The CSIS is an internet
technology based information system. The
CSIS holds entire Civil Service information in the CSIS server at RCSC. The access to it is provided to authorized
users only through internet. To such a
system a high level of security is of utmost importance.
What is Information Security?
Confidentiality
Ensuring that information is accessible only to those who have authorization to have access.
Integrity
Safeguarding the accuracy and completeness of information and processing methods
Availability
Ensuring that authorized people have access to information and associated assets, if required only.
Keeping in view on the importance of
information security in using internet based technology, the access to the CSIS
have taken into account the following areas of concern:
1.
Classification
of Data
2.
Validation of
data
3.
General rules
for granting access
4.
User
Accountability
5.
Levels of
access rights
6.
Position
Title/Level versus level of access
7.
HROs to whom
role based access will be given
8.
HROs to whom
general access will be given
CLASSIFICATION
OF DATA
To maintain a high
level of security, the information maintained in the system is classified into
transactional and non-transactional or static data. The static data are further
classified into sensitive and non-sensitive data.
1. Transactional data
Transactional data or
information is any information or data that has been entered and submitted On-line
by the Agencies through CSIS such as promotion proposal, transfers, employment
form etc. Those data once entered and
submitted cannot be edited or changed neither by the HR officers of the
Agencies nor by the HR officers of the RCSC Secretariat. This is being done in order to ensure that
the accountability is fixed with the dealing HR officers if wrong or erroneous
data has been submitted by them. To
ensure submission of correct information, a provision is made in the system to check
information prior to submitting it to the RCSC. Conversely, the information transacted by
RCSC, cannot be altered or edited by the HROs of receiving Agencies.
2. Static data
Static data are those
data that are associated with the bio-data/ CVs of individual civil servant
that have been entered and stored in the database of the RCSC. This data and information, such as employee
bio-data, promotion and transfer history, training and qualifications, employee
ID, promotion date etc., can be viewed by the different users of the system. Further, the static data has been classified into
sensitive and non-sensitive data.
Sensitive data
Following data have been
classified as sensitive data
1.
Employee ID
2.
Date of birth
3.
Date of appointment
4.
Date/last date of promotion
5.
Appointment order number
6.
Promotion order number
7.
Position Level, Sub-level and Title
8.
Major Occupational Group and Sub-group
9.
Training and qualification information
The above data are classified
as sensitive and therefore cannot be edited, altered or changed, except by
MISD.
Non-sensitive data
Following data are classified
as non-sensitive data
1.
Family details,
2.
Contact number,
3.
Place of posting or location /present
address,
4.
Parent and working Agency,
5.
Address details (permanent address),
and
6.
Transfers history.
The above data are classified
as non-sensitive and therefore the concerned HROs of the Agencies can edited upon
clearing from HRC.
VALIDATION
OF DATA
Data validation and
verification is one of the important mechanisms that ensures the authenticity
and correctness of the information being entered. The system is built in such a way that the
information being entered must be as per the provisions of BCSR.
In simplest term, the system has
in-built validation mechanism, thus it will not accept date that is not in line
with the BCSR. For example, the Agencies
cannot grant meritorious promotion and if they try to do, the system will no
accept, in which case it requires RCSC Commission’s order number. For decentralized HR actions, the Agency can
enter or update the data only within the scope of decentralization and BCSR.
For the purpose of
validation and verification of the data, three sets of mechanisms are put in
place:
- In-built mechanism
in the system
To
a large extent, the system validates and verifies the information being entered
by the users is correct.
This takes care
of both centralized and decentralized HR actions.
If
the user enters any bogus or erroneous data, the system will not accept the
data and prompt the users with the message to enter the correct data and
information into the system.
Since the
system has all the information of civil servants and is linked to different
modules, system will automatically validate the data entry based on the
available data in the system. Some
examples of system validation are:
Date of birth
– Date of birth cannot be below 18 years of age and above 40 years of age on
the date of initial appointment.
Decentralized recruitment –
Agencies cannot recruit above S1 Position Level and Dzongkhags cannot recruit
above O1 Position Level.
Validity of the documents
submitted – System will automatically calculate the
validity period of the referenced document, example security clearance, audit clearance
etc, from the date of issue, and if not within the validity period, system will
reject the application.
Transfers
– System validates and restricts the transfers by the agencies if it is not as
per the BCSR.
Similarly
the system validates change in MoG and Sub group, change in the Position Title
and Level, HR actions not fulfilling the minimum number of years required,
joining date before transfer date etc.
Secondment
– System will not accept if a civil servant has training, EOL or any other obligations.
Separation
- Cannot separate under ERS if a civil servant has training or EOL obligations
etc.
Promotion –
System will not allow to process promotion without fulfilling minimum number of
years required to serve in the same position. The system will also not allow to
process promotion if the performance rating is not as per the requirement. In addition, the system will also not allow Agencies
to process for meritorious or out of turn promotion etc.
The
final rating of performance appraisal must be entered into the system within
the specified time period of six months after the appraisal cycle.
Training -
system will not allow to process the training (both short term and long term)
without fulfilling the minimum duration required to avail the training after
the last training has been availed.
The
system is completely aligned to the BCSR.
As and when any clause of the BCSR is revised, the system will be
immediately aligned to it. If any HR
action is not as per the BCSR, it requires approval of the RCSC Commission and
such HR action falls under the category of HR action by Order. In such cases the system requires the
information such as Commission Meeting and date and reference of RCSC order,
and only then the HROs will be able to enter the data.
- Validation by HR
officers at RCSC
In
case of centralized HR actions, the concerned HROs of the HRMD or HRDD at RCSC validate
the information submitted by the Agencies before according RCSC approval. For the decentralized recruitment, if the
recruitment is not as per the approved staffing pattern, the HROs of HRMD will
not endorse the appointment.
Similarly
for training, if a candidate does not fulfill the training criteria, the
concerned HROs of HRDD will not endorse the nomination.
- Audit trail
Audit
trail is a utility in the system that track the changes made in the system by the
users, which may not be in line with the BCSR and not taken care by the
in-built mechanism, for example relevancy of the training, or repeated training
in the same field.
It will maintain the
status of the changes made such as the previous data and the new data. In addition, it will store the details of the
users who had made that change with different parameter such as user name, date
of change, time of change etc.
Audit
trail will track data not taken care by the system and enables to do HR audit
at the system level. Data tracking can
be done agency wise and thus enables RCSC to do data validation particularly
for decentralized HR actions.
GENERAL RULES FOR GRANTING ACCESS
1.
The RCSC, based on following general
principle, shall grant access rights and privileges to use the CSIS.
2.
Each person entitled to use the CSIS
shall be given access and shall abide by the Code of Conduct and Ethics, while
using the system.
3.
The CSIS can only be accessed by:
1.
Those who need to know the individual
civil servant’s information,
2.
Those responsible for data entry and
data validation,
3.
Those responsible to manage hardware
and software of the system,
4.
Those responsible for HR auditing, and
5.
Person concerned
4.
The CSIS contains classified
information which is therefore confidential. Such classified information is
accessible only to those authorized users.
5.
All users shall have access to
information with the exception to information classified as confidential.
6.
The system shall maintain record
(audit trail) of every instance that a user has accessed the system.
7.
The users having access rights and
privileges shall not meddle with and misuse the data.
8.
In case a person has misused the given
rights and privileges, the RCSC shall take appropriate disciplinary action, regardless of the position of the
person, as per the provisions of the BCSR.
USER ACCOUNTABILITY
Divisions of RCSC
The respective divisions of the RCSC
shall have access to all modules pertaining to their respective divisions. The concerned divisions shall have viewing,
data input, editing (within its scope) and report generating rights. The Chief of Division shall recommend what
rights are to be given to individual HROs of the respective divisions based on
one’s role and remain accountable.
MISD of RCSC
The MISD is responsible for the
overall management of the CSIS. The
Chief shall report to the Commissioner concerned and the RCSC Commission
regarding the CSIS. The System Administrators
of the MISD shall be technically responsible for:
Ensuring
the information security,
Generating
reports,
Audit
Trail and HR auditing at the system level,
Periodic
system and data back up, and
Maintaining
and timely upgrading the hardware and software elements of the CSIS.
HROs of Agencies
HR Officers of the Agency concerned
shall have access rights and privileges to all personal data of the civil
servants under the respective Agencies based on roles of the individual
HROs. The Chief HRO shall determine the
access rights and privileges to be given to the individual HROs of the
concerned Agencies who remain accountable for the data.
Civil servants
Individual
civil servants shall have viewing rights to their own personal information
only.
LEVELS
OF ACCESS RIGHT
To ensure a high
level of security and confidentiality of data and information in the CSIS, the
access right to the CSIS must be role based. For this reason, access rights and
privileges must be given to an individual only to the extent that one’s role
and responsibility requires. Thus
different levels of access rights have been proposed for approval of the RCSC Commission.
Accordingly four
levels of access rights and privileges have been proposed:
1.
View
only,
2.
View
and Edit,
3.
HR
processes and actions (view, edit, and new entry)
4.
System
Administration
POSITION
TITLE/LEVEL VERSUS LEVELs OF ACCESS
View
only
- Members of the RCSC Commission
- Secretaries to the Government
- Other Secretaries and Head of Autonomous Agencies
- Directors/Head of Departments.
- Individual civil Servant but one’s own CV
only.
View
and edit
1.
Chief/Sr HR Officers of all Agencies
2.
Chief HR Officers of RCSC Secretariat
Role
based access (view, edit and new entry)
This category of
access right and privileges is specifically meant for HR Officers of the
respective agencies and it is further categorized in two; role based access and
general access.
Under role based
access, an individual will have access either for HRM or for HRD actions only. Alternatively, an individual will have access
to a Department or an organization. This
sub-category of access shall be applied to large agencies, which are as listed:
1.
Ministry
of Education,
2.
Ministry
of Health,
3.
Ministry
of Agriculture and Forests
4.
Ministry
of Finance,
5.
Ministry
of Home and Cultural Affairs, and
6.
Ministry
of Works and Human Settlement.
To
HROs of smaller Agencies, the general access and privileges shall be given, in
which case the HROs will have access to HR information related to all the
incumbents of the Agency concerned irrespective of HRM or HRD actions and
incumbents belonging to different parent Agencies.
The
Agencies under this sub-category are:
1.
Ministry
of Information and Communication,
2.
Ministry
of Labour and Human Resources
3.
Ministry
of Economic Affairs,
4.
Ministry
of Foreign Affairs,
5.
All
Constitutional Offices & Statutory bodies,
6.
Legislative
and Judiciary branches of the Government,
7.
All
Autonomous Agencies, and
8.
Dzongkhags
HROs TO WHOM
ROLE BASED ACCESS WILL BE GIVEN
1.
Ministry
of Agriculture and Forests
Sl
#
|
Name
|
Position
Title
|
Role
(HRM/HRD)
|
1.
|
Ngawang
Pem
|
Chief
HRO
|
General
|
2.
|
Kinga
Wangdi
|
Specialist-III
|
General
|
|
3.
|
Dawa
Tshering
|
HRO
|
Forest
|
|
4.
|
Sangay
Yanglay
|
Asst.
HRO
|
Livestock
|
|
5.
|
Deki
dema
|
Asst.
HRO
|
Ag/AgM/CORRB
|
|
6.
|
Ganga
Pradhan
|
Asst.
HRO
|
Secretariat
|
|
7.
|
Galeymo
|
Asst.
HRO
|
Forest
|
|
|
|
|
|
|
|
2.
Ministry
of Education
Sl
#
|
Name
|
Position
Title
|
Role
(HRM /HRD)
|
1.
|
Sonam
Wangyel
|
Chief
HRO
|
General
|
2.
|
Bhumika
Ghallay
|
D.
Chief HRO
|
General
|
3.
|
Chhimi
Jamtsho
|
Sr.
HRO
|
HRM
|
4.
|
Pasang
Dorji
|
Sr.
HRO
|
HRM
|
5.
|
Chencho
Wangdi
|
HRO
|
HRD
|
6.
|
Tshering
Tashi
|
HRO
|
HRD
|
7.
|
Choden
|
Asst.
HRO
|
HRM
|
8.
|
Choden
|
Asst.
HRO
|
HRM
|
3.
Ministry
of Works & Human Settlement
Sl
#
|
Name
|
Position
Title
|
Role
(HRM/ HRD)
|
1.
|
Pem
Tshewang
|
Chief
HRO
|
General
|
2.
|
Dakpa
Gyeltshen
|
Asst.
HRO
|
HRD
|
3.
|
Langa
Dorji
|
Asst.
HRO
|
Both
(TCC)
|
4.
|
Pema
Chezom
|
Asst.HRO
|
HRM
|
5.
|
Sonam
Tshewang
|
Asst.
HRO
|
HRM
|
6.
|
Tashi
Wangmo
|
Asst.
HRO
|
HRM
|
4.
Ministry
of Finance
Sl
#
|
Name
|
Position
Title
|
Role
(HRM /HRD)
|
1.
|
|
Chief
HRO
|
General
|
2.
|
Jigme
Thinley
|
Sr.
HRO
|
General
|
3.
|
Tshering
Tobgay
|
Sr.
HRO
|
HRM
|
4.
|
Sangay
Needup
|
Asst.
HRO
|
HRM
|
5.
|
Thinley
Penjor
|
Asst.
HRO
|
HRD
|
6.
|
Ugen
Zam
|
Asst.
HRO
|
HRM
|
5.
Ministry
of Health
Sl
#
|
Name
|
Position
Title
|
Role
(HRM /HRD)
|
1.
|
Yangchen Chhoeden
|
Chief
HRO
|
General
|
2.
|
Mindu
Dorji
|
Sr.
HRO
|
General
|
3.
|
Chimi
Rinzin
|
HRO
|
HRM
|
4.
|
Deki
|
HRO
|
HRD
|
5.
|
Chimi
Drukpa
|
HRO
|
HRM
|
6.
|
Tshiltrim
Zangpo
|
Asst.
HRO
|
HRM
|
7.
|
Sonam
Dorji
|
Asst.
HRO
|
HRD
|
6.
Ministry
of Home and Cultural Affairs
Sl
#
|
Name
|
Position
Title
|
Role
(HRM /HRD)
|
1.
|
Chhime
Dorje
|
Chief
HRO
|
General
|
2.
|
Sonam
Gyeltshen
|
HRO
|
HRD
|
3.
|
Sherab
Zangpo
|
HRO
|
HRM
|
HROs
TO WHOM GENERAL ACCESS WILL BE GIVEN
1.
Ministry
of Information and Communications
Sl
#
|
Name
|
Position
Title
|
1
|
Karma
Tenzin
|
Sr.
HRO
|
2
|
Peljor
Gaylek
|
Asst.
HRO
|
2.
Ministry
of Labour & Human Resources
Sl
#
|
Name
|
Position
Title
|
1.
|
|
Chief
HRO
|
2.
|
Maya
Sherpa
|
Sr.
HRO
|
3.
|
Pema
Namgyel
|
Asst.
HRO
|
4.
|
Sonam
Wangmo
|
Asst.HRO
|
5.
|
Tenzin
|
Asst.
HRO
|
3.
Ministry
of Economic Affairs
Sl
#
|
Name
|
Position
Title
|
1.
|
Kesang
Wangdi
|
Chief
HRO
|
2.
|
Ngawang
Lhendrup
|
Sr.
HRO
|
3.
|
Dorji
Choidup
|
Asst.
HRO
|
4.
|
Sonam
Thinley
|
Asst.
HRO
|
5.
|
Sonam
Wangmo
|
Asst.
HRO
|
4.
Ministry
of Foreign Affairs
Sl
#
|
Name
|
Position
Title
|
1
|
Tashi
Penjor
|
Asst.
HRO
|
2
|
Sangay
Tenzing
|
Asst.
HRO
|
5.
Autonomous
Agencies
Sl
#
|
Name
|
Position
Title
|
Agency
|
1
|
Chador
Wangmo
|
Asst.
HRO
|
BICMA
|
2
|
Choney
Lhazom Wangchul
|
Asst.
HRO
|
Cabinet
Secretariat
|
3
|
Karma
|
Asst.HRO
|
GNHC
|
4
|
Khampa
Tshering
|
Sr.
HRO
|
NEC
|
5
|
Yangchen
Wangmo
|
Asst.
HRO
|
NLC
|
6
|
Kesang
Jamtsho
|
Asst.
HRO
|
OAG
|
7
|
Karma
Geley
|
Asst.
HRO
|
RIM
|
6.
Dzongkhags
Sl
#
|
Name
|
Position
Title
|
Dzongkhag
|
1
|
Kinzang
Lhamo
|
Asst.
HRO
|
Bumthang
|
2
|
Karma
Wangdi
|
Asst.
HRO
|
Chhukha
|
3
|
Kinley
Wangdue
|
Asst.HRO
|
Dagana
|
4
|
Ramchandra
Sichuri
|
Offtg.
HRO
|
Gasa
|
5
|
Sangay
Dorji
|
Offtg.
HRO
|
Haa
|
6
|
Karma Jigme
|
Asst.
HRO
|
Lhuntse
|
7
|
Sonam Dekar
|
Asst.
HRO
|
Mongar
|
8
|
Sonam
Dorji
|
Asst.
HRO
|
Mongar
|
9
|
Ugyen
Dorji
|
Asst.
HRO
|
Paro
|
10
|
Dorji
Duba
|
Asst.
HRO
|
Pemagatshel
|
11
|
Tshering
Norbu
|
Offtg.
HRO
|
Punakha
|
12
|
Tashi
Dema
|
Asst.
HRO
|
S/Jongkhar
|
13
|
Singye
Dorji
|
Asst.
HRO
|
Samtse
|
14
|
Kuenley Tshering
|
Asst.
HRO
|
Sarpang
|
15
|
Ugyen
Dema
|
Asst.
HRO
|
Thimphu
|
16
|
Passang
Dorji
|
Asst.
HRO
|
T/Yangtse
|
17
|
Rinzin
Lhamo
|
Asst.HRO
|
T/Gang
|
18
|
Lhabula
|
Asst.
HRO
|
Tsirang
|
19
|
Choki
Dorji
|
Asst.
HRO
|
Wangdue
|
20
|
Chimi
Tenzin
|
Asst.
HRO
|
Zhemgang
|
Note: The HRO’ of Gasa, Haa, Ppunakha
and Trongsa are on long-term studies.
HROs
of Trongsa Dzongkhag did not come to attend the training.
7.
RCSC
Commission
Sl
#
|
Name
|
Position
Title
|
Access
|
HRMD
|
1.
|
Dorji
Tshering
|
Chief
HRO
|
V&E
|
2.
|
Karchung
|
Sr.
HRO
|
HRM*
|
3.
|
Kinga
Lotey
|
HRO
|
HRM*
|
4.
|
Dema
Wangdi
|
Asst.HRO
|
HRM*
|
5.
|
Jigme
Norbu
|
Asst.
HRO
|
HRM*
|
6.
|
Karma
Euden
|
Asst.
HRO
|
HRM*
|
7.
|
Louise
Monger
|
Asst.
HRO
|
HRM*
|
8.
|
Tashi
Tshering
|
Asst
HRO
|
HRM
|
HRDD
|
1.
|
Ugyen
Tshewang
|
Chief
HRO
|
V&E
|
2.
|
Jigme
Dorji
|
Sr.
HRO
|
HRD*
|
3.
|
Sangay
Thinley
|
Sr.
HRO
|
HRD*
|
4.
|
Rinchen
Peldon
|
HRO
|
HRD*
|
5.
|
Dechen
Dorji
|
Asst.
HRO
|
HRD*
|
6.
|
Dechen
Pelmo
|
Asst.
HRO
|
HRD*
|
7.
|
Dhendup
Tshering
|
Asst.
HRO
|
HRD*
|
8.
|
Sangay
Choden
|
Asst.
HRO
|
HRD*
|
9.
|
Tshering
Choden
|
Asst
HRO
|
|
Legal
|
1.
|
Choki
Drakpa
|
Legal
Officer
|
Legal
|
2.
|
Yeshey
Wangdi
|
Legal
Asst. III
|
Legal
|
3.
|
Penjo
|
Asst.
Dz Coord II
|
Legal
|
PPD
|
1.
|
Namgay
Wangchuk
|
Planning
Officer
|
PP
|
2.
|
Tobden
|
Statistical
Officer
|
PP
|
3.
|
Gaki
Wangmo
|
Asst. Planning Officer
|
PP
|
4.
|
Karma
Wangdi
|
Asst.
Prog Officer
|
PP
|
MISD
|
1.
|
Tashi
Dorji
|
ICT
Officer
|
MIS
|
2.
|
Pelden
Choeda
|
ICT
officer
|
MIS
|
3.
|
Kuenga
Zam
|
ICT
officer
|
MIS
|
4.
|
|
ICT
officer
|
MIS
|
5.
|
Kiba
|
Sr.
ICT Tech Assoc
|
MIS
|
6.
|
Gyeltshen
|
ICT
Tech Assoc-II
|
MIS
|
7.
|
Tshewang
Norbu
|
Record
Asst. III
|
Record**
|
8.
|
Tshultrim
Dema
|
Record
Asst. II
|
Record**
|
9.
|
Gelo
|
Record
Asst. III
|
Record**
|
*Access
shall be for the agencies to which one is responsible
**Personal file management module only
8.
Constitutional
Offices/Judiciary and Legislative branches of the Government.
Sl
#
|
Name
|
Position
Title
|
Division
/Services
|
1
|
Leki Dorji
|
Asst.
HRO
|
National
Assembly
|
2
|
Karma
Dorji
|
Asst.
HRO
|
National
Council
|
3
|
Phuntsho
Norbu
|
Asst.
HRO
|
RAA
|
The list of HROs of other
Constitutional Offices, and Legislative and Judiciary branches of the
Government shall be added subsequently.
9.
Change
in place of posting or Position Level of HROs.
In case of transfer
or any other changes on the above officers with regard to their roles and
function, the Agencies shall immediately inform the RCSC, and the MISD shall affect
the changes in the system accordingly.