This sample policy outlines procedures for the usage and maintenance of approved software in a company. The procedures detail the use of only approved software in company applications, reporting of problems by systems designers and developers, removal of all unauthorized access paths in production software, use of most current operating system versions, and prompt implementation of security fixes.
In this sample, the company manufactures medical equipment, and therefore must follow FDA regulations. Because not all software products comply with those regulations, free software, shareware and other non-approved software must not be used on any production-related company system.
Risk & Control Matrices - RCMs
Manage Security and Privacy RCM
Policies & Procedures