1. Policy Statement
This policy is designed to let XXX’s employees achieve their business objectives. Any aberrations from this strategy will require the IT department to redeploy software and/or hardware solutions. Full cooperation with this policy is appreciated so that all goals can be met in accordance with the business objectives.
The purpose of this policy is to address all issues relevant to software installation and deployment on XXX’s computer systems.IT objective is to enable its employees to perform their tasks with technology that is in good operating condition while appropriately addressing the business needs.
This policy applies to all Employees, Contractors, and Third Party Employees, who use, process, and manage information and business processes of XXX.
The documentation shall consist of the software installation Policy, and related procedures & guidelines. The Compliance Policy document and all other referenced documents shall be controlled. Version control shall be to preserve the latest release and the previous version of any document. However, the previous version of the documents shall be retained only for a period of two years for legal and knowledge preservation purposes.
Records being generated as part of this Policy shall be retained for a period of two years. Records shall be in hard copy or electronic media. The records shall be owned by the respective system administrators and shall be audited once a year.
3.4 Distribution and Maintenance
This Policy document shall be made available to all the employees covered in the scope. All the changes and new releases of this document shall be made available to the persons concerned. The maintenance responsibility of the document shall be with the CISO and system administrators.
This Policy document shall be considered as “confidential” and shall be made available to the concerned persons with proper access control. Subsequent changes and versions of this document shall be controlled.
This Policy shall be implemented by the CISO and designated personnel (if any). This policy has full support from the executive steering committee and human resources. This policy is a living document and may be modified at any time by the IT manager, human resources, or the executive steering committee.
6.1 Installation and support of software
The IT department is exclusively responsible for installing and supporting all software on company computers. This responsibility set includes:
- Office desktop computers.
- Company laptop computers.
The IT department relies on installation and support to provide software and hardware in good operating conditions to employees so that they can best accomplish their tasks.
6.2 Current Software
The current software can exist in any one of the following scenarios:
- An IT-created “image” or OEM installation on the hardware
- An IT department installation procedure that provides for the following:
- Installation options
- Upgrade considerations (if applicable)
- Data conversion (if applicable)
- A shortcut to a network application (not truly an installation)
- An automated installation through an IT-developed solution that may be used in a rapid-deployment scenario or silent-install situation
- A terminal application, Server application, or other thin-client types of application accessible via the KDCC, intranet page
The software cannot be present on XXX’s computers in the following scenarios:
- An installation not by a procedure
- A piece of software purchased for one’s home computer
- A downloaded title from the Internet
- A pirated copy of any title
- A different title from the current software list of this policy
- Any means not covered by the ways that software can exist on KDCC, computers
6.3 Software licensing
Most of the software titles on the current software list are not freeware; therefore, the cost of software is a consideration for most titles and their deployment. It is the goal of the IT department to keep licensing accurate and up to date. To address this, the IT department is responsible for purchasing software licenses for the following software categories:
- Desktop operating system software
- Productivity tools package
- Internet software
The other software categories (workgroup-specific titles) are the purchasing responsibility of the workgroup in which they serve. However, the application(s) are still installed and supported by the IT department. To control costs, licensing costs are a factor in the decision-making processes that go into client software planning and request approval.
6.4 Unauthorized software
Do not download, install or use unauthorized software programs. Unauthorized software could introduce serious security vulnerabilities into the networks as well as affecting the working of your laptop. Software packages that permit the computer to be ‘remote-controlled’ (e.g. PC anywhere) and ‘hacking tools’ (e.g. network sniffers and password crackers) are explicitly forbidden on equipment unless they have been explicitly pre-authorized by management for legitimate business purposes.
6.5 Unlicensed software
Be careful about software licenses. Most software, unless it is specifically identified as “freeware” or “public domain software”, may only be installed and/or used if the appropriate license fee has been paid. Shareware or trial packages must be deleted or licensed by the end of the permitted free trial period. Some software is limited to free use by private individuals whereas commercial use requires a license payment. Individuals and companies are being prosecuted for infringing software copyright: do not risk bringing yourself and XXX into disrepute by breaking the law.
6.6 Software requests
If a user is to request software for their computer, the proper method will be to send a request to the IT manager. A response is guaranteed within one business day via e-mail. If the Urgent option is selected or an in-person appearance occurs, a solution may be delivered at the first possible time. All in-person or “walk-in” requests are logged by manual entry into the support request system to track licensing needs and costs.
6.7 Laws, regulations and policies
You must comply with relevant laws, regulations, and policies applying to the use of computers and information. Software licensing has already been mentioned and privacy laws are another example. Various corporate security policies apply to laptops, the data they contain, and network access (including use of the Internet).
Any employee found to have violated this policy may be subjected to disciplinary action in line with the HR Policy.
If you need assistance or have any doubt and need to ask any questions contact me at firstname.lastname@example.org. You can also contribute to this discussion and I shall be happy to publish them. Your comments and suggestion are also welcome.