Software Policy. Software Policy. Policy and Guidance. June 2013



Similar documents
Policy Document. Communications and Operation Management Policy

Policy Document. IT Infrastructure Security Policy

REMOTE WORKING POLICY

IMPLEMENTATION DETAILS

CITY OF WAUKESHA HUMAN RESOURCES POLICY/PROCEDURE POLICY B-20 SOFTWARE USAGE AND STANDARDIZATION

SOFTWARE ASSET MANAGEMENT GUIDELINES

Information & ICT Security Policy Framework

Information Management and Security Policy

Information Security Incident Management Policy and Procedure

IT ACCESS CONTROL POLICY

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

ICT SECURITY POLICY. Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation

SOFTWARE ASSET MANAGEMENT POLICY

How To Protect Decd Information From Harm

information systems security policy...

YMDDIRIEDOLAETH GIG CEREDIGION A CHANOLBARTH CYMRU CEREDIGION AND MID WALES NHS TRUST PC SECURITY POLICY

Newcastle University Information Security Procedures Version 3

Security Incident Management Policy

Medford Public Schools Medford, Massachusetts. Software Policy Approved by School Committee

Information Security

TONBRIDGE & MALLING BOROUGH COUNCIL INTERNET & POLICY AND CODE

Monitoring and Logging Policy. Document Status. Security Classification. Level 1 - PUBLIC. Version 1.0. Approval. Review By June 2012

NHSnet SyOP 9.2 NHSnet Portable Security Policy V1. NHSnet : PORTABLE COMPUTER SECURITY POLICY. 9.2 Introduction

ICT POLICY AND PROCEDURE

Recommendations. That the Cabinet approve the withdrawal of the existing policy and its replacement with the revised document.

Information Security Incident Management Policy

Information Security Incident Management Policy and Procedure. CONTROL SHEET FOR Information Security Incident Management Policy

Internet, Social Networking and Telephone Policy

INFORMATION TECHNOLOGY SECURITY STANDARDS

2.2 If employees or Board Members wish to use mobile telephones or data devices provided by the Group for personal use they may opt to either:

MUSIC, VIDEO AND SOFTWARE PIRACY POLICY

ITU Computer Network, Internet Access & policy ( Network Access Policy )

Corporate Information Security Management Policy

Version: 2.0. Effective From: 28/11/2014

University of Sunderland Business Assurance Information Security Policy

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY

SOUTHERN SLOPES COUNTY COUNCIL COMPUTER & INFORMATION TECHNOLOGY USE POLICY

Information Systems Acceptable Use Policy for Learners

Tameside Metropolitan Borough Council ICT Security Policy for Schools. Adopted by:

University of Aberdeen Information Security Policy

Information Technology Services

Software compliance policy

ICT Security Policy for Schools

INFORMATION GOVERNANCE POLICY: PROTECTION AGAINST MALICIOUS SOFTWARE

Operational Risk Publication Date: May Operational Risk... 3

Blacklisting Procedure

Internet Acceptable Use Policy A council-wide information management policy. Version 1.5 June 2014

4.0 ISSUANCE OF REGULATIONS/STANDARD OPERATING PROCEDURES

Treasurer s Guidelines for the Use of the Queensland Government Corporate Purchasing Card

RHONDDA CYNON TAF COUNTY BOROUGH COUNCIL INFORMATION SECURITY INCIDENT MANAGEMENT POLICY Version 2.0.1

Security Incident Policy

Somerset County Council - Data Protection Policy - Final

University of South Wales Software Policies

ICT Acceptable Use Policy. August 2015

Acceptable Use Policy

Third Party Security Requirements Policy

Draft Information Technology Policy

Terms & Conditions. In this section you can find: - Website usage terms and conditions 1, 2, 3. - Website disclaimer

IAAS Product Terms PRODUCT TERMS

Harper Adams University College. Information Security Policy

HP Laptop & Apple ipads

Corporate Information Security Policy

UTC Cambridge ICT Policy

CCG LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY

University of Hartford. Software Management and Compliance Guidelines

APPROPRIATE USE OF INFORMATION POLICY 3511 TECHNOLOGY RESOURCES ADOPTED: 06/17/08 PAGE 1 of 5

Information Security Code of Conduct

Service Children s Education

Anchor Bay Schools Software Policy

USE OF INFORMATION TECHNOLOGY FACILITIES

A guide to the ethical and legal use of software for staff and students

Network Resource Management Directive

Information & Communications Technology Usage Policy Olive AP Academy - Thurrock

INFORMATION GOVERNANCE POLICY: NETWORK SECURITY

COVER SHEET OF POLICY DOCUMENT Code Number Policy Document Name

Online Communication Services - TAFE NSW Code of Expected User Behaviour

Information security controls. Briefing for clients on Experian information security controls

LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY

ISO27001 Controls and Objectives

The term Broadway Pet Stores refers we to the owner of the website whose registered office is 6-8 Muswell Hill Broadway, London, N10 3RT.

Central Bedfordshire Council. IT Acceptable Use Policy. Version 1.7 January 2016 Not Protected. Not Protected Page 1 of 11

STFC Monitoring and Interception policy for Information & Communications Technology Systems and Services

Information Security Policies. Version 6.1

Caedmon College Whitby

2.2 Access to ICT resources at the Belfast Metropolitan College is a privilege, not a right, and all users must act honestly and responsibly.

51 JS-R STUDENT USE OF INFORMATION TECHNOLOGY RESOURCES

U09 Remote Access Policy

E Safety Policy. 6 th March Annually. 26 th February 2014

TECHNOLOGY ACCEPTABLE USE POLICY

THE RICE MARKETING BOARD FOR THE STATE OF NEW SOUTH WALES RESPONSIBLE COMPUTING POLICY

STRATEGIC POLICY REQUIRED HARDWARE, SOFTWARE AND CONFIGURATION STANDARDS

GENERAL CONDITIONS OF USE OF COMPUTING AND NETWORK FACILITIES

IT SECURITY POLICY (ISMS 01)

SLA, Terms & Conditions Website

NETWORK SECURITY POLICY

Electronic Communications Guidance for School Staff 2013/2014

GENERAL REGULATIONS Appendix 10 : Guide to Legislation Relevant to Computer Use. Approval for this regulation given by :

ICT OPERATING SYSTEM SECURITY CONTROLS POLICY

Internet Access and Use

Transcription:

Software Policy Policy and Guidance June 2013 Project Name Software Policy Product Title Policy and Guidance Version Number 1.2Final Page 1 of 8

Document Control Organisation Title Author Filename Owner Subject Mendip District Council Software Policy Jennifer Russell ICT Manager Software Policy.Doc ICT Manager IT Policy Protective Marking Internal Public Review date June 2014 Revision History Revision Date Revisor Previous Version Description of Revision V1.0 Steve Mawn 1 Creation V1.1 Jennifer Russell V1.2 Jennifer Russell Document Approvals This document requires the following approvals: 1.0 Review 1.1 Review Sponsor Approval Name Date Chief Executive Corporate Manager Access to Services ICT Manager Stuart Brown Chris Atkinson Jennifer Russell Document Distribution This document will be distributed to: Name Job Title Email Address All Staff Page 2 of 8

Contents 1 Policy Statement 4 2 Purpose 4 3 Scope 4 4 Definition 4 5 Risks 4 6 Applying the Policy 5 6.1 Software Acquisition 5 6.2 Software Registration 5 6.3 Software Installation 6 6.4 Software Development 6 6.5 Personal Computer Equipment 6 6.6 Software Misuse 6 7 Policy Compliance 7 8 Policy Governance 7 9 Review and Revision 7 10 References 8 11 Key Messages 8 Page 3 of 8

1 Policy Statement Mendip District Council will ensure the acceptable use of software by all users of the Council s computer equipment or Information Systems. 2 Purpose The purpose of this document is to state the software policy of Mendip District Council. All existing Council policies apply to your conduct with regard to software, especially (but not limited to) the following: 3 Scope Email Acceptable Use Policy. Internet Acceptable Usage Policy. IT Access Policy. Remote Working Policy. This document applies to all Members, Committees, Services, Partners, Employees of the Council, contractual third parties and agents of the Council who have access to Information Systems or information used for Mendip District Council purposes. 4 Definition This policy should be applied at all times that the Council s computer equipment or Information Systems are used. 5 Risks Mendip District Council recognises that there are risks associated with users accessing and handling information in order to conduct official Council business. This policy aims to mitigate the following risks: Viruses, malware etc. Increased risk of data loss and corresponding fines Inappropriate access to and unacceptable use of the Council s network, software, facilities and documents Inadequate destruction of data The non-reporting of information security incidents Inconsistency in how users deal with secure documents The impact of insufficient training for users The sharing of passwords Incorrect or inappropriate classification of documents Risk of reputation damage and further loss in public confidence Operational difficulties providing services such as Housing and Council Tax benefit. Page 4 of 8

Non-compliance with this policy could have a significant effect on the efficient operation of the Council and may result in financial loss and an inability to provide necessary services to our customers. 6 Applying the Policy 6.1 Software Acquisition All software acquired by Mendip District Council must be purchased through or with the agreement of the Strategic ICT Manager. Software may not be purchased through user corporate credit cards, petty cash, travel or entertainment budgets. Software acquisition channels are restricted to ensure that Mendip District Council has a complete record of all software that has been purchased for Mendip District Council computers and can register, support, and upgrade such software accordingly. This includes software that may be downloaded and/or purchased from the Internet. Under no circumstances should personal or unsolicited software (this includes screen savers, games and wallpapers etc.) be loaded onto a Council machine as there is a serious risk of introducing a virus. 6.2 Software Registration The Council uses software in all aspects of its business to support the work carried out by its employees. In all instances every piece of software is required to have a licence and the Council will not condone the use of any software that does not have a licence. Software must be registered in the name of Mendip District Council. Due to personnel turnover, software will never be registered in the name of the individual user. The Council s outsourced IT provider maintains a register of all Mendip District Council software and will keep a library of software licenses. The register must contain: a) The title and publisher of the software. b) The date and source of the software acquisition. c) The location of each installation as well as the serial number of the hardware on which each copy of the software is installed. d) The existence and location of back-up copies. e) The software product's serial number. f) Details and duration of support arrangements for software upgrades. Software on Local Area Networks or multiple machines shall only be used in accordance with the licence agreement. Mendip District Council holds licences for the use of a variety of software products on all Council Information Systems and computer equipment. This software is owned by the software company and the copying of such software is an offence under the Copyright, Designs and Patents Act 1988, unless authorised by the software manufacturer. It is the responsibility of users to ensure that all the software on their computer equipment is licensed. Page 5 of 8

6.3 Software Installation Software must only be installed by our Capita IT once the registration requirements have been met. Once installed, the original media will be kept in a safe storage area maintained by Capita IT. Software may not be used unless approved by the Strategic ICT Manager or their nominated representative. Shareware, Freeware and Public Domain Software are bound by the same policies and procedures as all other software. No user may install any free or evaluation software onto the Council s systems without prior written approval from the Strategic ICT Manager. 6.4 Software Development All software, systems and data development for the Council is to be used only for the purposes of the Council. Software must not be changed or altered by any user unless there is a clear business need. All changes to software should be authorised before the change is implemented. A full procedure should be in place and should include, but not be limited to, the following steps: 1. Change requests affecting a software asset should be approved by the software asset s owner. 2. All change requests should consider whether the change is likely to affect existing security arrangements and these should then be approved. 3. A record should be maintained of agreed authorisation levels. 4. A record should also be maintained of all changes made to software. 5. Changes to software that have to be made before the authorisation can be granted should be controlled. 6.5 Personal Computer Equipment Mendip District Council computers are Council-owned assets and must be kept both software legal and virus free. Only software acquired through the procedures outlined above may be used on Mendip District Council machines. Users are not permitted to bring software from home (or any other external source) and load it onto Mendip District Council computers. Generally, Council-owned software cannot be taken home and loaded on a user's home computer if it also resides on a Mendip District Council computer. 6.6 Software Misuse The Council s outsourced IT provider will ensure that Personal Firewalls are installed where appropriate. Users must not attempt to disable or reconfigure the Personal Firewall software. It is the responsibility of all Council staff to report any known software misuse to the ICT Strategy Manager. Members should inform the Group manager Governance and resources of such instances. Page 6 of 8

According to the Copyright, Designs and Patents Act 1988, illegal reproduction of software is subject to civil damages and criminal penalties. Any Mendip District Council user who makes, acquires, or uses unauthorised copies of software will be disciplined as appropriate under the circumstances. Mendip District Council does not condone the illegal duplication of software and will not tolerate it. 7 Policy Compliance If any user is found to have breached this policy, they may be subject to Mendip District Council s disciplinary procedure. If a criminal offence is considered to have been committed further action may be taken to assist in the prosecution of the offender(s). If you do not understand the implications of this policy or how it may apply to you, seek advice from Strategic ICT. 8 Policy Governance The following table identifies who within Mendip District Council is Accountable, Responsible, Informed or Consulted with regards to this policy. The following definitions apply: Responsible the person(s) responsible for developing and implementing the policy. Accountable the person who has ultimate accountability and authority for the policy. Consulted the person(s) or groups to be consulted prior to final policy implementation or amendment. Informed the person(s) or groups to be informed after policy implementation or amendment. Responsible ICT Manager Accountable Corporate Manager Consulted Informed Corporate Management Team, Human Resources and UNISON All Council Employees, All Temporary Staff, All Contractors 9 Review and Revision This policy will be reviewed as it is deemed appropriate, but no less frequently than every 12 months. Policy review will be undertaken by The ICT Strategy Manger. Page 7 of 8

10 References The following Mendip District Council policy documents are directly relevant to this policy, and are referenced within this document: Email Acceptable Use Policy. Internet Acceptable Usage Policy. IT Access Policy. Remote Working Policy. The following Mendip District Council policy documents are indirectly relevant to this policy: GCSx Acceptable Usage Policy and Personal Commitment Statement. Computer, Telephone and Desk Use Policy. Legal Responsibilities Policy. Removable Media Policy. Information Protection Policy. Human Resources Information Security Standards. Information Security Incident Management Policy. IT Infrastructure Policy. Communications and Operation Management Policy. 11 Key Messages All software acquired must be purchased through the Council s outsourced IT provider. Under no circumstances should personal or unsolicited software be loaded onto a Council machine. Every piece of software is required to have a licence and the Council will not condone the use of any software that does not have a licence. Unauthorised changes to software must not be made. Users are not permitted to bring software from home (or any other external source) and load it onto Council computers. Users must not attempt to disable or reconfigure the Personal Firewall software. Illegal reproduction of software is subject to civil damages and criminal penalties. Page 8 of 8

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information