DOWN DISTRICT COUNCIL

VIRUS PROTECTION - POLICY & PROCEDURES

Introduction
1
.
1
This policy provides guidelines on the Virus Protection procedures in place
throughout Down District Council. (DDC)
Failure to adhere to this policy will be considered to be a potentially serious
disciplinary offence which could lead to disissal.
Purpose
!
.
1
To protect DDC coputers and data networ"s against virus infections to an e#tent
consistent with cost$effectiveness and without interfering unnecessarily with the
productive use of its coputers and networ"s.
!
.
!
To establish a policy and procedure that defines the responsibilities for reducing the
threat of coputer viruses to DDC coputers and networ"s.
!
.
%
To establish responsibility for overseeing coputer virus prevention activities within
DDC and to establish a reporting echanis to ensure that all appropriate personnel
are contacted in case of a coputer virus incident.
!
.
&
To proote DDC eployee awareness of the threat posed by coputer viruses and
to ensure that virus protection software and procedures are properly ipleented
and utili'ed on a regular basis.
Scope
%
.
1
Copliance with the provisions of the policy concerning pre$scanning of all data and
progra files before installation and reporting of possible viruses applies to anyone
perforing wor" using (T resources within DDC.
Policy Updates
&
.
1
This policy will be aended fro tie to tie in response to changing circustances
as coputer facilities develop and in response to operational and legislative
re)uireents.
&
.
!
The Council will do its best to ensure that individual users are ade aware of these
changes when they occur.
&
.
%
The ost current version of the policy will however always be available on the
Council*s (ntranet site and in paper for fro +uan ,esources. -s a condition of
use. it is the responsibility of users to ensure that they "eep up$to$date with the latest
re)uireents of the policy.
Deinition o Ter!s
1
/
.
1
-uthorised 0oftware1 0ee the DDC Coputer 0oftware Policy.
/
.
!
Coputer Virus1 - coputer virus is a progra or piece of code that is loaded onto
any coputer. including PCs and servers. without the "nowledge of the owner and
runs against the owner2s wishes. -ll coputer viruses are anade. -ll coputer
viruses will disrupt the operation of the infected coputer. 0oe coputer viruses
are destructive. peranently daaging data files or progras on a coputer.
User "#areness
3
.
1
-ll users will be re)uired to sign the following stateent before being allowed access
to DDC coputers4networ"s1
I have read the Councils Virus Protection Policy and fully understand the terms and
conditions and agree to abide by them.
I understand that the Councils security systems will record for management use all virus
protection activity on DDC computers/networks.
I understand that violation of this policy may lead to disciplinary action including
termination of employment and could also lead to personal criminal prosecution.
Responsi$ilities o Users
5
.
1
.
6
7very 7ployee2s ,esponsibility.
5
.
1
.
1
7ach eployee is personally responsible for understanding and observing the
provisions of this policy.
5
.
1
.
!
(t is contrary to DDC policy for any eployee to introduce. deliberately. a virus into
DDC coputers and4or networ"s. to withhold inforation necessary for the effective
ipleentation of virus protection procedures or to use software or data that has not
been properly scanned for viruses in DDC coputers and4or networ"s.
5
.
!
.
6
(T Departent*s ,esponsibility.
5
.
!
.
1
The (T Departent is responsible for overseeing coputer virus protection activities
within DDC.
5
.
The (T Departent will evaluate. recoend. and aintain virus protection software
and4or tools for use on DDC des"top coputers and networ" servers. The (T
2
!
.
!
Departent will provide support for the evaluation. ac)uisition. and aintenance of
virus protection software and4or tools for other systes aintained within DDC. The
(T Departent will ensure that virus protection software is installed on any des"top
coputer and networ" server ac)uired by DDC before they are ade available for
use by DDC. its eployees or its agents.
5
.
!
.
%
The (T Departent will investigate every report of an apparent coputer virus
infection. and will a"e every reasonable effort to deterine the source of the
infection. The (T Departent will "eep all affected personnel advised of the
investigation.
5
.
!
.
&
For each incident. The (T Departent will develop and4or provide step$by$step
procedures for the scanning and actual reoval of the virus.
5
.
!
.
/
The (T Departent will oversee the effort to reove the virus fro the affected
coputer. to scan for viruses on any other coputers that were connected to this
coputer. and to scan any dis"ettes that were used in the coputer(s).
Virus Protection Procedures
8
.
1
.
6
9eneral 9uidance
8
.
1
.
1
-ll data and4or progra files ust be scanned for viruses before installation (or. in
the case of software distributed in copressed for. iediately after installation) to
safeguard DDC networ"s fro infection. This includes shrin"$wrapped software (i.e..
software shipped in taper$proof pac"aging) procured directly fro coercial
sources such as :icrosoft. ;ovell. etc. (t also includes shareware and freeware
obtained fro electronic bulletin boards or on dis" (dis"ette or CD$,<:). custo$
developed software. and software received through governent sources.
8
.
1
.
!
-ll data and progra files that have been electronically transitted to a DDC
coputer fro another location. internal or e#ternal. ust be scanned for viruses
iediately after being received.
8
.
1
.
%
7very dis"ette is a potential source for a coputer virus. Therefore. every dis"ette
ust be scanned for virus infection before it is used in a DDC coputer or networ"
server.
8
.
1
.
&
Coputers and4or networ" servers shall never be =booted= fro a dis"ette received
fro an outside source. >sers shall always reove a dis"ette fro the dis" drive
when not in use. This is to ensure that the dis"ette is not in the dis" drive when the
achine is powered on. - dis"ette infected with a boot virus ay infect a coputer
in that anner. even if the dis"ette is not a =bootable= dis"ette.
3
8
.
1
.
/
Virus protection software shall be loaded on each des"top coputer and server as a
terinate and stay resident (T0,) progra to constantly onitor for viruses to
prevent introduction to the networ".
8
.
!
Virus ,eporting and Docuentation by 7ployee.
8
.
!
.
1
?hen an eployee detects what appears to be a virus. the eployee shall ta"e the
following steps1
a) ?rite down the nae of the virus if provided by the virus detection software.
b) ?rite down any recent unusual syste activities (for instance. une#pected dis"
access. error essages or screen displays) and. if possible. include when these
activities were first noticed.
(ediately1
c) ;otify the (T Departent
d) (f the coputer that ay be infected is part of a networ". disconnect the
coputer fro the networ".
e) Post a warning note on the infected coputer.
8
.
%
Virus ,eport +andling by the (T Departent.
8
.
%
.
1
>pon receipt of a notice of a possible virus. clarify syptos. verify if there is a virus.
deterine the source of the infection. isolate the source fro the DDC environent.
and assess the daage.
8
.
%
.
!
Verify that all potentially affected users have been notified.
8
.
%
.
%
(f it is a new virus and4or the aount of daage is significant. wor" with the user(s)
to isolate the virus and develop a course of action (step$by$step procedures) for
restoring the networ" and4or coputer(s) to noral.
8
.
%
.
&
,eove the virus fro the affected coputer. scan for viruses on any other
coputers that were connected to this coputer. and scan any dis"ettes that were
used in the coputer(s).
%ac&up and Restore
@
.
The (T Departent is responsible for the bac"up of all file server progras and data.
-ll storage devices ust be scanned for viruses before bac"up.
4
E'ceptions
1
6
.
-ny e#ceptions to this Virus Protection Policy shall re)uire prior written approval of
the Director of Corporate 0ervices.
(urt)er Inor!ation
1
1
.
(f you would li"e further inforation on the contents of this Virus Protection Policy. or
on any atters relating to it. please contact the Council*s (T -dvisor.
I at any sta*e t)ere are any issues #it)in t)e policy #)ic) are percei+ed $y any party
as conlictin* #it) t)eir ri*)ts, t)at party s)ould $rin* t)ese to t)e attention o t)e
Director o Corporate Ser+ices or raise a *rie+ance t)rou*) t)e -rie+ance Procedure.
:ay !66%
5