Installation Software and Operating Systems Policy¶
| Owner | Classification | Review Date | Status |
|---|---|---|---|
| CDO Office | Internal | April 2027 | Active |
|
---|---
Document Type| Policy
Document #| SP-ISOS-021
Owner| Chief Technical Officer; Project Management Office; Head of Compliance
Classification| Confidential (Class 2 — Private Data)
Version| V1.2
Issue Date| 05/09/2025
Review Cycle| Annual
Authorised By| Yassir Pasha
Document Information¶
| Field | Details |
|---|---|
| Document # | SP-ISOS-021 |
| Document Title | Installation Software and Operating Systems |
| Version | V1.2 |
| Confidentiality Level | Class 2 (Private Data / Confidential) |
| Date Created | 26/03/2021 |
| Issue Date | 05/09/2025 |
| Document Owner | Chief Technical Officer, Project Management Office, Head of Compliance |
| Author(s) | Simpaisa |
| Purpose | To ensure that Installation Software and Operating Systems are implemented |
| Authorised By | Yassir Pasha |
Reviewed By Steering Committee¶
| Name | Role |
|---|---|
| Yassir Pasha | Chief Executive Officer |
| Kamil Shaikh | Chief Operating Officer |
| Osama Hashmi | Chief Financial Officer |
| Bachir Njeim | Chief Strategy and Operations Officer |
| Saqlain Raza | Acting Chief Technology Office |
| Rizwan Zafar | Chief Product Officer |
| Ahsan Hussain | Payment Channel Partnerships |
| Danish Abdul Hameed | Chief Information Security Officer |
| Shahroze Khan | Head of International Merchant Sales and Strategic Alliances |
| Noor Ali | Country Head Pakistan |
| Shoukat Bizinjo | Global Head of Regulatory Affairs · Regulatory |
Change Control¶
| Version | Date of Issue | Author(s) | Brief Description of Changes | Approved By |
|---|---|---|---|---|
| V1.0 | 08/04/2021 | Rizwan Zafar | Initial release | Salim Karim |
| V1.1 | 07/02/2022 | Rizwan Zafar | Annual review | Salim Karim |
| V1.2 | 02/02/2023 | Rizwan Zafar | Annual review | Salim Karim |
| V1.2 | 27/09/2024 | Syed Zubair Ahmed | Annual review | Yassir Pasha |
| V1.2 | 05/09/2025 | Simpaisa | Annual review | Yassir Pasha |
1 Introduction¶
The purpose of this policy is to address all issues relevant to software installation and deployment on Simpaisa computer systems. The IT objective is to enable its employees to perform their tasks with technology that is in good operating condition while appropriately addressing the business needs.
This policy is designed to let Simpaisa employees achieve their business objectives. Any aberrations from this strategy will require the IT department to redeploy software and/or hardware solutions. Full cooperation with this policy is appreciated so that all goals can be met in accordance with the business objectives.
2 Privacy¶
This Policy document shall be considered as "confidential" and shall be made available to the concerned persons with proper access control. Subsequent changes and versions of this document shall be controlled.
2.1 Employees¶
This policy applies to all Employees, Contractors, and Third-Party Employees, who use, process, and manage information and business processes of Simpaisa.
2.1 Documentation¶
The documentation shall consist of the software installation Policy, and related procedures & guidelines. The Compliance Policy document and all other referenced documents shall be controlled. Version control shall be to preserve the latest release and the previous version of any document. However, the previous version of the documents shall be retained only for a period of two years for legal and knowledge preservation purposes.
2.2 Records¶
Records being generated as part of this Policy shall be retained for a period of three years. Records shall be in hard copy or electronic media. The records shall be owned by the respective system administrators and shall be audited once a year.
All approved software lists need to be reviewed on a monthly basis or in case of any change the list needs to be updated. Before adding software to the approved software list, a risk assessment is mandatory.
2.3 Distribution and Maintenance¶
This Policy document shall be made available to all the employees covered in the scope. All the changes and new releases of this document shall be made available to the persons concerned. The maintenance responsibility of the document shall be with the Simpaisa Data room and system administrators.
3 Policy¶
Installation of Software on Operational Systems¶
-
IT department is responsible for the installation of new software on the employee's operational systems through the remote access established through the Windows Domain Tools.
-
Employees cannot install software from the Internet or bring software from home without authorisation.
-
When an employee detects the need for the use of software, a request needs to be transmitted to the IT department. The request can be stored as a record or as evidence.
-
The IT department shall determine if the organisation has a licence for the software requested and gets the employee's direct manager acceptance for such installation.
-
If there is a licence and the direct manager approval, the IT department notifies the employee and will proceed to install the software on the computer of the user who requested it.
-
If there is no licence, a responsible party must assess whether the requested software is necessary for the performance of the duties of the employee. For the evaluation, the financial feasibility of the software purchase must also be analysed, when the software costs money.
-
If the software costs money, an analysis should be made as to whether there is another similar tool on the market that is cheaper or even free (Total Cost of Ownership must be calculated).
-
Top management should participate in the decision on the acquisition of new software.
-
Once the decision has been made, the IT department will proceed to include the software in their inventory and will install the software.
3. Enforcement¶
Any employee found to have violated this policy may be subjected to disciplinary action in line with the HR Policy.