APPENDIX A: Acceptable Use Security Policy
The following document is a sample Acceptable Use Security Policy using the outline identified in the Security Policy Template. The purpose of this sample document is to aid with the development of your own agency Acceptable Use Security Policy by giving specific examples of what can be performed, stored, accessed and used through the use of your departments computing resources.
Section 1 - Introduction
Information Resources are strategic assets of the and must be treated and managed as valuable resources. provides various computer resources to its employees for the purpose of assisting them in the performance of their job-related duties. State law permits incidental access to state resources for personal use. This policy clearly documents expectations for appropriate use of assets. This Acceptable Use Policy in conjunction with the corresponding standards is established to achieve the following:
1. To establish appropriate and acceptable practices regarding the use of information resources.
2. To ensure compliance with applicable State law and other rules and regulations regarding the management of information resources.
3. To educate individuals who may use information resources with respect to their responsibilities associated with computer resource use.
This Acceptable Use Policy contains four policy directives. Part I – Acceptable Use Management, Part II – Ownership, Part III – Acceptable Use, and Part IV – Incidental Use. Together, these directives form the foundation of the Acceptable Use Program.
Section 2 – Roles & Responsibilities
1. management will establish a periodic reporting requirement to measure the compliance and effectiveness of this policy.
2. management is responsible for implementing the requirements of this policy, or documenting non-compliance via the method described under exception handling.
3. Managers, in cooperation with Security Management Division, are...