Scribd
Upload
136 views2 pages

Software Installation Policy

This document outlines a software installation policy for a company. It states that employees may not install software on company devices without approval. Requests must be approved by a manager and IT department, who will obtain licenses, test for compatibility, and perform the installation. Compliance is measured by audits and feedback, with non-compliance subject to discipline up to termination.

Uploaded by

Kai
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
136 views2 pages

Software Installation Policy

This document outlines a software installation policy for a company. It states that employees may not install software on company devices without approval. Requests must be approved by a manager and IT department, who will obtain licenses, test for compatibility, and perform the installation. Compliance is measured by audits and feedback, with non-compliance subject to discipline up to termination.

Uploaded by

Kai
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd

Software Installation Policy

Last Update Status: October 2022

Free Use Disclaimer: This policy was created by or for the SANS Institute for the Internet community. All or parts of this policy can be freely used for
your organization. There is no prior approval required. If you would like to contribute a new policy or updated version of this policy, please send email to
[email protected].

1. Overview
Allowing employees to install software on company computing devices opens the
organization up to unnecessary exposure. Conflicting file versions or DLLs which can
prevent programs from running, the introduction of malware from infected installation
software, unlicensed software which could be discovered during audit, and programs which
can be used to hack the organization’s network are examples of the problems that can be
introduced when employees install software on company equipment.

2. Purpose
The purpose of this policy is to outline the requirements around installation software on
<Company Owned> computing devices. To minimize the risk of loss of program
functionality, the exposure of sensitive information contained within <Company Name’s>
computing network, the risk of introducing malware, and the legal exposure of running
unlicensed software

3. Scope
This policy applies to all <Company Name> employees, contractors, vendors and agents
with a <Company Name>-owned mobile devices. This policy covers all computers, servers,
smartphones, tablets and other computing devices operating within <Company Name>.

4. Policy

4.1. Employees may not install software on <Company Name’s> computing devices
operated within the <Company Name> network.
4.2. Software requests must first be approved by the requester’s manager and then
be made to the Information Technology department or Help Desk in writing or
via email.
4.3. Software must be selected from an approved software list, maintained by the
Information Technology department, unless no selection on the list meets the
requester’s need.
4.4. The Information Technology Department will obtain and track the licenses, test
new software for conflict and compatibility, and perform the installation.

CONSENSUS POLICY RESOURCE COMMUNITY


© 2022 SANS™ Institute
5. Policy Compliance

5.1 Compliance Measurement


The Infosec team will verify compliance to this policy through various methods,
including but not limited to, business tool reports, internal and external audits, and
feedback to the policy owner.
5.2 Exceptions
Any exception to the policy must be approved by the Infosec team in advance.
5.3 Non-Compliance
An employee found to have violated this policy may be subject to disciplinary action, up
to and including termination of employment.

6. Related Standards, Policies and Processes


None.

7. Definitions and Terms


None.

8. Revision History

Date of Change Responsible Summary of Change

June 2014 SANS Policy Team Updated and converted to new format.

October 2022 SANS Policy Team Converted to new format.

CONSENSUS POLICY RESOURCE COMMUNITY


© 2022 SANS™ Institute

You might also like