Forgotten password?

End user cyber security policy (basic)

This policy covers some of the basics of cyber security. It is designed to help new and small businesses to develop their first end user cyber security policy. The clauses are mainly restrictive, stating what employees must and must not do.

This is intended to support people who have never attempted to write a policy before, so there are limited options to choose from. If you are looking for more flexibility or if you want to write a permissive policy (for instance, if you want a policy covering bring your own device or BYOD), see the standard and premium versions of this document.

This end user cyber security policy is the work of cyber security expert Emma Osborn of OCSRC Ltd (see

Ask about this document

End user cyber security policy (basic) contents

  1. Introduction: employee and contractor contribution to security; the need for employees/contractors to be vigilant; providing information on how to keep
    the company
    secure; contact for queries ; the policy is part of the contract.
  2. Cyber security requirements: rules about passwords; circumventing security measures; reporting of security breaches; no accessing work systems with personal devices; installing software onto
    computer or phone; accessing inappropriate content.
  3. Consequences of system misuse: actions considered to be misuse of IT systems; consequences of IT system misuse.
  4. Declaration: agreement to abide by 
    ; signature; signature line: first.