3.2 Software Installation Standard
3.2.1. Overview
Allowing employees to install software on company computing devices opens the organization up to unnecessary exposure. Conflicting file versions or DLLs which can prevent programs from running, the introduction of malware from infected installation software, unlicensed software which could be discovered during audit, and programs which can be used to hack the organization’s network are examples of the problems that can be introduced when employees install software on company equipment.
3.2.2. Purpose
The purpose of this standard is to outline the requirements around installation software on Highline College-owned computing devices. To minimize the risk of loss of program functionality, the exposure of sensitive information contained within Highline College’s computing network, the risk of introducing malware, and the legal exposure of running unlicensed software.
3.2.3. Scope
This standard applies to all Highline College employees, contractors, vendors and agents with a Highline College-owned mobile devices. This standard covers all computers, servers, smartphones, tablets and other computing devices operating within Highline College.
3.2.4. Standard
3.2.4.1
Employees may not install software on Highline College’s computing devices operated within the Highline College network without authorization from ITS.
3.2.4.2
Software requests must first be approved by the requester’s manager and then be made to the Information Technology department or Help Desk in writing or via email.
3.2.4.3
Software must be selected from an approved software list, maintained by the Information Technology department, unless no selection on the list meets the requester’s need.
3.2.4.4
The Information Technology Department will obtain and track the licenses, test new software for conflict and compatibility, and perform the installation.
3.2.5. Compliance
3.2.5.1 Compliance Measurement
ITS will verify compliance to this standard through various methods, including but not limited to, periodic walk-thrus, video monitoring, business tool reports, internal and external audits, and feedback to the standard owner.
3.2.5.2 Exceptions
Any exception to the standard must be approved by ITS in advance.
3.2.5.3 Non-Compliance
An employee found to have violated this standard may be subject to disciplinary action, up to and including termination of employment.
3.2.6. Related Standards, Policies, and Processes
None.
3.2.7. Revision History
Date | By | Summary |