1.1. The purpose of this policy is to ensure that all computing equipment used by the organization is protected against malicious software and other cyber-attacks by requiring the use of anti-virus software and end point detection and response (EDR) solutions.
2.1. This policy applies to all employees, contractors, and third-party individuals who use computing equipment owned or operated by the organization, including but not limited to laptops, desktops, servers, and mobile devices.
3.1 Anti-Virus Software: All computing equipment must have anti-virus software installed and updated regularly. The anti-virus software must be compatible with the organization's operating system and must be configured to run regular scans to detect and remove malicious software.
3.2 End Point Detection and Response: All computing equipment must have EDR software installed and updated regularly. The EDR software must be capable of detecting and responding to security incidents and threats in real-time.
3.3 Regular Updates: All anti-virus and EDR software must be kept up-to-date with the latest security updates and patches. Regular software updates should be performed by authorized personnel or through the use of automated update processes.
3.4 User Responsibility: All users of computing equipment must follow best practices for computer security. Users must report any suspected security incidents to the IT security team immediately.
3.5 Exception Process: If a user has a specific requirement that prevents them from using anti-virus or EDR software, they must obtain written approval from the IT security team. The IT security team will assess the risk and make a decision based on the organization's security standards and practices.
3.6 Non-Compliance: Failure to comply with this policy may result in disciplinary action, up to and including loss of access to Snow College networks, systems, and services.
4.1 The IT security team is responsible for enforcing this policy and ensuring that all computing equipment is in compliance. Regular audits and security assessments will be performed to monitor compliance with this policy.
