Skip to content

Software Policy 💾

1. Purpose and Guiding Principles

This policy governs the acquisition, installation, and use of all software on company-owned and managed devices. Our goal is to provide employees with the best tools to foster innovation and productivity while maintaining a secure and stable technology environment.

  • Security First: The integrity of our data and systems is paramount.
  • Legal Compliance: We use only properly licensed and approved software.
  • Productivity & Collaboration: We standardize tools to ensure seamless collaboration across our global team.

2. Standard Software Suite 💻

All company-provided computers come with a standard suite of pre-installed and approved software to cover core business functions and include the latest security updates.

Core Application Categories

While the specific application list is maintained by the Security team, the standard suite includes:

  • Operating System: The latest version of macOS.
  • Productivity Suite: Core applications for documents, spreadsheets, and presentations (e.g., Google Workspace, Microsoft Office).
  • Communication: Company-approved tools for email, chat, and video conferencing (e.g., Slack, Google Meet).
  • Security: Mandatory antivirus, firewall, and device management software (Rippling).
  • Web Browsers: Approved browsers like Google Chrome with required security extensions.
  • Technical Tools: For developer and technical roles, this includes approved IDEs, code editors, and other development utilities.

3. Software Approval & Vendor Lifecycle 📥

To maintain security and compatibility, all software not included in the standard suite must be approved before installation.

Note: Some of the links in this section can only be accessed by Ultralytics team members.

Approval & Installation Process

  1. Manager Approval: Before you start, check if the vendor already exists in our Approved Vendor Database. Once you've confirmed this, send a software request to your direct manager, including a clear business justification and the cost, if any.
  2. Submit Vendor Onboarding Request: Your manager or any team member on the manager's behalf must submit the request via the Vendor Onboarding Form. This is a mandatory step to understand potential risks from the tools we use.
  3. Multi-Team Review: The request will be reviewed by Legal and Security teams to ensure comprehensive evaluation before approval.
  4. Final Approval: Once the Legal and Security teams give their approval, your manager will provide the final sign-off. You can track progress and final sign-off status via this Tracking Overview.
  5. Purchase & Installation: For paid software, follow the standard reimbursement procedures.

Prohibition of Unauthorized Software

The installation of any software that has not been approved through this process is strictly prohibited. This includes personal software on company devices, unlicensed or "cracked" applications, and any tool that could compromise system security.

Ongoing Vendor Management

  1. Track Vendor Changes: Monitor your approved vendors for any significant modifications that could impact security, finance, or compliance requirements.
  2. Submit Change Request: When updates occur, submit details via the Vendor Change Form. This ensures our Legal and Security team can assess any new risks. Key changes to report include security incidents, changes in data categories, vendor offboarding, changes in tool ownership, or price changes over $500/year.
  3. Review Process: The Security, Legal, and Finance teams will evaluate the changes to determine if additional approvals or actions are needed.

4. Acceptable Use Policy 🛡️

Business vs. Personal Use

Company-provided software and devices are intended primarily for business purposes. However, we permit limited and reasonable personal use provided it:

  • Does not interfere with your work performance or responsibilities.
  • Does not compromise the security or integrity of company systems.
  • Does not violate any other company policies.
  • Does not incur any additional cost for the company.

Prohibited Activities

The following activities are strictly forbidden on company devices:

  • Using software for any illegal purpose, including copyright infringement.
  • Installing or distributing unlicensed, pirated, or unauthorized software.
  • Accessing, downloading, or distributing offensive, discriminatory, or pornographic material.
  • Circumventing or disabling security measures, including antivirus and MDM software.
  • Sharing confidential company information or data through unauthorized platforms.
  • Engaging in any activity that could harm the company's reputation or systems.

5. Security and Compliance 🔒

Every employee shares the responsibility for protecting our digital assets.

System & Security Software

  • Antivirus & Malware Protection: All devices must have company-approved security software installed and running at all times. Tampering with this software is a policy violation.
  • System Updates: Keep your operating system and all applications updated. Enable automatic updates whenever possible to patch vulnerabilities promptly.
  • Firewall: The built-in OS firewall must be enabled on all computers.

Data Security

  • Handling Sensitive Data: Use only company-approved applications and secure, encrypted channels for storing or transmitting confidential or sensitive information.
  • Backups: You are responsible for ensuring your critical work files are saved to approved cloud storage solutions (e.g., Google Drive) and not just locally on your device.

Password Management

  • Password Manager: Using a company-approved password manager is required. This helps create and store strong, unique passwords for every service.
  • Multi-Factor Authentication (MFA): MFA must be enabled on all accounts that support it, especially for critical systems like Google Workspace, Slack, and Rippling.

6. IT Support 🤝

How to Get Help

If you have any software-related issues, please reach out in the #it-support Slack channel.

Service Level Agreements (SLAs)

Our team prioritizes requests to ensure critical issues are handled swiftly.

  • Critical (System-wide outage, security breach): 1-hour response
  • High (Individual unable to work): 4-hour response
  • Normal (Minor issue, software request): 24-hour response

This policy helps us maintain a secure, compliant, and productive software environment. For any questions, please contact your manager or the Security team.



📅 Created 0 days ago ✏️ Updated 0 days ago
glenn-jocher zkontri