Controls

Terug naar overzicht
Version

SB.1.001 Acceptable use policy

Asset Management
Low
Low
Low
Organisation
v2.0 (Q1 2024)

Description

End users are actively informed on the organisational policies regarding acceptable use of assets. Organisationally offered IT assets and services must be used for professional purposes, the usage of free/private alternatives is not allowed.

Specification

At a minimum, an acceptable use policy is formulated and communicated covering the expected behavior of end-users regarding information, systems, applications, infrastructure and hardware made available to them and specifying what users can expect from the IT department(s) in terms of monitoring and enforcement of rules.

Secure Terms of Use cover at least:

  • What’s allowed
  • What’s not allowed
  • Reporting security issues
  • Sanctions
  • Network performance
  • Solving network problems
  • Monitoring security
  • Fixing vulnerabilities for which the user is responsible
  • Reporting Security Incidents

If Terms of Use are not followed, the usage of the IT assets and services can and should be suspended until the associated risks are addressed.

Templates & References