Software Installation Policy

Version1.0.0 Last Updated2024-03-08 APPROVED

1. Overview

AccuCode AI Inc. must ensure the security and integrity of its computing systems. Allowing employees to install unauthorized software on company devices can lead to various risks, including:

  • Conflicting file versions or DLLs that can prevent programs from running properly
  • Introduction of malware from infected installation software
  • Use of unlicensed software that could be discovered during audits
  • Programs that can be used to hack the organization’s network

2. Purpose

The purpose of this policy is to outline the requirements for installing software on AccuCode AI Inc.’s computing devices. The policy aims to:

  • Minimize the risk of loss of program functionality
  • Protect sensitive information contained within the computing network
  • Reduce the risk of introducing malware
  • Avoid legal exposure from running unlicensed software

3. Scope

This policy applies to all employees, contractors, vendors, and agents with AccuCode AI Inc.-owned mobile devices. It covers all computers, servers, smartphones, tablets, and other computing devices operating within the company.

4. Policy

4.1. Employees are prohibited from installing software on computing devices operated within the AccuCode AI Inc. network.

4.2. Software requests must first be approved by the requester’s manager and then submitted to the Information Security (InfoSec) team in writing or via email.

4.3. The InfoSec team will review and approve software requests based on security, compatibility, and licensing requirements. If no approved software meets the requester’s needs, the InfoSec team will work with the requester to find a suitable alternative.

4.4. The InfoSec team will obtain and track licenses, test new software for conflicts and compatibility, and perform the installation.

5. Policy Compliance

5.1. Compliance Measurement The InfoSec team will verify compliance to this policy through various methods, including but not limited to, business tool reports, internal and external audits, and feedback to the policy owner.

5.2. Exceptions Any exception to the policy must be approved by the InfoSec team in advance.

5.3. Non-Compliance An employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.