This policy establish standards for the base configuration of equipment that is owned and/or operated by Techrish Solutions or equipment that accesses Techrish Solution’s internal systems. Effective implementation of this policy will minimize unauthorized access to Techrish Solutions proprietary information and protect confidential client information.
This policy applies to equipment owned and/or operated by Techrish Solutions, and to employees connecting to Techrish Solutions.
Server Malware Protection
- Anti-Virus – All servers MUST have an anti-virus application installed that offers real-time scanning protection to files and applications running on the target system if they meet one or more of the following conditions:
- Non-administrative users have remote access capability
- The system is a file server
- Share access is open to this server from systems used by non-administrative users
- HTTP/FTP access is open from the Internet
- Other “risky” protocols/applications are available to this system from the Internet at the discretion of the Techrish Solutions IT department.
- Daily Backups – Backup software shall be scheduled to run daily to capture all data from the previous day.
- Backup logs are to be reviewed to verify that the backup was successfully completed.
- One responsible party should be available to supervise backups each day. An alternative should be named to oversee the process , if the designated backup specialist is not available.
- Authorized Users – Appropriate measures must be taken when using workstations to ensure the confidentiality, integrity, and availability of sensitive information is restricted to authorized users.
- Safeguards – Techrish Solutions will implement physical and technical safeguards for all workstations that access electronic confidential information to restrict access to authorized users.
- Restricting physical access to workstations to only authorized personnel
- Employees may not install software on Techrish Solutions computing devices operated within the Techrish network. Requester’s manager must approve the software requests first and then made to the IT department. Software must be selected from an approved software list, maintained by the IT department unless no selection on the list meets the requester’s need. The IT department will obtain and track the licenses, test new software for conflict and compatibility, and perform the installation.
- In conclusion, this policy covers all computers, servers, and other computing devices operating within Techrish Solution’s network.