A succinct ~2-page information security policy template concerning the determination of permissions and rights for access to information.
The policy distinguishes between permissions and rights:
- Permission to access and use information should only be granted to trustworthy people and organisations for legitimate purposes;
- Rights are mandatory and must be respected.
Supplied as an MS Word document, readily customised for your organisation's specific situation.