This policy is designed to help prevent infection of Indiana University School of Informatics and Computing computers and computer systems by computer viruses and other malicious code. This policy is intended to help prevent damage to user applications, data, files, and hardware.
This policy applies to all employees and faculty of SOIC; as well as vendors, contractors, partners, students, collaborators and any others doing business or research with the SOIC will be subject to the provisions of this policy. Any other parties, who use, work on, or provide services involving SOIC computers and technology systems will also be subject to the provisions of this policy. Every user of SOIC computer resources is expected to know and follow this policy.
Computer devices are any type of device connected to a network that could become infected with a computer virus. Examples of computer devices would be, but not limited to, workstations, servers, laptops, PDAs, etc.
Malicious software is any type of computer code that infects a machine and performs a malicious action. This is sometimes perpetrated by computer viruses, worms, trojans, etc.
Anti-Virus software runs on either a server or workstation and monitors network connections looking for malicious software. Anti-virus software is generally reactive, meaning a signature file must be developed for each new virus discovered and these virus definition files must be sent to the software in order for the software to find the malicious code.
Virus definition files are periodic files provided by vendors to update the anti-virus software to recognize and deal with newly discovered malicious software.
All IU School of Informatics and Computing computer devices connected to the Indiana University network (herein referred to as “the network”) or networked resources shall have anti-virus software installed, configured so that the virus definition files are current, routinely and automatically updated, and the anti-virus software must be actively running on these devices.
All files on computer devices will be scanned periodically for viruses. The school will establish a schedule for automatically scanning the devices within its control.
If deemed necessary to prevent propagation to other networked devices or detrimental effects to the network or data, an infected computer device may be disconnected from the network until the infection has been removed. This will be done under the direction of the Director of Technology Services and the Technology Coordinator or Computer Support Specialist in conjunction with the affected personnel and the IU IT Security Office.
Exceptions to this policy may be allowed if the computer device cannot have anti-virus software installed. Possible examples of this would be vendor-controlled systems, FDA validated systems, or devices where anti-virus software has not yet been developed. In these cases, the Technology Staff must develop a plan to protect the device from infection.
An exception may be granted if an infected computer device is discovered that performs a critical function and may not be immediately taken “off-line” without seriously impairing some business function. Under those circumstances, a plan will be developed to allow the computer device to be taken off-line and the infection purged while protecting the function of the device.
Violation of Policy
If it is suspected that this policy is not being followed, report the incident to the Executive Associate Dean or the Director of Technology Services.
This policy will not supersede any Indiana University developed policies but may introduce more stringent requirements than the university policy. Any exceptions to this policy must be approved in advance by both the Executive Associate Dean and the Director of Technology Services.
Any person found to have violated this policy will be subject to appropriate disciplinary action as defined by the provisions of Indiana University Policy IT-02, Policy on Sanctions for Misuse or Abuse of Indiana University Technology Resources.