Anti-virus and Malicious Code Policy Overview

Anti-virus and Malicious Code Policy Overview

• The policy aims to protect all networks, information processing facilities, and mobile computing devices from viruses, worms, Trojans, spyware, and malware.
• It is created to meet PCI DSS requirements and applies to all company-controlled devices and equipment connecting to the company network.
• The policy outlines roles and responsibilities for Client, Server, and Anti-Virus Administrators, IT Security Manager, Users, and Third Party Vendors.
• It requires approved anti-virus software installation, constant monitoring, and strict control over external files and software.
• Users are responsible for scanning suspicious emails and media, avoiding unapproved software, and reporting any virus incidents to the IT Helpdesk.
• Third Party Vendors are responsible for providing timely updates and support for anti-virus software.
• The policy mandates proactive and periodic virus scanning, scanning of new code before production, and scanning files from external sources.
• All systems running Microsoft Windows and Linux/Unix operating systems connected to the network must have anti-virus protection.
• Workstations and laptops must have continuous anti-virus protection and regular updates, with alternative arrangements for laptops outside the trusted network.
• Servers must undergo scheduled checks and scans of files, while a different anti-virus solution is required for network gateway and mail servers.
• Any employee violating the policy may face disciplinary action, and deviations are only permitted with a valid business case reviewed and approved by the Security Management Team and/or Legal Counsel.
• The policy references the Payment Card Industry Data Security Standard (PCI DSS) as part of its requirements.