Example of Software installation policy

Uncategorized 4 Minutes

1. Policy Statement

This policy is designed to let XXX’s employees achieve their business objectives. Any aberrations from this strategy will require the IT department to redeploy software and/or hardware solutions. Full cooperation with this policy is appreciated so that all goals can be met in accordance with the business objectives.

2. Purpose

The purpose of this policy is to address all issues relevant to software installation and deployment on XXX’s computer systems. IT objective is to enable its employees to perform their tasks with technology that is in good operating condition while appropriately addressing the business needs.

3. Scope

3.1 Employees

This policy applies to all  Employees, Contractors, and Third Party Employees, who use, process, and manage information and business processes of XXX.

3.2 Documentation

The documentation shall consist of the software installation Policy, and related procedures & guidelines. The Compliance Policy document and all other referenced documents shall be controlled. Version control shall be to preserve the latest release and the previous version of any document. However, the previous version of the documents shall be retained only for a period of two years for legal and knowledge preservation purposes.

3.3 Records

Records being generated as part of this Policy shall be retained for a period of two years. Records shall be in hard copy or electronic media. The records shall be owned by the respective system administrators and shall be audited once a year.

3.4 Distribution and Maintenance

This Policy document shall be made available to all the employees covered in the scope. All the changes and new releases of this document shall be made available to the persons concerned. The maintenance responsibility of the document shall be with the CISO and system administrators.

4. Privacy

This Policy document shall be considered as “confidential” and shall be made available to the concerned persons with proper access control. Subsequent changes and versions of this document shall be controlled.

5. Responsibility

This Policy shall be implemented by the CISO  and designated personnel (if any). This policy has full support from the executive steering committee and human resources. This policy is a living document and may be modified at any time by the IT manager, human resources, or the executive steering committee.

6 Policy

6.1 Installation and support of  software

The IT department is exclusively responsible for installing and supporting all software on company computers. This responsibility set includes:

  • Office desktop computers.
  • Company laptop computers.

The IT department relies on installation and support to provide software and hardware in good operating conditions to employees so that they can best accomplish their tasks.

6.2 Current Software

The current software can exist in any one of the following scenarios:

  • An IT-created “image” or OEM installation on the hardware
  • An IT department installation procedure that provides for the following:
    • Installation options
    • Upgrade considerations (if applicable)
    • Data conversion (if applicable)
  • A shortcut to a network application (not truly an installation)
  • An automated installation through an IT-developed solution that may be used in a rapid-deployment scenario or silent-install situation
  • A terminal application, Server application, or other thin-client types of application accessible via the KDCC, intranet page

The software cannot be present on  XXX’s computers in the following scenarios:

  • An installation not by a procedure
  • A piece of software purchased for one’s home computer
  • A downloaded title from the Internet
  • A pirated copy of any title
  • A different title from the current software list of this policy
  • Any means not covered by the ways that software can exist on KDCC, computers

6.3 Software licensing

Most of the software titles on the current software list are not freeware; therefore, the cost of software is a consideration for most titles and their deployment. It is the goal of the IT department to keep licensing accurate and up to date. To address this, the IT department is responsible for purchasing software licenses for the following software categories:

  • Desktop operating system software
  • Productivity tools package
  • Internet software
  • Accessories

The other software categories (workgroup-specific titles) are the purchasing responsibility of the workgroup in which they serve. However, the application(s) are still installed and supported by the IT department. To control costs, licensing costs are a factor in the decision-making processes that go into client software planning and request approval.

6.4 Unauthorized software

Do not download, install or use unauthorized software programs. Unauthorized software could introduce serious security vulnerabilities into the networks as well as affecting the working of your laptop. Software packages that permit the computer to be ‘remote-controlled’ (e.g. PC anywhere) and ‘hacking tools’ (e.g. network sniffers and password crackers) are explicitly forbidden on equipment unless they have been explicitly pre-authorized by management for legitimate business purposes.

6.5 Unlicensed software

Be careful about software licenses. Most software, unless it is specifically identified as “freeware” or “public domain software”, may only be installed and/or used if the appropriate license fee has been paid. Shareware or trial packages must be deleted or licensed by the end of the permitted free trial period. Some software is limited to free use by private individuals whereas commercial use requires a license payment. Individuals and companies are being prosecuted for infringing software copyright: do not risk bringing yourself and XXX into disrepute by breaking the law.

6.6 Software requests

If a user is to request software for their computer, the proper method will be to send a request to the IT manager. A response is guaranteed within one business day via e-mail. If the Urgent option is selected or an in-person appearance occurs, a solution may be delivered at the first possible time. All in-person or “walk-in” requests are logged by manual entry into the support request system to track licensing needs and costs.

6.7 Laws, regulations and policies

You must comply with relevant laws, regulations, and policies applying to the use of computers and information. Software licensing has already been mentioned and privacy laws are another example. Various corporate security policies apply to laptops, the data they contain, and network access (including use of the Internet).

7 Enforcement

Any employee found to have violated this policy may be subjected to disciplinary action in line with the HR Policy.

Back to Home

If you need assistance or have any doubt and need to ask any questions contact me at preteshbiswas@gmail.com. You can also contribute to this discussion and I shall be happy to publish them. Your comments and suggestion are also welcome.

Published by Pretesh Biswas

Pretesh Biswas has wealth of qualifications and experience in providing results-oriented solutions for your system development, training or auditing needs. He has helped dozens of organizations in implementing effective management systems to a number of standards. He provide a unique blend of specialized knowledge, experience, tools and interactive skills to help you develop systems that not only get certified, but also contribute to the bottom line. He has taught literally hundreds of students over the past 5 years. He has experience in training at hundreds of organizations in several industry sectors. His training is unique in that which can be customized as to your management system and activities and deliver them at your facility. This greatly accelerates the learning curve and application of the knowledge acquired. He is now ex-Certification body lead auditor now working as consultancy auditor. He has performed hundreds of audits in several industry sectors. As consultancy auditor, he not just report findings, but provide value-added service in recommending appropriate solutions. Experience Consultancy: He has helped over 100 clients in a wide variety of industries achieve ISO 9001,14001,27001,20000, OHSAS 18001 and TS 16949 certification. Industries include automotive, metal stamping and screw machine, fabrication, machining, assembly, Forging electrostatic and chrome plating, heat-treating, coatings, glass, plastic and rubber products, electrical and electronic equipment, assemblies & components, batteries, computer hardware and software, printing, placement and Security help, warehousing and distribution, repair facilities, consumer credit counseling agencies, banks, call centers, etc. Training: He has delivered public and on-site quality management training to over 1000 students. Courses include ISO/TS -RAB approved Lead Auditor, Internal Auditing, Implementation, Documentation, as well as customized ISO/TS courses, PPAP, FMEA, APQP and Control Plans. Auditing: He has conducted over 100 third party registration and surveillance audits and dozens of gap, internal and pre-assessment audits to ISO/QS/TS Standards, in the manufacturing and service sectors. Other services: He has provided business planning, restructuring, asset management, systems and process streamlining services to a variety of manufacturing and service clients such as printing, plastics, automotive, transportation and custom brokerage, warehousing and distribution, electrical and electronics, trading, equipment leasing, etc. Education & professional certification: Pretesh Biswas has held IRCA certified Lead Auditor for ISO 9001,14001 and 27001. He holds a Bachelor of Engineering degree in Mechanical Engineering and is a MBA in Systems and Marketing. Prior to becoming a business consultant 6 years ago, he has worked in several portfolios such as Marketing, operations, production, Quality and customer care. He is also certified in Six Sigma Black belt .

Published

Leave a Reply