Software Management Policy

1.0 Purpose 

This policy defines how software is installed and managed on University’s systems to ensure compliance with cyber security standards. 

2.0 Scope 

This policy is applicable to all University managed devices as defined by the Device Management Policy

3.0 Policy 

3.1 All software on University managed devices must be installed and maintained by Information Services. Local administrative account passwords will not be available to users. 

3.2 Information Services is responsible for ensuring all installed software is correctly licensed, supported, and up to date with the latest security patches as required for legal compliance and cyber security certification. 

3.3 Information Services will make software available through the Company Portal (Windows) or Self Service (macOS). Staff can install software that is already available as needed at any time. 

3.4 Software that is not available through centralised systems, can be requested using the software request form

3.5 Software must conform with the below requirements: 

  • Software must be actively maintained by the vendor, with the vendor supplying security patches within a reasonable timeframe of a vulnerability being identified 
  • The University must have a legal right to install and use the software 
  •  Software must be licensed in accordance with the vendor’s licensing requirements (if applicable) 
  •  Software must have a genuine academic or university business use case 
  •  Software must not provide remote access to the computer 
  •  Software must not host any server-style application designed to provide network services or resources to other users on the network 

This Policy is maintained by Information Services, is in the process of being reviewed in July 2022 and is due for review in August 2023