Software Installation Policy

OVERVIEW

Allowing employees to install software on company computing devices opens the organisation up to unnecessary exposure. Conflicting file versions or DLL's which can prevent programs from running, the introduction of malware from infected installation software, unlicensed software which could be discovered during audit, and programs which can be used to hack the organisation's network are examples of the problems that can be introduced when employees install software on company equipment.

PURPOSE

The purpose of this policy is to outline the requirements around installation software on 10ARK DIGITAL computing devices. To minimise the risk of loss of program functionality, the exposure of sensitive information contained within a 10ARK DIGITAL computing network, the risk of introducing malware, and the legal exposure of running unlicensed software.

SCOPE

This policy applies to all 10ARK DIGITAL employees, contractors, vendors and agents with a 10ARK DIGITAL owned mobile devices. This policy covers all computers, servers, smartphones, tablets and other computing devices operating within 10ARK DIGITAL.

POLICY

  1. Employees may not install software on 10ARK DIGITAL computing devices operated within the 10ARK DIGITAL network.

  2. Software requests must first be approved by the requester's manager.

  3. Software must be selected from an approved software list, maintained by the Infosec, unless no selection on the list meets the requester's need.

  4. The Infosec team will obtain and track the licenses, test new software for conflict and compatibility, and perform the installation.

POLICY COMPLIANCE

Compliance Measurement

The Infosec team will verify compliance to this policy through various methods, including but not limited to, periodic walk-thrus, video monitoring, business tool reports, internal and external audits, and feedback to the policy owner.

Exceptions

Any exception to the policy must be approved by the Infosec team in advance.

Non-Compliance

An employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.

PreviousServer Security PolicyNextDatabase Credentials Policy

Last updated

Was this helpful?