1. Overview
Allowing employees to install software on company computing devices opens the organization up to unnecessaryexposure. Conflicting file versions or DLLs which can prevent programs from running, the introduction of malwarefrom infected installation software, unlicensed software which could be discovered during audit, and programs which canbe used to hack the organization’s network are examples of the problems that can be introduced when employees installsoftware on company equipment.
2. Purpose
The purpose of this policy is to outline the requirements around installation software on <Company Owned> computing devices. To minimize the risk of loss of program functionality, the exposure of sensitive informationcontained within <Company Name’s> computing network, the risk of introducing malware, and the legalexposure of running unlicensed software.
3. Scope
This policy applies to all <Company Name> employees, contractors, vendors and agents with a <Company Name>-owned mobile devices. This policy covers all computers, servers, smartphones, tablets and other computing devices operating within <Company Name>.
4. Policy
- Employees may not install software on <Company Name’s> computing devices operated within the <CompanyName> network.
- Software requests must first be approved by the requester’s manager and then be made to the InformationTechnology department or Help Desk in writing or via ema
- Software must be selected from an approved software list, maintained by the Information Technology department,unless no selection on the list meets the requester’s need.
- The Information Technology Department will obtain and track the licenses, test new software for conflict andcompatibility, and perform the installa
5. Policy Compliance
- Compliance Measurement
The Infosec team will verify compliance to this policy through various methods, including but not limited to, periodic walk-thrus, video monitoring, business tool reports, internal and external audits, and feedback to the policy owner.
5.2 Exceptions
Any exception to the policy must be approved by the Infosec team in advance.
5.3 Non-Compliance
An employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.
Comments
0 comments
Please sign in to leave a comment.