it-04 virus protection policy
TRANSCRIPT
DOCUMENT NO:REVISION NO:EFFECTIVE DATE:PAGE NO:PREPARED BY:APPROVED BY:
IT-04 0 1-August-09 1 of 3Hong Chan ChuenLim Hock Chee
VIRUS PROTECTION POLICY
1.0 PURPOSE:
1.1 To establish and maintain a policy for virus protection of all CMM information systems components.
2.0 SCOPE:
2.1 This document applies to all CMM employees and all CMM information systems.
3.0 REFERENCES:
3.1 IT-01 (Company Electronic Data Policy)
3.2 IT-09 (Third Party and Contractor Access Policy)
4.0 DEFINITIONS:
4.1 IT – Information Technology
5.0 EXHIBITS:
5.1 None
6.0 RESPONSIBILITIES:
6.1 Corporate IT Group- Ensuring that IT develops and implements appropriate policies, practices and
procedures on a company wide basis.- Ensuring that regional IT management implements and ensures compliance to this
policy and all related practices and procedures.- Ensuring that the policy, practices and procedures are maintained.
6.2 IT Management- Ensuring all staff in their area of responsibility is familiar with and complies with
all policies practices and procedures.- Ensuring that local procedures in support of the corporate policy are maintained.- Ensuring that the CMM standard anti-virus software is deployed to all CMM
computers (servers, desktop, laptops) as noted in this policy.
6.3 All Employees- Notifying the IT department immediately when a virus is detected on their system
or if they suspect their system has been compromised.
7.0 PROCEDURE:2-MAY-23
DOCUMENT NO:REVISION NO:EFFECTIVE DATE:PAGE NO:PREPARED BY:APPROVED BY:
IT-04 0 1-August-09 2 of 3Hong Chan ChuenLim Hock Chee
7.1 CMM will install and activate anti-virus software to protect all company IT related assets.
7.2 Vendor updates (e.g. versions, DAT files and engine updates) will be installed upon release.
7.3 All incoming e-mail to CMM and all outgoing e-mail from CMM will be virus scanned prior to receipt and send. Any e-mail attachments containing a virus will be stripped from the message
8.0 PRACTICE:
8.1 Acceptable Usage8.1.1 All CMM servers and desktop/laptops computers must have company standard
anti-virus software installed, activated and maintained.
8.1.2 Employees must not modify, disable, tamper with or remove standard system configuration setting unless performed or approved by authorized IT Department personnel. This includes anti-virus software.
8.2 Update Schedule/Process8.2.1 The anti-virus software vendor website is to be polled on a scheduled basis
(minimum recommended time is 1 hour or less) for any new updates. If an update is found it is to be downloaded into an CMM master repository (virus server) immediately.
8.2.2 All CMM laptops/desktops are to poll the master repository (virus server) on a schedules basis (minimum recommended time is one hour or less) for new updates. If an update is found it will be downloaded immediately.
8.2.3 All CMM laptops will be configured with a roaming option to automatically download anti-virus updates through the internet from the vendor site when not connected to the CMM network.
8.2.4 All CMM servers are to poll the master repository (virus server) on a scheduled basis (minimum recommended time is one hour or less) for new updates. If an update is found it will be downloaded immediately.
8.3 Monitoring8.3.1 A virus scan of all CMM systems will be scheduled to run automatically on a
weekly basis.
8.3.2 All CMM systems will be reviewed on a monthly basis to ensure the anti-virus standard configuration is in place.
2-MAY-23
DOCUMENT NO:REVISION NO:EFFECTIVE DATE:PAGE NO:PREPARED BY:APPROVED BY:
IT-04 0 1-August-09 3 of 3Hong Chan ChuenLim Hock Chee
8.3.3 IT staff will regularly monitor the activity on the public internet for potential outbreaks. Vendor sites such as ESET (http://www.eset.com/) provide real time view of Internet activity, including virus outbreaks around the world.
8.4 3rd Party Systems8.4.1 Any third party connecting to the CMM network must ensure that their
computer has adequate virus protection. This must be included in the non-disclosure agreement that the consultant signs before being granted access to the CMM network.
8.4.2 It is the responsibility of the CMM IT department to ensure that the third party system meets CMM standards to ensure minimal effect on the CMM network.
8.4.3 All third party systems must be virus scanned prior to connecting to the CMM network.
8.5 Troubleshooting8.5.1 The standard anti-virus software must provide the ability to notify both the end
user and the IT department that a virus has been detected or removed.
8.5.2 New computer viruses originate almost daily. To ensure proper protection, anti-virus updates are constantly made. These are circumstances however, when a virus may still make its way through the network. In order to stop the spread and impact of a computer virus, it is of the utmost importance to understand the potential threat of virus. In such circumstances, it may be necessary to take corrective actions such as isolating the CMM network from outside sources.
9.0 REVISION HISTORY:
Rev # Sec./PageNo Name Change
Date Changes
0 - Hong Chan Chuen 6-July-09 New
2-MAY-23