Sample security policy for end users, part one

Here is the first part of a sample security policy for end users, which can be customized to fit your needs.



Here is the first part of a sample security policy for end users, submitted by searchSecurity member Nap van Zuuren. Give it a read and tell us what you think by rating it at the bottom of the page. And, don't miss the rest of the policy; follow the link below.

DRAFT: Software & Hardware Policy for End Users

I. Introduction
As 's business is security-related and also deals with Customers' 'secrets', this policy also contains policy and (basic) procedures on security issues. Specific policies and procedures on information protection, security, backup, recovery, protection for desktops and portables (boot protection, disk partition, encryption), etc. will follow in due course.

II. Mission Statement
The staff of has the obligation towards and 's customers to ensure that 's and the customer's proprietary information is safeguarded and that the existing files will never be damaged and/or destroyed.
- Thus, access control, antivirus protection, the application of security patches, etc. is part of every employee duty.

III. Acknowledgement of Receipt of this Document
A copy of the Acknowledgment of Software/Hardware Policy - Appendix A - has to be returned to the assigned Network Administrator (1) and a copy of the Secure ID Receipt document - Appendix B - has to be returned to the assigned staff (2).
- The return of this/these page(s) can also be carried out by PGP-signing of this/these page(s) and then sending this/these page(s) to the destinees by E-Mail.

Document Version Control on next page.
INDEX: Page
I. Introduction (1)
II. Mission Statement (1)
III. Acknowledgement of Receipt of this document (1)
IV. Document Version Control (2)
V. Acceptable Use (3)
VI. a-f. Software / Purchasing / Licensing / Software Standards / Installation / Virus Protection (3)
VII. Access control Hardware and Software (4)
VIII. a-b. Hardware / Purchasing / Hardware Standards (4)
IX. Outside Equipment (4)
X. Outside Connections (4)
XI. Presently Assigned Administrators (4)
XII. Violations and penalties (4)
XIII. Additional Policy & (basic) Procedures on Security issues (5)
XIV. Appendix A (to be signed-of) (6)
XV. Appendix B (if token received: to be signed-of) (7)
XVI. Appendix C (if laptop received; to be signed-of) (8)
Notes on this specific Draft (9-10)

IV. Document Version Control
Data Classification - Company Confidential
This document
Document Ref. Number EMEA/YYY/????
Document Generic File Name Policy-XXX-YYY-EndUsers-Initial
Document Issue No 16/06/2001
Date x
Author(s) x
Approved by x

Distribution List All XXX-yyy Employees for Review and Comments

Remarks V.1: Input on xx from xx

History of this document

Document Generic File Name Policy-XXX-YYY-EndUsers-Initial
Document Issue No. 1 Initial Draft
Status DRAFT V.0
Date May 28, 2001
Author(s) Nap van Zuuren
Approved by x
Distribution List All XXX-yyy Employees for Review and Comments
Remarks Input on VI.b from ABC / Input on XIII from DEF
+ Note on Critical Update Internet Explorer

Document Generic File Name
Document Issue No.2
Status
Date
Author(s)
Approved by
Distribution List
Remarks

Document Generic File Name
Document Issue No.3
Status
Date
Author(s)
Approved by
Distribution List
Remarks

Document Generic File Name
Document Issue No.4
Status
Date
Author(s)
Approved by
Distribution List
Remarks


This sample policy is continued in Part Two.


This was first published in December 2001

Dig deeper on Security Resources

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close