application , compliances , health-care-hipaa-hitech-hitech , policies

Sample – Administering Anti-Virus Software Policy

September 5, 2019

Introduction
The purpose of this policy is to describe how the Windows anti-virus software is configured to monitor virus activity in order to detect and prevent transmission of data or files that contain certain virus signatures. It also describes how the Exchange / SMTP anti-virus software is configured to monitor mail-related traffic to detect and prevent the transmission of data or files via e-mail that contain certain virus signatures.

Policy
All systems have anti-virus software installed during the build process as required for the service. Every shift updates and monitors the virus definitions for the systems.

Scope
This policy applies to virus defenses in the server environments at all sites / locations.
Failure to comply with this policy may result in disciplinary action up to and including termination.

Control Objective
Controls provide reasonable assurance that system vulnerabilities are identified, unauthorized attempts to gain access to systems residing on the hosted systems are detected in a timely manner, and that related evidence is maintained.

Associated Controls
For a list of controls and audit mechanisms, refer to the topic “Associated Controls and Audit Mechanisms” later in this document.

Windows Installation
All Windows-based servers have an anti-virus agent installed and configured prior to going into a production environment. The anti-virus management console is configured to include any new system placed in the production environment.