Here is the second part of a sample security policy for end users, submitted by searchSecurity member Nap van Zuuren. Give it a read and tell us what you think by rating it at the bottom of the page. And, don't miss the rest of the policy; follow the link below.
This section defines the boundaries for the "acceptable use" of the company's electronic resources, including software, hardware devices and network systems. Hardware devices, software programs and network systems purchased and provided by the company are to be used only for creating, researching and processing company-related materials. By using the company's hardware, software and network systems you assume personal responsibility for their appropriate use and agree to comply with this policy and other applicable company policies, as well as applicable laws and regulations. VI.a. Software
All software acquired for or on behalf of the company or developed by company employees or contract personnel on behalf of the company is and shall be deemed company property. All such software must be used in compliance with applicable licenses, notices, contracts and agreements. VI.b. Purchasing
All purchasing of company software shall be centralized with
Each employee is individually responsible for reading, understanding, and following all applicable licenses, notices, contracts and agreements for software that he or she uses or seeks to use on company computers. Unless otherwise provided in the applicable license, notice, contract, or agreement, any duplication of copyrighted software, except for backup and archival purposes, might be a violation of national law and regulations. In addition to violating such laws, unauthorized duplication of software is a violation of the company's Software/Hardware Policy. VI.d. Software standards
The following list shows the standard suite of software installed on company computers (excluding test computers) that is fully supported by the Network Administrator:
- Microsoft Windows 2000
- Microsoft Outlook 2000
- Microsoft Office 2000 (Word, Excel, Powerpoint, Access, Image Composer 1.5, Photo Editor 3.01, Publisher)
- Microsoft Internet Explorer
- Adobe Acrobat Reader
- Norton Antivirus Corporate edition
* On request: Microsoft Project 2000 and/or Visio 2000
* Laptops only: Dial-up ISP and company VPN access
Employees needing software other than those programs listed above must request such software from
The required software should only be installed by assigned
It is the End User's responsibility to keep the antivirus software updated.
This sample policy is continued in Part Three.
Dig Deeper on Information Security Policies, Procedures and Guidelines