This Anti-Malware Policy is an IT policy template designed to set out the measures to be taken by a business (and its employees/contractors etc.) with respect to the prevention, detection, and remediation of malware.
This IT policy is designed to be used in conjunction with the IT Security Policy, which covers a range of IT security issues and includes cross references to this document and other relevant policies. If desired, the IT Security Policy contains shorter, simpler provisions on anti-malware measures, which can be used instead of this separate document.
Malware poses a serious risk to individuals and businesses of all sizes. It can be defined broadly as any type of malicious file, code, or software which performs malicious and unauthorised tasks including, but not limited to, deleting files, stealing data (personal and otherwise), gaining access to systems, changing device settings, and controlling devices and software. Types of malware include, but are not limited to, viruses, worms, trojans, rootkits, keyloggers, spyware, adware, phishing, and ransomware.
Key sections in this Anti-Malware Policy deal with client device protection (i.e., end user devices within your business, not those belonging to your customers), server protection, and users’ responsibilities.
Client devices should be protected with anti-malware software with automatic settings to keep it up-to-date and run scheduled scans. Shared files and physical media should also be kept safe. Provision is made for limited exceptions to the rules set out in the policy for devices which do not require anti-malware software, such as iPhones and iPads.
Servers should also be protected. As with client devices, automatic updates and schedules scans are set out in the policy.
Users are required to report any malware that is detected, along with any other security concerns. The policy also expressly states that users should not attempt to circumvent anti-malware protections or deliberately introduce malware into the company’s IT systems.
Optional phrases / clauses are enclosed in square brackets. These should be read carefully and selected so as to be compatible with one another. Unused options should be removed from the document.
This Anti-Malware Policy contains the following sections:
2. Scope and Key Principles
3. Client Device Protection
4. Server Protection
5. Users’ Responsibilities
6. Policy Review
7. Implementation of Policy
This Anti-Malware Policy is unlocked and in .doc format. Either enter the requisite details in the highlighted fields or adjust the wording to suit your purposes.
Once you have purchased access to the appropriate document folder click on the “Download Document” link below. You will be asked what you want to do with the file. It is recommended that you save the document to a location of your choice prior to viewing.