Sample Software Acceptable Use Standard:

From HORSE - Holistic Operational Readiness Security Evaluation.
Jump to navigation Jump to search

Sample Software Acceptable Use Standard


The <Your Company Name> (the "Company") Sample Acceptable Use Policy defines objectives for establishing specific standards on the appropriate business use of information assets.

This Software Acceptable Use Standard builds on the objectives established in the Sample Acceptable Use Policy, and provides specific instructions and requirements on the proper and appropriate business use of Company software.

I. Scope


All employees, contractors, part-time and temporary workers, and those employed by others to perform work on Company premises, or who have been granted access to and use of Company information or systems are covered by this standard and must comply with associated guidelines and procedures.

Electronic Communications Systems refers to all Company information systems and equipments including Sample Electronic Mail Acceptable Use Standard, Internet Resources, and Telecommunications Resources.

Electronic Mail Resources are defined in the Sample Electronic Mail Acceptable Use Standard.

Information Assets are defined in the Sample Asset Identification and Classification Policy.

Internet Resources are defined in the Sample Internet Acceptable Use Policy.

Telecommunications Resources are defined in the Sample Telecommunication Acceptable Use Standard.

Users refer to all individuals, groups, or organizations authorized by the Company to access and use Company information and systems.

II. Requirements


A. Business Use


1. Users shall abide by and comply with any and all copyright laws pertaining to computer software and by any software license agreements that are legally applicable to them.


2. All software and licenses used by the Company must be legally purchased or acquired.


3. The use of Company software shall be in accordance with applicable laws and regulations.


B. Improper Use


1. Any use of Company software must not be illegal, must not constitute or be perceived as a conflict of Company interest, and must not violate Company policies.


2. Users shall not violate any laws or regulations through the use of Company software.


3. Unauthorized copying of copyrighted software and licenses for corporate, personal use, or for distribution to others is prohibited.


4. Receipt and use of unauthorized software copies and licenses is prohibited.


C. Download Restrictions


1. Company Electronic Communications Systems shall not be used to send, receive or store any commercial software, shareware, freeware, or public domain without the Company's prior authorization.


D. Right to Monitor


1. The Company reserves the right to monitor and review the software installed or used on Company Electronic Communications Systems at any time by authorized Company personnel.


2. The Company reserves the right to disclose the nature and content of any User's activities involving software installation or use on Company Electronic Communications Systems to law enforcement officials or other third parties without any prior notice to the User.


3. The Company reserves the right to remove software installed or used on Company Electronic Communications Systems, when authorized personnel detect or determine that the software copy or the use of the software does not comply with the existing licensing agreement for the software.


III. Responsibilities


The Chief Information Security Officer (CISO) approves the Software Acceptable Use Standard. The CISO also is responsible for ensuring the development, implementation, and maintenance of the Software Acceptable Use Standard.

Company management is responsible for ensuring that the Software Acceptable Use Standard is properly communicated and understood within its respective organizational units. Company management also is responsible for defining, approving, and implementing processes and procedures in its organizational units, and ensuring their consistency with the Software Acceptable Use Standard.

Users are responsible for familiarizing themselves and complying with the Software Acceptable Use Standard and the associated guidelines provided by Company management. Users also are responsible for reporting software copyright violations and misuse to management, and cooperating with official Company security investigations relating to misuse of such resources.

IV. Enforcement and Exception Handling


Failure to comply with the Software Acceptable Use Standard and associated guidelines and procedures can result in disciplinary actions up to and including termination of employment for employees or termination of contracts for contractors, partners, consultants, and other entities. Legal actions also may be taken for violations of applicable regulations and laws.

Requests for exceptions to the Software Acceptable Use Standard should be submitted to <Insert Title> in accordance with the Information Security Standards Exception Procedure. Prior to official management approval of any exception request, the individuals, groups, or organizations identified in the scope of this standard will continue to observe the Software Acceptable Use Standard.

V. Review and Revision


The Software Acceptable Use Standard will be reviewed and revised in accordance with the Sample Information Security Program Charter.

Approved: _______________________________________________________

Signature


<Insert Name>


Chief Information Security Officer