Our "Acceptable Use Policy" template contrasts activities that are acceptable (appropriate, permitted) from the organisation's information risk and security perspective, against those that are unacceptable (inappropriate, forbidden).
 
Topics:
	
IT in general - an introduction
	
BYOD - Bring Your Own Device, using your  for work purposes
	
Cloud - covering private and public cloud services
	
Internet - a risky global playground, particularly for the more naive among us
	
Electronic messaging - email and various other comms/messaging services
	
Social media - a 'dual-use' technology with pros and cons for the business
	
IP - protecting valuable Intellectual Property belonging to the organisation or others
	
Personal information - privacy in a nutshell
	
Knowledge - protecting and exploiting the intangible information in workers' heads
	
IoT - those litttle Internet of Things devices creeping up on us all
	
Responsibilities - including compliance, conformity and accountability
 
This is a lightweight policy, just 6 pages with about half a page per topic.  We have developed an actionable checklist format covering a lot of ground quickly, making this ideal for general circulation and security awareness purposes, perhaps a handout for employee orientation, a periodic reminder or an opportune prompt following incidents and near-misses. Seize the moment!
 
The relatively informal, engaging style is easier on the eye than typical policies. It reads more like a guideline in fact.  Small companies, in particular, appreciate the lighter touch and lack of jargon, while AUPs complement traditional policies for organisations of all sizes. We find that workers who 'resent being told what to do' or 'don't have the time for this stuff' often respond positively to the gentler approach.  However, the responsibilities section leaves no doubt that the organisation takes 'this stuff' seriously and means business.
 
Supplied as an MS Word document, 'camera-ready' yet readily customised for your particular situation.