Tip

Sample security policy for end users, part one



Here is the first part of a sample security policy for end users, submitted by searchSecurity member Nap van Zuuren. Give it a read and tell us what you think by rating it at the bottom of the page. And, don't miss the rest of the policy; follow the link below.

DRAFT: Software & Hardware Policy for End Users

I. Introduction
As 's business is security-related and also deals with Customers' 'secrets', this policy also contains policy and (basic) procedures on security issues. Specific policies and procedures on information protection, security, backup, recovery, protection for desktops and portables (boot protection, disk partition, encryption), etc. will follow in due course.

II. Mission Statement
The staff of has the obligation towards and 's customers to ensure that 's and the customer's proprietary information is safeguarded and that the existing files will never be damaged and/or destroyed.
- Thus, access control, antivirus protection, the application of security patches, etc. is part of every employee duty.

III. Acknowledgement of Receipt of this Document
A copy of the Acknowledgment of Software/Hardware Policy - Appendix A - has to be returned to the assigned Network Administrator (1) and a copy of the Secure ID Receipt document - Appendix B - has to be returned

    Requires Free Membership to View

to the assigned staff (2).
- The return of this/these page(s) can also be carried out by PGP-signing of this/these page(s) and then sending this/these page(s) to the destinees by E-Mail.

Document Version Control on next page.
INDEX: Page
I. Introduction (1)
II. Mission Statement (1)
III. Acknowledgement of Receipt of this document (1)
IV. Document Version Control (2)
V. Acceptable Use (3)
VI. a-f. Software / Purchasing / Licensing / Software Standards / Installation / Virus Protection (3)
VII. Access control Hardware and Software (4)
VIII. a-b. Hardware / Purchasing / Hardware Standards (4)
IX. Outside Equipment (4)
X. Outside Connections (4)
XI. Presently Assigned Administrators (4)
XII. Violations and penalties (4)
XIII. Additional Policy & (basic) Procedures on Security issues (5)
XIV. Appendix A (to be signed-of) (6)
XV. Appendix B (if token received: to be signed-of) (7)
XVI. Appendix C (if laptop received; to be signed-of) (8)
Notes on this specific Draft (9-10)

IV. Document Version Control
Data Classification - Company Confidential
This document
Document Ref. Number EMEA/YYY/????
Document Generic File Name Policy-XXX-YYY-EndUsers-Initial
Document Issue No 16/06/2001
Date x
Author(s) x
Approved by x

Distribution List All XXX-yyy Employees for Review and Comments

Remarks V.1: Input on xx from xx

History of this document

Document Generic File Name Policy-XXX-YYY-EndUsers-Initial
Document Issue No. 1 Initial Draft
Status DRAFT V.0
Date May 28, 2001
Author(s) Nap van Zuuren
Approved by x
Distribution List All XXX-yyy Employees for Review and Comments
Remarks Input on VI.b from ABC / Input on XIII from DEF
+ Note on Critical Update Internet Explorer

Document Generic File Name
Document Issue No.2
Status
Date
Author(s)
Approved by
Distribution List
Remarks

Document Generic File Name
Document Issue No.3
Status
Date
Author(s)
Approved by
Distribution List
Remarks

Document Generic File Name
Document Issue No.4
Status
Date
Author(s)
Approved by
Distribution List
Remarks


This sample policy is continued in Part Two.


This was first published in December 2001

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.