Sample Security Policy

Policy Number 1.21

Corporate Objective
Protect data integrity and minimize loss of productivity due to virus infiltration.

Operational Objective
Prevent virus infiltration through files downloaded over the Internet.

Scope of Use
This policy is valid until October 31, 2001.

Policy Statement
Software down-loaded from non-company sources via the Internet may contain a virus (or similar programs such as worms or Trojan horses). Before such software is decompressed, users must log-out of all servers and terminate all other network connections. Then --before it is executed -- the software must be screened with an approved virus detection package. If a virus is detected, the Information Security Department must immediately be notified, and no further work on this workstation may take place until the virus has been shown to be eradicated. If the software contains a virus, the damage will then be restricted to the involved workstation.

Audience
All departments. Applies to all users who are within audiences and have access to the Internet using network resources.

References
Please see Policies 1.2, 1.22, 1.23, 1.24 related to Internet usage and virus
management.

Revision Date July 28, 2004