You are on page 1of 3

DOCUMENT NO:

REVISION NO:
EFFECTIVE DATE:
PAGE NO:
PREPARED BY:
APPROVED BY:
IT-04
0
1-August-09
1 of
!o"g C#$" C#u%"
&'( !o)* C#%%
VIRUS PROTECTION POLICY
1.0 PURPOSE:
1.1 To establish and maintain a policy for virus protection of all CMM information systems
components.
2.0 SCOPE:
2.1 This document applies to all CMM employees and all CMM information systems.
3.0 REFERENCES:
3.1 IT-01 (Company lectronic !ata "olicy#
3.2 IT-0$ (Third "arty and Contractor %ccess "olicy#
4.0 DEFINITIONS:
&.1 IT ' Information Technolo(y
5.0 EXHIBITS:
).1 *one
6.0 RESPONSIBILITIES:
+.1 Corporate IT ,roup
- nsurin( that IT develops and implements appropriate policies- practices and
procedures on a company .ide basis.
- nsurin( that re(ional IT mana(ement implements and ensures compliance to this
policy and all related practices and procedures.
- nsurin( that the policy- practices and procedures are maintained.
+.2 IT Mana(ement
- nsurin( all staff in their area of responsibility is familiar .ith and complies .ith all
policies practices and procedures.
- nsurin( that local procedures in support of the corporate policy are maintained.
- nsurin( that the CMM standard anti-virus soft.are is deployed to all CMM
computers (servers- des/top- laptops# as noted in this policy.
+.3 %ll mployees
- *otifyin( the IT department immediately .hen a virus is detected on their system or
if they suspect their system has been compromised.
7.0 PROCEDURE:
+-MAY-14
DOCUMENT NO:
REVISION NO:
EFFECTIVE DATE:
PAGE NO:
PREPARED BY:
APPROVED BY:
IT-04
0
1-August-09
+ of
!o"g C#$" C#u%"
&'( !o)* C#%%
0.1 CMM .ill install and activate anti-virus soft.are to protect all company IT related
assets.
0.2 1endor updates (e.(. versions- !%T files and en(ine updates# .ill be installed upon
release.
0.3 %ll incomin( e-mail to CMM and all out(oin( e-mail from CMM .ill be virus scanned
prior to receipt and send. %ny e-mail attachments containin( a virus .ill be stripped
from the messa(e
8.0 PRACTICE:
8.1 A!"#$%&! U'$(!
2.1.1 %ll CMM servers and des/top3laptops computers must have company standard
anti-virus soft.are installed- activated and maintained.
2.1.2 mployees must not modify- disable- tamper .ith or remove standard system
confi(uration settin( unless performed or approved by authori4ed IT !epartment
personnel. This includes anti-virus soft.are.
8.2 U")$#! S*!)+&!,P-.!''
2.2.1 The anti-virus soft.are vendor .ebsite is to be polled on a scheduled basis
(minimum recommended time is 1 hour or less# for any ne. updates. If an
update is found it is to be do.nloaded into an CMM master repository (virus
server# immediately.
2.2.2 %ll CMM laptops3des/tops are to poll the master repository (virus server# on a
schedules basis (minimum recommended time is one hour or less# for ne.
updates. If an update is found it .ill be do.nloaded immediately.
2.2.3 %ll CMM laptops .ill be confi(ured .ith a roamin( option to automatically
do.nload anti-virus updates throu(h the internet from the vendor site .hen not
connected to the CMM net.or/.
2.2.& %ll CMM servers are to poll the master repository (virus server# on a scheduled
basis (minimum recommended time is one hour or less# for ne. updates. If an
update is found it .ill be do.nloaded immediately.
8.3 /.01#.-10(
2.3.1 % virus scan of all CMM systems .ill be scheduled to run automatically on a
.ee/ly basis.
2.3.2 %ll CMM systems .ill be revie.ed on a monthly basis to ensure the anti-virus
standard confi(uration is in place.
2.3.3 IT staff .ill re(ularly monitor the activity on the public internet for potential
outbrea/s. 1endor sites such as 5T (http633....eset.com3# provide real time
vie. of Internet activity- includin( virus outbrea/s around the .orld.
8.4 3
-)
P$-#2 S2'#!3'
+-MAY-14
DOCUMENT NO:
REVISION NO:
EFFECTIVE DATE:
PAGE NO:
PREPARED BY:
APPROVED BY:
IT-04
0
1-August-09
of
!o"g C#$" C#u%"
&'( !o)* C#%%
2.&.1 %ny third party connectin( to the CMM net.or/ must ensure that their
computer has ade7uate virus protection. This must be included in the non-
disclosure a(reement that the consultant si(ns before bein( (ranted access to the
CMM net.or/.
2.&.2 It is the responsibility of the CMM IT department to ensure that the third party
system meets CMM standards to ensure minimal effect on the CMM net.or/.
2.&.3 %ll third party systems must be virus scanned prior to connectin( to the CMM
net.or/.
8.5 T-.+%&!'*..#10(
2.).1 The standard anti-virus soft.are must provide the ability to notify both the end
user and the IT department that a virus has been detected or removed.
2.).2 *e. computer viruses ori(inate almost daily. To ensure proper protection- anti-
virus updates are constantly made. These are circumstances ho.ever- .hen a
virus may still ma/e its .ay throu(h the net.or/. In order to stop the spread and
impact of a computer virus- it is of the utmost importance to understand the
potential threat of virus. In such circumstances- it may be necessary to ta/e
corrective actions such as isolatin( the CMM net.or/ from outside sources.
4.0 REVISION HISTORY:
R!5 6
S!.,P$(!
N.
N$3!
C*$0(!
D$#!
C*$0(!'
0 - 8on( Chan Chuen +-9uly-0$ *e.
+-MAY-14