The purpose of this policy is to address all concerns related to software installation and deployment in a Company.

The purpose of this policy is to address all concerns related to software installation and deployment in a Company in order to ensure that new software packages can be adequately evaluated for their impact on the network, systems and on other packages installed in Company Technologies.

The policy also addresses adherence with procedures to ensure compliance with legislative, regulatory, and contractual requirements on the use of material in respect of which there may be intellectual property rights and on the use of proprietary software products

This policy is effective for all Company employees and computer systems. Following are the policy statements that should be considered before any Software Installation:

  1. Installation rights should be restricted and tightly controlled.
  2. All requests for software installation and upgrade must be submitted to “Network Control” department through http://support.Companypk.com/main/ and “Network Control” will maintain proof or evidence of ownership of licenses.
  3. No member of “Network Control” department shall install or distribute software for which Company lacks the appropriate license and it “Network Control” department will ensure through carrying out checks that in any product maximum number of users permitted is not exceeded
  4. NOS department shall destroy all copies of software that is obsolete or for which Company lacks the appropriate license. Alternatively, “Network Control” department may obtain the license(s) necessary to maintain unauthorized software on Company computers.
  5. No employee will install any new software at their own on computer system before getting prior approval from “Network Control”.
  6. Freeware/Shareware can be installed on a Company computer but after getting it evaluated by the “Network Control” department.
  7. Open Source software must also be evaluated before installation on a Company computer if it is not from a reliable source such as sourceforge.net.
  8. To find out a complete listing of approved software, please see the Approved Software List. If a user wants to have/install any software other than those listed in the list mentioned above, he/she should get authorization for it from his PM or Department Head.

 

Reference Documents:

 

  • Approved Software List

ISO 27001 Control References

  • A.10.4.1            Controls against malicious code
  • A.15.1.2            Intellectual property rights (IPR)