ISO 27001 Acceptable Use Policy: Ultimate Guide

ISO 27001 Acceptable Use Policy: Ultimate Guide

What an acceptable use policy contains, how to write it and a downloadable template.

What is an Acceptable Use Policy?

There are things that we do and do not want people to do with company computers, systems and data. The acceptable use policy set’s out what we expect and explains it in simple terms.

An acceptable use policy would be read by everyone that uses the company systems and a signed acceptance of the policy would be kept. It is about accountability, responsibility and respect.

The acceptable use policy ensures people understand what is expected of them when using company resources.

Fay Barker Laugh and Smile - High Table Client Director

Acceptable Use Policy Template

The acceptable use policy template is a simple yet effective policy on the acceptable use of company assets.

The purpose of the Acceptable Use Policy

The purpose of this policy is to make employees and external party users aware of the rules for the acceptable use of assets associated with information and information processing. Guiding principles, individually responsibility, intellectual property, use of personal equipment, internet and email usage, instant messaging, social media, working offsite and mobile storage devices as well as monitoring and filtering and reporting are covered in this policy.

What should an acceptable use policy contain?

Document Version Control
Document Contents Page
Purpose
Scope
Acceptable Use of Assets Policy
Principle
Individual Responsibility
Internet and Email Usage
Working Off Site
Mobile Storage Devices
Monitoring and Filtering
Reporting
Policy Compliance
Compliance Measurement
Exceptions
Non-Compliance
Continual Improvement

Acceptable Use Policy FAQ

Who does the acceptable use policy apply to?

The acceptable use policy applies to all staff, contracts and third parties that access or use company assets.

Why is the acceptable use policy important?

People cannot be expected to follow guidelines and rules unless you tell them what they are. The acceptable use policy is used to inform people of what is, and what is not, expected of them. The misuse of computer equipment and information can have legal, regulatory and repetitional consequences for the organisation.

Should be people sign that they accept the acceptable use policy?

Yes. It is a key document in the protection of the organisation. Often part of the HR processes of onboarding it is also embedded in the culture of the organisation and resigned up to annually.

Does the acceptable use policy allow personal use?

It can. It depends on the organisation. The use of computer equipment for personal use can be included with the rules and limits set and clearly explained. There is rarely if ever a case for the personal use of information and data.

ISO 27001 Certification

ISO 27001 Templates Toolkit: Business Edition

ISO 27001 Policy Templates: Professional Edition

Shopping Cart