Sample Acceptable Use Policy:: Difference between revisions

From HORSE - Holistic Operational Readiness Security Evaluation.
Jump to navigation Jump to search
No edit summary
No edit summary
 
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
=='''Sample Acceptable Use Policy'''==
 
<br>
==Sample Acceptable Use Standard==
As stated in the Company [[Sample Information Security Program Charter:|'''Sample Information Security Program Charter''']], the Company will follow a risk management approach to develop and implement Information Security policies, standards, guidelines, and procedures. The Information Security Program will protect information assets by establishing policies to identify, classify, define protection and management objectives, and define acceptable use of Company information assets.<br>
This Acceptable Use Standard defines Company objectives for establishing specific standards on appropriate business use of the Company's information and telecommunications systems and equipment.
<br>
 
This Acceptable Use Policy defines Company objectives for establishing specific standards on appropriate business use of the Company's information and telecommunications systems and equipment.<br>
==Objectives==
<br>
=='''I. Scope'''==
<br>
All employees, contractors, part-time and temporary workers, and those employed by others to perform work on Company premises, or who have been granted access to Company information or systems, are covered by this policy and must comply with associated standards and guidelines.<br>
<br>
=='''II. Objectives'''==
<br>
<br>
Company information and telecommunications systems and equipment, including Internet, electronic mail, telephone, pager, voice mail and fax, are provided for official and authorized Company business purposes. Any use of such systems and equipment perceived to be illegal, harassing, offensive, or in violation of other Company policies, standards or guidelines, or any other uses that would reflect adversely on Company, can be considered a violation of this policy.<br>
Company information and telecommunications systems and equipment, including Internet, electronic mail, telephone, pager, voice mail and fax, are provided for official and authorized Company business purposes. Any use of such systems and equipment perceived to be illegal, harassing, offensive, or in violation of other Company policies, standards or guidelines, or any other uses that would reflect adversely on Company, can be considered a violation of this policy.<br>
Line 24: Line 18:
Specific instructions and requirements for appropriate business use of software and programs are provided in the [[Sample Software Acceptable Use Standard:|'''Sample Software Acceptable Use Standard''']].<br>
Specific instructions and requirements for appropriate business use of software and programs are provided in the [[Sample Software Acceptable Use Standard:|'''Sample Software Acceptable Use Standard''']].<br>
<br>
<br>
=='''III. Responsibilities'''==
Specific instructions and requirements for appropriate business use of personal equipment within the Companies technology resources are provided in the [[Sample BYOD Acceptable Use Standard:|'''Sample BYOD Acceptable Use Standard''']].<br>
<br>
The Chief Information Officer (CIO) is the approval authority for the Acceptable Use Policy.<br>
<br>
The Chief Information Security Officer (CISO) is responsible for the development, implementation, and maintenance of the Acceptable Use Policy and associated standards and guidelines.<br>
<br>
Company management is accountable for ensuring that the Acceptable Use Policy and associated standards and guidelines are properly communicated and understood within their respective organizational units. Company management is also responsible for defining, approving, and implementing procedures in its organizational units and ensuring their consistency with the Acceptable Use Policy and associated standards and guidelines.<br>
<br>
All individuals, groups, or organizations identified in the scope of this policy are responsible for familiarizing themselves and complying with the Acceptable Use Policy and associated standards and guidelines.<br>
<br>
=='''IV. Policy Enforcement and Exception Handling'''==
<br>
Failure to comply with the Acceptable Use Policy and associated standards, guidelines, and procedures can result in disciplinary actions up to and including termination of employment for employees or termination of contracts for contractors, partners, consultants, and other entities. Legal actions also may be taken for violations of applicable regulations and laws.<br>
<br>
Requests for exceptions to the Acceptable Use Policy should be submitted to <Title>. Exceptions shall be permitted only on receipt of written approval from <Title>.<br>
<br>
=='''V. Review and Revision'''==
<br>
The Acceptable Use Policy will be reviewed and revised in accordance with the [[Sample Information Security Program Charter:|'''Sample Information Security Program Charter''']].<br>
<br>
Approved: _______________________________________________________<br>
<br>
Signature<br>
<br>
<br>
<Insert Name><br>
Specific instructions and requirements for appropriate business conduct and reporting procedures are provided in the [[Sample Misuse Reporting Standard:|'''Sample Misuse Reporting Standard''']].<br>
<br>
<br>
Chief Information Officer<br>
==Document Examples==
Use these samples as a guide for your policy development. Fully customizable versions are available from [http://policy-machine.com The Policy Machine].<br>
<br>
<br>
<gallery>
Image:Acceptable Use Standard.png|Acceptable Use Standard page one of six.
Image:Acceptable Use Standard(1).png|Acceptable Use Standard page two of six.
Image:Acceptable Use Standard(2).png|Acceptable Use Standard page three of six.
Image:Acceptable Use Standard(3).png|Acceptable Use Standard page four of six.
Image:Acceptable Use Standard(4).png|Acceptable Use Standard page five of six.
Image:Acceptable Use Standard(5).png|Acceptable Use Standard page six of six.
</gallery>

Latest revision as of 17:48, 14 January 2014

Sample Acceptable Use Standard

This Acceptable Use Standard defines Company objectives for establishing specific standards on appropriate business use of the Company's information and telecommunications systems and equipment.

Objectives


Company information and telecommunications systems and equipment, including Internet, electronic mail, telephone, pager, voice mail and fax, are provided for official and authorized Company business purposes. Any use of such systems and equipment perceived to be illegal, harassing, offensive, or in violation of other Company policies, standards or guidelines, or any other uses that would reflect adversely on Company, can be considered a violation of this policy.

The Company reserves the right to monitor, record, or periodically audit use of any of its information and telecommunications systems and equipment. Use of these systems and equipment constitutes expressed consent by those covered by the scope of this policy to such monitoring, recording, and auditing. Actual or suspected misuse of these systems should be reported to the appropriate Company management representative in a timely manner. Specific instructions and requirements for reporting misuse of Company information and telecommunications systems and equipment are provided in the Misuse Reporting Standard.

Specific instructions and requirements for appropriate business use of the Internet are provided in the Sample Internet Acceptable Use Policy.

Specific instructions and requirements for appropriate business use of the Company electronic mail system are provided in the Sample Electronic Mail Acceptable Use Standard .

Specific instructions and requirements for appropriate business use of telephones, pagers, faxes, and voice mail are provided in the Sample Telecommunication Acceptable Use Standard.

Specific instructions and requirements for appropriate business use of software and programs are provided in the Sample Software Acceptable Use Standard.

Specific instructions and requirements for appropriate business use of personal equipment within the Companies technology resources are provided in the Sample BYOD Acceptable Use Standard.

Specific instructions and requirements for appropriate business conduct and reporting procedures are provided in the Sample Misuse Reporting Standard.

Document Examples

Use these samples as a guide for your policy development. Fully customizable versions are available from The Policy Machine.