Approved Application Policy

Version: 1.00Issue Date: 11/8/2014

1.0 Overview

All employees and personnel that have access to organizational computer systems must adhere to the approved application policy in order to protect the security of the network, protect data integrity, and protect computer systems.

2.0 Purpose

This Approved Application Policy is designed to protect the organizational resources on the network by requiring all network users to only run or install application programs deemed safe by the IT department.

3.0 Scope

This Approved Application Policy applies to all users of organizational equipment or equipment that is operated on the network whether the user be directly employed by the organization or not. This policy applies to licensed software, shareware, and freeware. This policy is effective as of the issue date and does not expire unless superceded by another policy.

4.0 Approved Applications

All employees may operate programs on the IT approved application list so long as it is legally licensed and required for business use. If an employee wants to use an application not on the list, they should submit the application program to the IT department for approval prior to using the program on a system connected to the organizational network.

If the employee causes a security problem on the network by installing and running an unapproved program they risk disciplinary action.

5.0 Change Management

Software developed internally or by third parties for the organization must go through the change management process and be properly checked for quality and tested for errors. Changes to commercial software such as operating systems and other utilities should be properly tested in a test environment prior to production or general use according to the change management process.

6.0 Exceptions

Special exception may be made to this policy for specific employees depending on the required job function and the skills of the employee. Some reasons for exception include:

  1. The employee may be the person who needs to test new applications on a test network, then on the main network.
  2. The employee may be a developer that must run applications developed by themselves in order to test their own work.
  3. Network administrators may be allowed the ability to operate and test new software.

7.0 Enforcement

Since running safe programs is critical to the security of the organization, employees that do not adhere to this policy may be subject to disciplinary action up to and including denial of access, legal penalties, and/or dismissal. Any employee aware of any violation of this policy is required to report it to their supervisor or other authorized representative.

8.0 Approved Applications

IT department approved applications are listed below.

  • Microsoft Office Suite
  • Groupwise
  • Mozilla Firefox
  • Adobe Acrobat
  • Microsoft Visio
  • Symantec Antivirus
  • Roxio Easy CD Creator
  • WinZip
  • Zonealarm firewall

Other approved applications will be published (specify where).

9.0 Other Policies

  • Change Management Policy

10.0 Additional Requirements

  • Authorized software must be installed by authorized personnel.
  • Software installation must be based on an official approved request.
  • The software inventory list must be updated any time software is installed or removed and licensing must be kept current.
  • An Application Approval Procedure defining the process and appropriate officials to approve applications must exist or this policy is not effective.
  • Senior management must ensure that this policy is published and users agree to abide by the policy.
  • A Change Management Policy must exist.
  • A Configuration Management Procedure must exist.

Approval

Approved by:__________________________ Signature:_____________________ Date:_______________