End of Life Policy
The purpose of this policy is to ensure that the confidentiality, integrity, availability of IT Resources is kept intact by not utilizing, deploying, relying on hardware, software, or firmware in an End of Life (EOL) status where there is no remediation.
This IT policy, and all policies referenced herein, shall apply to all members of the University community, including faculty, students, administrative officials, staff, alumni, authorized guests, delegates, and independent contractors (the “User(s)” or “you”) who use, access, or otherwise employ, locally or remotely, the University’s IT Resources, whether individually controlled, shared, stand-alone, or networked.
- Fordham University’s Information Risk Management Board (IRMB) requires the University and its partners, internal and external, to maintain an EOL plan per the published Vulnerability Management Policy.
- This EOL policy includes, but is not limited to, operating system (OS), applications, hardware, firmware, services, or subscriptions.
- When a vendor’s EOL product plan cannot meet the Vulnerability Management Policy requirements, the University Information Security Office (UISO) may recommend alternative mitigating controls for EOL technology, such as upgrades, updates, replacements, or decommissions.
- You must contact the UISO to coordinate a formal risk analysis.
End of Life (EOL) describes the useful life of an operating system, applications, hardware, firmware, services, or subscriptions. After this period, the vendor will stop updating, supporting, marketing, or selling that particular item. After this period, the manufacturer will stop marketing, selling, or updating that specific item.
IT Resources include computing, networking, communications, application, telecommunications systems, infrastructure, hardware, software, data, databases, personnel, procedures, physical facilities, cloud-based vendors, Software as a Service (SaaS) vendors, and any related materials and services.
Related Policies and Procedures
- Patch Management Policy
- Software Development Life Cycle
- Software Development Life Cycle and Secure SDLC Procedure
- Vulnerability Management Policy
- Vulnerability Management Procedure
|Responsible Person:||Director, IT Security|
|Approval Date:||July 1, 2021|
Policy Disclaimer Statement
Deviations from policies, procedures, or guidelines published and approved by the University Information Security Office (UISO) may only be done cooperatively between the UISO and the requesting entity with sufficient time to allow for appropriate risk analysis, documentation, and possible presentation to authorized University representatives. Willful failure to adhere to UISO written policies may be met with University sanctions.