Allowing employees to install software on company computing devices opens the organization up to unnecessary exposure. Conflicting file versions or libraries which can prevent programs from running, the introduction of malware from infected installation software, unlicensed software which could be discovered during audit, and programs which can be used to hack the organization’s network are examples of the problems that can be introduced when employees install software on company equipment.
The purpose of this policy is to outline the requirements around installation software on CrowdFiber computing devices. To minimize the risk of loss of program functionality, the exposure of sensitive information contained within CrowdFiber's computing network, the risk of introducing malware, and the legal exposure of running unlicensed software -
- Employees may not install software on computing devices operated within the production or secure network without approval.
- Developers may install software from trusted sources for use within the development process.
- The Information Technology Department will obtain and track the licenses, test new software for conflict and compatibility, and perform the installation.
Compliance Measurement
The Infosec team will verify compliance to this policy through various methods, including but not limited to, periodic walk-throughs, video monitoring, business tool reports, internal and external audits, and feedback to the policy owner.
Exceptions
Any exception to the policy must be approved by the Infosec team in advance.
Non-Compliance
Any employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.