Example Acceptable Use Policy for IT Systems
Using this policy
One of the challenges facing organizations today is enabling employees to work productively while also ensuring the security of the IT network and, crucially, the data on it. Given that technology is continually changing, employees play a significant role in IT security. This policy provides a framework for users to follow when accessing IT systems and the data on them. It is intended to act as a guideline for organizations looking to implement or update their own Acceptable Use Policy.
Feel free to adapt this policy to suit your organization. Where required, adjust, remove or add information according to your needs and ...view middle of the document...
Should any employee be unclear on the policy or how it impacts their role they should speak to their manager or IT security officer.
“Users” are everyone who has access to any of ’s IT systems. This includes permanent employees and also temporary employees, contractors, agencies, consultants, suppliers, customers and business partners.
“Systems” means all IT equipment that connects to the corporate network or access corporate applications. This includes, but is not limited to, desktop computers, laptops, smartphones, tablets, printers, data and voice networks, networked devices, software, electronically-stored data, portable data storage devices, third party networking services, telephone handsets, video conferencing systems, and all other similar items commonly understood to be covered by this term.
This is a universal policy that applies to all Users and all Systems. For some Users and/or some Systems a more specific policy exists: in such cases the more specific policy has precedence in areas where they conflict, but otherwise both policies apply on all other points.
This policy covers only internal use of ’s systems, and does not cover use of our products or services by customers or other third parties.
Some aspects of this policy affect areas governed by local legislation in certain countries (e.g., employee privacy laws): in such cases the need for local legal compliance has clear precedence over this policy within the bounds of that jurisdiction. In such cases local teams should develop and issue users with a clarification of how the policy applies locally.
Staff members at who monitor and enforce compliance with this policy are responsible for ensuring that they remain compliant with relevant local legislation at all times.
4. Use of IT Systems
All data stored on ’s systems is the property of . Users should be aware that the company cannot guarantee the confidentiality of information stored on any system except where required to do so by local laws.
’s systems exist to support and enable the business. A small amount of personal use is, in most cases, allowed. However it must not be in any way detrimental to users own or their colleagues productivity and nor should it result in any direct costs being borne by other than for trivial amounts (e.g., an occasional short telephone call).
trusts employees to be fair and sensible when judging what constitutes an acceptable level of personal use of the company’s IT systems. If employees are uncertain they should consult their manager.
Any information that is particularly sensitive or vulnerable must be encrypted and/or securely stored so that unauthorised access is prevented (or at least made extremely difficult). However this must be done in a way that does not prevent–or risk preventing–legitimate access by all properly-authorized parties.
can monitor the use of its IT systems and the data on it at any time. This may include (except...