The Use of Non-Standard Software Procedure delineates specific guidelines regarding the use of personal software on company computing assets. This procedure helps ensure the efficiency and supportability of company computing resources, strict software configuration control procedures are required. The use of personally owned, unlicensed, or unauthorized software on company computing assets is prohibited. It applies to all company personnel and company computer equipment and systems. (6 pages, 789 words)

In some cases, the need for a software solution outside the scope of the Common Operating Environment (COE) will arise. When a system user identifies such a requirement, that user should submit a formal request for permission to install and use the non-standard software program. This request should be forwarded via the user’s department director to the Information Systems Manager.

Use of Non-Standard Software Responsibilities:

The Information Systems Manager is responsible for reviewing and approving requests to use non-standard software.

Department directors/managers are responsible for enforcing company policy and standards regarding software configuration and use.

Computer system users are responsible for knowing and observing company policy and standards regarding software configuration and use. Users must seek and receive approval before installing or using non-standard software on company computing assets. If unauthorized software is found or suspected, users are responsible for notifying their Department managers.

Company LAN Administrators are responsible for monitoring software installation, configuration, and usage. They are also responsible for reporting violations to the Information Systems Manager and Information Security Manager and, when unauthorized software is detected, coordinating actions required to eradicate the unauthorized software and return the workstation or system to the approved configuration.

The Information Security Manager is responsible for ensuring that software installed on company IT assets – authorized or not – does not pose a security threat and ensuring that users have appropriate access to company software and information.