1 minute read
Press Ctrl A on the keyboard to select all text in the document (or use Select, Select
Implementation guidance
The header page and this section, up to and including Disclaimer, must be removed from the final version of the document. For more details on replacing the logo, yellow highlighted text and certain generic terms, see the Completion Instructions document.
Purpose of this document
This document sets out the responsibilities of the employee for the use of information and of assets associated with information and information processing facilities and asks them to sign to say that they understand them.
Areas of the standard addressed
The following areas of the ISO/IEC 27001:2013 standard are addressed by this document:
• A.5 Information security policies o A.5.1 Management direction for information security ▪ A.5.1.1 Policies for information security • A.7 Human resources security o A.7.2 During employment ▪ A.7.2.1 Management responsibilities • A.8 Asset management o A.8.1 Responsibility for assets ▪ A.8.1.3 Acceptable use of assets • A.9 Access control o A.9.3 User responsibilities ▪ A.9.3.1 Use of secret authentication information • A.11 Physical and environmental security o A.11.2 Equipment ▪ A.11.2.8 Unattended user equipment • A.16 Information security incident management o A.16.1 Management of information security incidents and improvements ▪ A.16.1.3 Reporting information security weaknesses
General guidance
This is effectively a summary of several other documents, the key aspect being that this document requires a signature. In many organizations the signed acceptable use policy is required before access to IT systems is granted and the forms are kept in case of any later disputes.
