the event of such occupational
diseases having been contracted, is suitably compensated;
4.4.10 by providing practical guidance and encouraging employers and employees in their
efforts to reduce the incidence of occupational safety and health risks at their places of
employment and to impress upon employers and employees to institute new programmes and
to improve existing programmes for providing safe and healthful working conditions,
requiring employers to ensure that workers and their representatives are consulted, trained,
informed and involved in all measures related to their safety and health at work;
Download