Our "Acceptable Use Policy" template contrasts activities that are acceptable (appropriate, permitted) from the organisation's information risk and security perspective, against those that are unacceptable (inappropriate, forbidden).
- IT in general - an introduction
- BYOD - Bring Your Own Device, using your for work purposes
- Cloud - covering private and public cloud services
- Internet - a risky global playground, particularly for the more naive among us
- Electronic messaging - email and various other comms/messaging services
- Social media - a 'dual-use' technology with pros and cons for the business
- IP - protecting valuable Intellectual Property belonging to the organisation or others
- Personal information - privacy in a nutshell
- Knowledge - protecting and exploiting the intangible information in workers' heads
- IoT - those litttle Internet of Things devices creeping up on us all
- Responsibilities - including compliance, conformity and accountability
This is a lightweight policy, just 6 pages with about half a page per topic. We have developed an actionable checklist format covering a lot of ground quickly, making this ideal for general circulation and security awareness purposes, perhaps a handout for employee orientation, a periodic reminder or an opportune prompt following incidents and near-misses. Seize the moment!
The relatively informal, engaging style is easier on the eye than typical policies. It reads more like a guideline in fact. Small companies, in particular, appreciate the lighter touch and lack of jargon, while AUPs complement traditional policies for organisations of all sizes. We find that workers who 'resent being told what to do' or 'don't have the time for this stuff' often respond positively to the gentler approach. However, the responsibilities section leaves no doubt that the organisation takes 'this stuff' seriously and means business.
Supplied as an MS Word document, 'camera-ready' yet readily customised for your particular situation.