End user cyber security policy (standard)
You can use this standard-length cyber security policy to govern the use of an organisation's information technology systems. The policy may be adapted to cover employees or contractors - or both.
This policy is relatively flexible, with provisions covering such matters as the risks that might arise out of the use of IT systems, password security, software security and updates, security breaches, misuse of company equipment, use of cloud services, and much more. Many of these provisions are optional, so that the policy can easily be adapted to fit the requirements of your organisation.
Unlike the "premium" version of this document, this version does not include provisions relating to: (i) the monitoring of personnel; or (ii) personnel training.
This policy was created and is maintained by Emma Osborn of OCSRC (https://www.ocsrc.co.uk) in collaboration with SEQ Legal.Ask about this document
End user cyber security policy (standard) contents
- Introduction: employee and contractor contribution to security; concerns of company; the need for employees/contractors to be vigilant; providing information on how to keep the companysecure; implementation of the policy; contact for queries ; the policy is part of the contract.
- Cyber security requirements: rules about passwords; circumventing security measures; reporting of security breaches; no accessing work systems with personal devices; taking IT equipment off company premises; exchanging data; no use of companyequipment outside network; no personal use ofcompanyequipment; use of public cloud services; removing data fromcompanypremises; installing software ontocompanycomputer or phone; administrator accounts; accessing inappropriate content; usecompanyVPN away from office; use of equipment in public Wi-Fi networks.
- Handling mistakes: handling mistakes in a timely manner; solving the problem; when to report a mistake; details of the mistake to give the security team; mistakes on own device while connected to company's systems; failing to report system misuse.
- Consequences of system misuse: actions considered to be misuse of IT systems; consequences of IT system misuse.
- Declaration: agreement to abide by policy; signature; signature line: first.