SOFTWARE ASSET MANAGEMENT POLICY



Similar documents
The Newcastle upon Tyne Hospitals NHS Foundation Trust. Software Asset Management Policy

University of South Wales Software Policies

Software Policy. Software Policy. Policy and Guidance. June 2013

Date 23 November Version Information Security & Strategy Group. Authorising Body. Chris Drake Julia Harris. Contact

Information & ICT Security Policy Framework

SOFTWARE ASSET MANAGEMENT GUIDELINES

IMPLEMENTATION DETAILS

Version: 2.0. Effective From: 28/11/2014

SOFTWARE LICENSING POLICY

YMDDIRIEDOLAETH GIG CEREDIGION A CHANOLBARTH CYMRU CEREDIGION AND MID WALES NHS TRUST PC SECURITY POLICY

Tameside Metropolitan Borough Council ICT Security Policy for Schools. Adopted by:

CITY OF WAUKESHA HUMAN RESOURCES POLICY/PROCEDURE POLICY B-20 SOFTWARE USAGE AND STANDARDIZATION

Dublin City University

UTC Cambridge ICT Policy

EMMANUEL CE VA MIDDLE SCHOOL. IT Security Standards

College of Public Health Information Technology Policies and Procedures

COVER SHEET OF POLICY DOCUMENT Code Number Policy Document Name

Grasmere Primary School Asset Management Policy

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

ICT SECURITY POLICY. Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation

Physical Security Policy

Mike Casey Director of IT

ICT Policy. Executive Summary. Date of ratification Executive Team Committee 22nd October Document Author(s) Collette McQueen

University of Liverpool

Draft Information Technology Policy

INFORMATION SECURITY MANAGEMENT SYSTEM. Version 1c

Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH)

Appendix 1b. DIRECTORATE OF AUDIT, RISK AND ASSURANCE Internal Audit Service to the GLA. Review of Mobile Portable Devices Management

Mobile Device Policy

4.0 ISSUANCE OF REGULATIONS/STANDARD OPERATING PROCEDURES

Rotherham CCG Network Security Policy V2.0

Newcastle University Information Security Procedures Version 3

Policy Document. IT Infrastructure Security Policy

TECHNOLOGY ACCEPTABLE USE POLICY

University of Hartford. Software Management and Compliance Guidelines

Balancing and Settlement Code BSC PROCEDURE BSCP537. QUALIFICATION PROCESS FOR SVA PARTIES, SVA PARTY AGENTS AND CVA MOAs

Islington ICT Physical Security of Information Policy A council-wide information technology policy. Version 0.7 June 2014

Policy on the Security of Informational Assets

ADMINISTRATION COMPUTER NETWORK

INFORMATION GOVERNANCE POLICY: PROTECTION AGAINST MALICIOUS SOFTWARE

IT06 - Information Technology (IT) Hardware and Software Policy

Network Security Policy

Recommendations. That the Cabinet approve the withdrawal of the existing policy and its replacement with the revised document.

Merthyr Tydfil County Borough Council. Information Security Policy

Information Security Incident Management Policy and Procedure

CCG LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY

ECSA EuroCloud Star Audit Data Privacy Audit Guide

OFFICIAL. NCC Records Management and Disposal Policy

OHIO VALLEY EDUCATIONAL COOPERATIVE TECHNOLOGY ACCEPTABLE USE POLICY

Information Security

RHONDDA CYNON TAF COUNTY BOROUGH COUNCIL INFORMATION SECURITY INCIDENT MANAGEMENT POLICY Version 2.0.1

Information Security Policy

Information Security Code of Conduct

University of Sunderland Business Assurance Information Security Policy

STANDARD POLICY FOR TELEPHONE MANAGEMENT AND RECOVERY OF PRIVATE CALL COSTS

Information Security Policy. Information Security Policy. Working Together. May Borders College 19/10/12. Uncontrolled Copy

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs)

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY

Authorised Acceptable Use Policy Groby Community College Achieving Excellence Together

Privacy and Cloud Computing for Australian Government Agencies

University of Liverpool

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

Corporate ICT Asset Management

IT Data Security Policy

MCDONOUGH COUNTY, ILLINOIS MANAGEMENT LETTER. For the Year Ended November 30, 2014

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc.

Mobile Devices Policy

8.03 Health Insurance Portability and Accountability Act (HIPAA)

Acceptable Use Guidelines

Microsoft Windows Client Security Policy. Version 2.1 POL 033

Data Protection Policy

Information & Communications Technology Usage Policy Olive AP Academy - Thurrock

ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY

New Jersey City University Information Technology Equipment Policies & Procedures Page 1 of 5

2.0 Emended due to the change to academy status Review Date. ICT Network Security Policy Berwick Academy

2.2 Access to ICT resources at the Belfast Metropolitan College is a privilege, not a right, and all users must act honestly and responsibly.

Supplement to Gaming Machine Technical Standards Consultation

Network Security Policy

Policy Document. Communications and Operation Management Policy

University of Brighton School and Departmental Information Security Policy

Acceptable Use of Information Systems Policy

Information Security Policy

Working Together Aiming High!

SOAS Controlled Procedure CP-PP06 IT Asset Management Procedure

Information Resources Security Guidelines

How To Protect Decd Information From Harm

Internet Acceptable Use Policy A council-wide information management policy. Version 1.5 June 2014

Aberdeen City Council IT Asset Management

IBM Tivoli Asset Management for IT

West Highland College. Internal Audit 2014/15 Annual Report August 2015

How To Protect A Hampden County Hmis From Being Hacked

ACCEPTABLE IT AND COMPUTER USE POLICY GUIDE FOR STAFF

Version 1.0. Ratified By

Information Management Policy

HIPAA Security COMPLIANCE Checklist For Employers

Argyll and Bute Council

Information Management and Security Policy

Acceptable Use of Information Systems Standard. Guidance for all staff

Information Security Incident Management Policy

Data Security Policy

Transcription:

SOFTWARE ASSET MANAGEMENT POLICY

Metadata Author.Contributor Derrick Bates Coverage.spatial UK, Cumbria Creator ICT Client Team Organisational Development Date.issued 1 st May 2008 Description The document sets out the corporate policies and procedures for the management of corporate software assets. Format Txt Identifier Language Eng Publisher Cumbria County Council Rights.copyright Cumbria County Council Status Version 1.0 Final Subject.category Software Asset Management Subject.keywords Asset management; licence; compliance; piracy; fast; resources; retrieval; policy; strategy; security; users Title Cumbria County Council Software Asset Management Policy Distribution Issue Date Version Name Title Revision History Document Status Date Reason for review Author ID.version V 0.1 Draft 2007-09-14 Creation D Bates V 0.2 Draft 2007-09-21 Amended D Bates V 0.3 Draft 2007-11-13 Further amendments D Bates V 0.4 Draft 2008-03-14 Further amendments D Bates V 1.0 Live 2008-05-01 Final D Bates Approval Name Position Date Signature A Cook HIT & BI 01/05/08 These Policies replace all previous versions and amendments to Council software management policies. It applies to all Members, employees, temporary and contract workers of Cumbria County Council. Page 2 of 10

Table of Contents 1 INTRODUCTION...5 2 SOFTWARE ASSET MANAGEMENT POLICY STATEMENT...5 3 SOFTWARE ACQUISITION...5 4 SOFTWARE DELIVERY...5 5 SOFTWARE INSTALLATION...5 6 SOFTWARE MOVEMENTS...6 7 SOFTWARE RETIREMENT...6 8 SOFTWARE DISPOSAL...6 9 COMPLIANCE AND DOCUMENTATION...6 10 FONTS...6 11 EVALUATION (FREEWARE & SHAREWARE)...6 12 GAMES & SCREENSAVERS...6 13 INTERNET DOWNLOADS...7 14 EMAIL ATTACHMENTS...7 15 MOBILE/LAPTOP USERS...7 16 AUDITING...7 17 DISASTER RECOVERY...7 18 DISCIPLINARY PROCEDURES FOR BREACH...7 19 APPENDIX 1 PROCEDURES...8 Page 3 of 10

19.1 Acquisition, Delivery & Installation...8 19.2 Movements...8 19.3 Retirement & Disposal...8 19.4 Fonts...8 19.5 Evaluation (Freeware and Shareware)...8 19.6 Games & Screensavers...9 19.7 Internet Downloads...9 19.8 Email Attachments...9 19.9 Mobile/Laptop Users...9 19.10 Auditing...9 19.11 Disaster Recovery...10 19.12 Disciplinary Procedures for Breach...10 Page 4 of 10

1 Introduction The document supports the Council s compliance with current statutes and regulations as well as British and International Standards for Software Asset Management (SAM). It lays down the Council s policies and procedures in respect of management of its software assets. The means of signifying agreement with these policies and procedures is through the Council s Acceptable Use Policy. As at publication date and for the purposes of this document the ICT Strategic Partner is Agilisys. 2 Software Asset Management Policy Statement It is the policy of Cumbria County Council to respect all computer software copyrights and adhere to the Terms & Conditions of any licence to which Cumbria County Council is a party. Cumbria County Council will not condone the use of any software that does not have a licence and any employee found to be using, or in possession of unlicensed software may be the subject of disciplinary procedures. It is the responsibility of all Cumbria County Council employees, consultants, temporary or contract workers to read, fully understand and signify agreement to Cumbria County Council s Acceptable Use Policy. 3 Software Acquisition All computer software acquired by the Council must be purchased through the ICT Strategic Partner. No user may purchase software directly and the purchase of software by any other means such as credit cards, expense accounts or petty cash is expressly forbidden. Specialist software for use by the disabled must be accompanied by an assessment from Occupational Health. 4 Software Delivery All newly purchased software will be delivered to the ICT Strategic Partner so that licences can be checked and Asset Registers updated. No other staff may take delivery of computer software. 5 Software Installation Computer software can only be installed by the ICT Strategic Partner, under no circumstances is computer software be installed by any other Council staff. Page 5 of 10

6 Software Movements All staff or department moves must be controlled through the corporate Office Move procedure so that the appropriate software can be added or removed and asset registers updated. 7 Software Retirement The retirement of Software/Hardware used by the Council may only be carried out by the ICT Strategic Partner. 8 Software Disposal The Disposal of Software/Hardware used by the Council may only be carried out by the ICT Strategic Partner in compliance with the Waste Electrical and Electronic Equipment (WEEE) Directive. 9 Compliance and Documentation All licences, invoices and original media for all of the software in use in Council premises are to be held securely by the ICT Strategic Partner. All media must be signed in and out by an authorised person as defined by the Strategic ICT Partner. A periodic check will be carried out by the IT Security Officer to ensure the actual media matches with the inventory. 10 Fonts Font software is bound by the same policies and procedures as all software. No user may install any font software onto Council systems. 11 Evaluation (Freeware & Shareware) Shareware, Freeware & Public Domain software is bound by the same policies and procedures as all software. No user may install any free or evaluation software onto Council systems. 12 Games & Screensavers The Council does not permit the use of any games or screensavers other than those previously agreed by line managers, or the games and screensavers which form part of your operating system Page 6 of 10

13 Internet Downloads No software, whatsoever, may be downloaded from the Internet. 14 Email Attachments Users may not load or use any software received via e-mail. Sharing software via email is prohibited. 15 Mobile/Laptop Users Council software policies apply to mobile users and all laptops will be equipped with auditing software for regular checks. 16 Auditing All users must be aware that the Council electronically audits all computers on a regular basis. Sample random audits also may be carried out. 17 Disaster Recovery The owner of every business process and support process is responsible for ensuring that an appropriate business resumption risk assessment is carried out. Where that resumption includes the redeployment or reinstallation of software in support of business activities the software licencing must comply with this Policy and the conditions of the original Vendor licence. 18 Disciplinary Procedures for Breach The Council s software policies are implemented to safeguard the Council from the many varying laws surrounding software use. Any user found to be in breach of these policies may be subject to disciplinary procedures. Page 7 of 10

19 Appendix 1 Procedures 19.1 Acquisition, Delivery & Installation The user is to call the ICT Strategic Partner Service Desk requesting a quote for the software and obtain a reference number. Complete the online Equipment Request Form using the supplied reference number. Obtain the relevant authorisation signature and pass to the ICT Client Team as a Non Standard Request. Once delivered, the software will be added to the Authorised Software List against the specific user. The software will then be identified to the audit tool and loaded to the user s workstation by the ICT Strategic Partner. The software will be added to the Definitive Software List and the media will be placed in the secure storage area, controlled by the ICT Strategic Partner. 19.2 Movements In the event of staff relocations Departmental Managers are to complete the online Office Move Form. As part of this procedure they are to ascertain whether new software will be required. Old software can be re-distributed and the new locations of staff, hardware, network points and software for the asset register recorded by the Strategic ICT Partner. 19.3 Retirement & Disposal Once a computer is deemed ready for disposal, all software will be removed. Where the licence permits, the software will be re-used, stored for future use or retired. Software purchased as part of a computer will be disposed of with the computer as these licences are non-transferable. All Council data will be removed and the hard disk will be securely cleaned or physically destroyed. The asset register will be updated and the certificate of disposal/destruction will be held on file. 19.4 Fonts Where a user has a valid business requirement for a specific font they will use the standard software acquisition procedure. 19.5 Evaluation (Freeware and Shareware) Where a user has a valid business requirement for a piece of shareware or freeware they will use the standard software acquisition procedure. Upon the appropriate management agreements, the software will be obtained, tested and loaded to the user. Page 8 of 10

If this software is shareware, and requires deletion or licensing after a trial period, the user will be contacted one week prior to the end of trial date to ascertain whether he or she wishes to retain use of the software. If the software is to be retained usual acquisition procedures will be followed. If it is not required the software will be completely uninstalled. 19.6 Games & Screensavers Before being delivered to the user, the ICT Strategic Partner will ensure that the computer is loaded with software to corporate standards and the screensaver is set to enable after a static period of 5 minutes with a password required to gain access. 19.7 Internet Downloads If a user has a valid and approved reason for an item of software available on the internet, he/she will inform the ICT Client Team using the standard software acquisition procedure. The ICT Client Team and the ICT Strategic Partner will then check the licensing requirements for the software, where appropriate purchase a licence, download the software, virus check the download and benchmark the software, prior to delivery to the end user. 19.8 Email Attachments If you receive any unexpected files, which do not appear to be standard business documents, inform the IT Security Officer and the ICT Strategic Partner immediately. 19.9 Mobile/Laptop Users Laptops used as a primary access mechanism through a docking station in a Council office will be subject to the same audit regime as desktop machine. Users with laptops that are not regularly attached to the Council network will be subject to periodic recall for update and audit. See Auditing. 19.10 Auditing The Council uses auditing software on a regular basis to ascertain whether all of the software loaded is legal. The audit is checked and reconciled with the Definitive Software Library and all unauthorised software is deleted. The source of the unauthorized software will be ascertained and disciplinary action may be taken. Page 9 of 10

19.11 Disaster Recovery The ICT Strategic Partner is responsible for regularly reviewing its ability to recover or re-supply the organisation, within the timeframe required, with all the business software that will be needed to effect recovery of the business in the event of a major disaster. 19.12 Disciplinary Procedures for Breach The standard Council disciplinary procedures will apply. Page 10 of 10

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information