Skip to content
Security & Access

Antivirus Policy

Version: 1.0
Effective Date: January 20, 2025
Status: Draft

1.0 OVERVIEW

The purpose of this policy is to describe the responsibilities of individuals and IT team in protecting NEO computer systems against computer virus, worm, spyware, malware, and other types of malicious software.

2.0 POLICY

i. Computing assets

All workstation and portable devices (i.e laptops) must use NEO approved antivirus/antimalware protection software and configuration provided by the CTO.

The following procedures shall be followed:

  • Virus protection software must not be disabled or bypassed
  • Settings for the virus protection software must not be altered in a manner that will reduce the software effectiveness
  • Automatic update frequency cannot be altered to reduce the frequency of updates
  • All electronic mail gateways, devices, and servers must use NEO approved e-mail virus/malware/spam protection software and must adhere to NEO rules for the setup and use of this software.
  • Any threat that is not automatically cleaned, quarantined, and subsequently deleted by malware protection software constitutes a security incident and must be reported to the CTO
  • Antivirus/antimalware signature updates shall occur on a frequency defined by the CTO but shall occur minimally once each calendar day.

ii. Maintenance and Support

Maintenance actions (software updates, definition updates, infections, etc.) shall be logged and retained for a period aligning with NEO requirements to allow proper investigations into malware-related incidents.

Management shall ensure proper licensing, tracking, and related documentation. This shall include processes and procedures supporting:

  • Authorized Antivirus software installation on all systems
  • Regular threat scanning capable of detecting, removing and protecting against known types of malicious software
  • Annual review and re-evaluation of low-risk systems and appliances not considered affected by malicious software based on current best practice
  • Pro-active monitoring and update mechanisms supporting this policy
  • Verification that mechanisms are in place for preventing users from disabling or modifying antivirus detection tools
  • Processes and procedures for exceptions to the policy exist and are followed based on a case-by-case evaluation
  • If antivirus mechanisms are disabled, additional security measures may need to be implemented for the period of time during which antivirus protection is not active.

3.0 Eligibility

This policy applies to all computing components that create, deploy, or support application and system software.

Let's build your proposal
Powered by NEO AI - Intelligent Matching Technology