Problem solve Get help with specific problems with your technologies, process and projects.

Sample security policy for end users, part two

Here is the second part of a sample security policy for end users, which can be customized to fit your needs.

Here is the second part of a sample security policy for end users, submitted by searchSecurity member Nap van Zuuren. Give it a read and tell us what you think by rating it at the bottom of the page. And, don't miss the rest of the policy; follow the link below.

Software/Hardware Policy for End Users within

V. Acceptable use
This section defines the boundaries for the "acceptable use" of the company's electronic resources, including software, hardware devices and network systems. Hardware devices, software programs and network systems purchased and provided by the company are to be used only for creating, researching and processing company-related materials. By using the company's hardware, software and network systems you assume personal responsibility for their appropriate use and agree to comply with this policy and other applicable company policies, as well as applicable laws and regulations.

VI.a. Software
All software acquired for or on behalf of the company or developed by company employees or contract personnel on behalf of the company is and shall be deemed company property. All such software must be used in compliance with applicable licenses, notices, contracts and agreements.

VI.b. Purchasing
All purchasing of company software shall be centralized with 's assigned staff, to ensure that all applications conform to corporate software standards and are purchased at the best possible price and support. All requests for standard and additional software must be submitted to 's assigned staff (3), who will then determine the standard software that best accommodates the desired request.

VI.c. Licensing
Each employee is individually responsible for reading, understanding, and following all applicable licenses, notices, contracts and agreements for software that he or she uses or seeks to use on company computers. Unless otherwise provided in the applicable license, notice, contract, or agreement, any duplication of copyrighted software, except for backup and archival purposes, might be a violation of national law and regulations. In addition to violating such laws, unauthorized duplication of software is a violation of the company's Software/Hardware Policy.

VI.d. Software standards
The following list shows the standard suite of software installed on company computers (excluding test computers) that is fully supported by the Network Administrator:
- Microsoft Windows 2000
- Microsoft Outlook 2000
- Microsoft Office 2000 (Word, Excel, Powerpoint, Access, Image Composer 1.5, Photo Editor 3.01, Publisher)
- Microsoft Internet Explorer
- Adobe Acrobat Reader
- Norton Antivirus Corporate edition
- WinZip
* On request: Microsoft Project 2000 and/or Visio 2000
* Laptops only: Dial-up ISP and company VPN access
Employees needing software other than those programs listed above must request such software from 's assigned staff (3). Each request will be considered on a case-by-case basis in conjunction with the software-purchasing section of this policy. For installation of private owned - and private licensed - software on provided hardware, the explicit authorization to install this software has to be obtained from Network Administrator or 's Corporate Helpdesk.

VI.e. Installation of Software
The required software should only be installed by assigned staff (4).

VI.f. Virus protection
It is the End User's responsibility to keep the antivirus software updated. is e-mailing the update information, and the updating has then to be carried out right after receipt of the Update E-Mail. It is recommended that, once a week, the end user updates the virus protection by selecting Start -> Programs -> Norton Antivirus and then activating "Live Update."

This sample policy is continued in Part Three.

This was last published in December 2001

Dig Deeper on Information security policies, procedures and guidelines

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.