Acceptable usage policies clearly indicate what information system users are and are not allowed to do. Without these policies, the potential exists that users could violate information security and avoid punitive actions by claiming to not know about any restrictions in place. This can make it extremely difficult to enforce the measures outlined in the policy and ultimately lead to a complete disregard of the policy.
This Acceptable Usage Policy Template includes the following sections:
- Default policy statements that define “what” the enterprise must do.
- Default procedures that define “how” the enterprise must do it.
- Baseline recommendations to customize the template to individual enterprise requirements.
Use this and the related templates to build an efficient and effective enterprise Security Policy.