1. Purpose 1.1. This policy is intended to guide employees to protect company computers from viruses, malicious code, spam and attacks. 2. Scope and Responsibility 2.1. Information Personnel shall ensure anti-virus software is installed on all company computers and managed in accordance with this policy. 2.2. All employees are required to observe Section 3 of this policy when using the company computers. 3. Policy 3.1. All employees shall observe the following: 3.1.1. NEVER open any files or macros attached to an email from an unknown, suspicious or untrustworthy source. Delete these attachments then immediately empty your Trash Folder. 3.1.2. Delete spam, chain, and other junk email without forwarding. 3.1.3. Never download files from unknown or suspicious sources. 3.1.4. Avoid direct disk sharing with read/write access unless there is a business requirement to do so. 3.1.5. Never use a portable disk (thumb drive or other), CD, DVD or floppy diskette from an unknown source. 

3.1.6. Always scan a portable disk (thumb drive or other), CD, DVD or floppy diskette from any source for viruses before using it. 3.1.7. Employees are forbidden from using a computer that does not have updated anti-virus software installed. 3.1.8. Employees are forbidden from disabling anti-virus software in any way. 3.1.9. Anti-virus software shall be set so that users do not have access to settings or the ability to disable the software. 4. References and Cites 4.1. PCI Data Security Standard v3.2