The Antivirus Policy and Procedure explains the policy and procedure that governs the use of anti-virus software within the Company. The policy gives guidance and direction on minimizing the risk of a computer virus infection and what to do if a virus is encountered.
The software and hardware that make up the trust’s computer network are essential resources for the trust. The computer network helps staff carry out everyday duties. Without it, important communication systems would not exist.
Compliance with this policy will ensure that the trust’s computer network will be protected from computer viruses and associated security risks.
Computer viruses pose considerable risk to the computer network. Viruses can cause the systems on the computer network to run erratically and lose or corrupt information. This could result in loss of productivity for the trust or potential breaches of legislation.
1.1 PROCEDURE OWNER
1.3 APPLICABLE REGULATIONS
1.4 RELATED [COMPANY] NORMS AND PROCEDURES
1.7 AUDIENCE AND SCOPE
1.8 DOCUMENT SUPPORT
2. DEFINITIONS & ABBREVIATIONS
3. KEY TERMS
3.1 USE OF E-MAIL AND THE [COMPANY]’S INTERNET
3.2 ANTIVIRUS SOFTWARE CONTROL
3.3 HOAX VIRUSES
3.4 TROJAN HORSES
4. ROLES AND RESPONSIBILITIES
4.1 INFORMATION SECURITY SECTOR
4.2 IT MANAGER / NETWORK AND SYSTEMS ADMINISTRATOR
4.3 USERS OF IT EQUIPMENT
5. ANTI-VIRUS PROCESSES AND PROCEDURES
5.1 AVOIDING VIRUS INFECTION
5.2 DETECTION OF A VIRUS
5.3 MAINTENANCE AND AVAILABILITY
5.4 METHOD OF PROTECTION
5.5 ACTUAL OR SUSPECTED COMPUTER VIRUSES
7. FINAL CONSIDERATIONS
7.1 DISCIPLINARY ACTIONS AGAINST PROCEDURE VIOLATION
7.2 DOCUMENT REVISION
The objective of the Patch Management Procedure is to set in place IT patch management strategies and create consistently configured operational environment that is secured against known malfunction and vulnerabilities in operating system.
The objective of the Cryptographic Controls Standard is to outline the minimum information security controls which must be applied when cryptographic services and solutions are utilized by the Company. Specifically, this Standard focuses on key management requirements, acceptable algorithms, appropriate key lengths, and raises pertinent regulatory considerations relating to the use of cryptography.