When to use this
Practical use
Use this as a working artifact. Fill it with real owners, dates, decisions, evidence locations, and review status.
Use this as a practical rules template for personnel, contractors, and third-party users who use organizational information and associated assets.
Acceptable use rules
| Asset or activity | Allowed use | Prohibited or restricted use | Approval needed | Monitoring or evidence |
|---|---|---|---|---|
| Internet access | Business use and approved limited personal use | Illegal activity, attack activity, unsafe sites | TBD | Web logs / alerts |
| Email and messaging | Business communication | Sending sensitive data to personal accounts | TBD | Mail logs / DLP |
| Devices | Assigned business use | Sharing devices or disabling controls | TBD | Asset records |
| Software/cloud tools | Approved tools | Unauthorized installs or shadow IT | TBD | Software inventory |
| Printing/copying | Authorized business use | Unattended sensitive output | TBD | Secure print logs |
| Removable media | Approved encrypted media | Unapproved USB or personal media | TBD | Media register |
Classification handling rules
| Classification | Storage | Transmission | Printing | Release approval | Disposal |
|---|---|---|---|---|---|
| Public | Approved public locations | Normal channels | Normal | Content owner | Normal disposal |
| Internal | Approved internal systems | Internal channels | Controlled | Owner if external | Secure disposal if needed |
| Confidential | Restricted repositories | Encrypted or approved secure transfer | Secure print | Asset owner | Secure disposal |
| Highly confidential / regulated | Restricted access with logging | Strong encryption or approved transfer method | By exception | Formal approval | Verified destruction |
User acknowledgement checklist
- Rules are communicated before access is granted.
- User has acknowledged acceptable use rules.
- User understands classification handling expectations.
- User understands prohibited uses.
- User knows how to report accidental misuse or suspected incidents.
- Contractor or third-party agreement includes equivalent obligations where applicable.
Related notes
- Template
- Iso27001
- A5 10
- Acceptable use
Note Metadata
Aliases: Acceptable Use Rules, Information Handling Rules
Source: 90 Templates/Acceptable Use and Information Handling Rules.md
Graph-sourced resources
Templates and evidence
Auditor evidence packs
Evidence collections and audit-facing verification material.
Related Notes
- ISO 27001 A.5.10 - Acceptable Use of Information and Other Associated Assets
- ISO 27001 A.5.13 - Labelling of Information
- ISO 27001 A.5.32 - Intellectual Property Rights
- A.5.10 Audit Evidence Pack
- A.5 Organizational Controls Implementation Guide
- ISO 27002 Annex A Control Interpretation Map
- A.5.10 Audit Checklist
- AI-Generated Content IP Review Checklist
- Template - Policy Communication and Acknowledgement Tracker
- Templates MOC