1 Policy Statement
This policy helps [Your Company Name] (hereinafter referred to as the “Company”) to define how it protects the devices, people and information under its remit through the use of malware and ant-virus software and applications. The Company installs malware and anti-virus protections on all devices that can access external networks and ensure through secure configuration that risks and threats are minimised.
We recognise our obligations to protect not only the intellectual property of the Company, but also any personal or confidential information relating to our customers and employees. Users are made aware that they are not allowed to access the malware or anti-virus applications and are bound by the objectives and content of this policy.
2 Purpose
The purpose of this policy is to define the Company standards for installing and configuring malware and anti-virus software on all of its devices [and employee’s personal devices where they are used for business purposes]. The Company understands the threat posed by viruses and malicious software and have strict measures and controls for minimising the risk of its devices being infected or affected.
This Policy sets out the responsibilities of all users to ensure that they adhere to this policy and take every reasonable precaution when accessing, using or opening websites, emails, files, USB or other removable media or other systems that may pose a risk or threat to the Company’s information systems.
3 Scope
This policy applies to all staff within the Company (meaning permanent, fixed term, and temporary staff, any third-party representatives or sub-contractors, agency workers, volunteers, interns and agents engaged with the Company in the UK or overseas). Adherence to this policy is mandatory and non-compliance could lead to disciplinary action.
4 Objectives
The Company recognises that virus or malware infections are extremely damaging in multiple ways. There is both a monetary and reputational cost when a device or network is infected, and the Company has an obligation to ensure that every reasonable measure is taken to reduce the risk of such infections happening.
As viruses and malicious software is constantly evolving, so are the Company’s controls and approach to protecting our devices and networks. We have a number of objectives in place to ensure that our business, information, employees and customers are protected from virus and/or malware infections, including: -.
- Install anti-virus and malware applications or software on all devices that are connected to (or can be connected to) external systems and the internet
- Regularly update malware and anti-virus software and ensure that where applicable, automatic updates are enabled
- Known malicious sites or email addresses (spam) must be blacklisted where possible to prevent unauthorised access
- All devices and servers used by the Company utilise a supported operating system version with the latest patches and updates installed and applied
- Any personal devices (i.e. smartphones, laptops) that are utilised for business purposes are to be given to the [IT Team/Named Person/IT Manager] to ensure that effective, adequate and up to date anti-virus and malware software has been installed and correctly configured
- Configure malware and anti-virus software to effectively scan devices and files daily and additionally when: –
- the device is accessed
- removable storage media is attached
- email attachments
- downloading and/or opening files from external sources
- webpage scanning
- Ensure that any new applications installed on a device are approved by the [IT Team/Named Person/IT Manager] and all approved applications are documented
- Prevent users from installing unauthorised applications directly onto their devices
- Ensure that all employees are aware not to open email attachments or website files unless they have been authorised to do so or they are received from authorised senders
- [Add/Delete any other malware and/or anti-virus objectives that apply to your business]
5 Responsibilities
It is the responsibility of the [IT Team/Named Person/IT Manager] to oversee; implement; configure; monitor and maintain all anti-virus and malware software applications. However, all users are expected to understand the importance of preventing access to devices from malicious sites or email attachments and are responsible for following the objectives in this policy.