← All templates
Governance · Policy template

Acceptable Use Policy

A clear AUP protects the organisation and gives staff unambiguous expectations. It underpins many awareness and HR controls.

FreeGet the "Acceptable Use Policy" template

We'll email you a copy and occasional practical compliance guidance. No spam — unsubscribe anytime.

[Organisation] · Acceptable Use Policy
Version 1.0 · Owner: [Role] · Approved: [Date] · Classification: Internal

Purpose

To define acceptable and prohibited use of [Organisation] information systems, devices and networks.

Scope

Applies to all users of [Organisation] systems, including personal devices used for work (BYOD) where permitted.

Acceptable use

  • Systems are used for legitimate business purposes.
  • Users protect their credentials and lock unattended devices.
  • Company data is stored only in approved, sanctioned locations.

Prohibited use

  • Sharing credentials or bypassing security controls.
  • Installing unapproved software or connecting unapproved devices.
  • Accessing, storing or transmitting unlawful or infringing material.
  • Using company systems to harass, defraud or misrepresent.

Monitoring

[Organisation] may monitor use of its systems to the extent permitted by law to protect security and ensure compliance.

Review

Reviewed annually and acknowledged by all users on joining and after material updates.

Template provided by CyberSigma for adaptation. Replace bracketed placeholders and tailor to your environment before adopting. This is guidance, not legal advice.

Want this tailored and audit-ready?

Our CERT-In empanelled auditors can build your full policy set and align it to PCI DSS, ISO 27001, SOC 2 or DPDP.

Talk to our team →