Purpose
To define acceptable and prohibited use of [Organisation] information systems, devices and networks.
Scope
Applies to all users of [Organisation] systems, including personal devices used for work (BYOD) where permitted.
Acceptable use
- Systems are used for legitimate business purposes.
- Users protect their credentials and lock unattended devices.
- Company data is stored only in approved, sanctioned locations.
Prohibited use
- Sharing credentials or bypassing security controls.
- Installing unapproved software or connecting unapproved devices.
- Accessing, storing or transmitting unlawful or infringing material.
- Using company systems to harass, defraud or misrepresent.
Monitoring
[Organisation] may monitor use of its systems to the extent permitted by law to protect security and ensure compliance.
Review
Reviewed annually and acknowledged by all users on joining and after material updates.
Template provided by CyberSigma for adaptation. Replace bracketed placeholders and tailor to your environment before adopting. This is guidance, not legal advice.
