COMPLIANCE COUNSELOR
Sample security policy for end users, part two
Nap van Zuuren
12.05.2001
Rating: -3.00- (out of 5)
Here is the second part of a sample security policy for end users, submitted by searchSecurity member Nap van Zuuren. Give it a read and tell us what you think by rating it at the bottom of the page. And, don't miss the rest of the policy; follow the link below.
Software/Hardware Policy for End Users within
V. Acceptable use
This section defines the boundaries for the "acceptable use" of the
company's electronic resources, including software, hardware devices
and network systems. Hardware devices, software programs and network
systems purchased and provided by the company are to be used only for creating, researching and processing company-related materials. By using the company's hardware, software and network systems you assume personal responsibility for their appropriate use and agree to comply with this policy and other applicable company policies, as well as applicable laws and regulations.
VI.a. Software
All software acquired for or on behalf of the company or developed by
company employees or contract personnel on behalf of the company is and
shall be deemed company property. All such software must be used in
compliance with applicable licenses, notices, contracts and agreements.
VI.b. Purchasing
All purchasing of company software shall be centralized with 's assigned staff, to ensure that all applications conform to
corporate software standards and are purchased at the best possible
price and support. All requests for standard and additional software must be submitted to 's assigned staff (3), who will then
determine the standard software that best accommodates the desired request.
VI.c. Licensing
Each employee is individually responsible for reading, understanding,
and following all applicable licenses, notices, contracts and agreements for software that he or she uses or seeks to use on company computers. Unless otherwise provided in the applicable license, notice, contract, or agreement, any duplication of copyrighted software, except for backup and archival purposes, might be a violation of national law and regulations. In addition to violating such laws, unauthorized duplication of software is a violation of the company's Software/Hardware Policy.
VI.d. Software standards
The following list shows the standard suite of software installed on
company computers (excluding test computers) that is fully supported by
the Network Administrator:
- Microsoft Windows 2000
- Microsoft Outlook 2000
- Microsoft Office 2000 (Word, Excel, Powerpoint, Access, Image Composer 1.5, Photo Editor 3.01, Publisher)
- Microsoft Internet Explorer
- Adobe Acrobat Reader
- Norton Antivirus Corporate edition
- PGP
- WinZip
* On request: Microsoft Project 2000 and/or Visio 2000
* Laptops only: Dial-up ISP and company VPN access
Employees needing software other than those programs listed above must
request such software from 's assigned staff (3). Each request will be considered on a case-by-case basis in conjunction
with the software-purchasing section of this policy. For installation of private owned - and private licensed - software on provided hardware, the explicit authorization to install this software has to be obtained from Network Administrator or 's Corporate Helpdesk.
VI.e. Installation of Software
The required software should only be installed by assigned staff (4).
VI.f. Virus protection
It is the End User's responsibility to keep the antivirus software
updated. is e-mailing the update information, and the updating has then to be carried out right after receipt of the Update E-Mail. It is recommended that, once a week, the end user updates the virus protection by selecting Start -> Programs -> Norton Antivirus and then activating "Live Update."
This sample policy is continued in Part Three.
|
|
Rate this Tip
|
To rate tips, you must be a member of SearchSecurity.com.
Register now
to start rating these tips. Log in if you are already a member.
|
DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.
|
|
|
|
|
|
|
