Policies / Policy
Acceptable Use Policy
A plain-language policy for responsible use of systems and shared resources.
Template
- Users must access only systems, data, and resources they are authorized to use.
- Shared resources must not be used for illegal, abusive, intentionally disruptive, or unrelated high-risk activity.
- Credentials must not be shared, reused across unsafe contexts, or stored in public locations.
- Users are responsible for reporting suspected compromise, misuse, or accidental exposure.
- Administrative access should be limited to people with a current operational need.
- Activity may be reviewed where needed for security, reliability, or policy enforcement.
- Exceptions should be documented with owner, scope, and expiration date.
Expected output
A concise policy statement adaptable to local requirements.
Use notes
| Owner | Assign one person responsible for keeping the template current. |
|---|---|
| Review | Review after significant changes, incidents, staffing changes, or tool changes. |
| Risk | Adapt the template to local policies, contractual duties, privacy requirements, and operational risk. |