Acceptable use policy
I have a quick question, the acceptable use policy.
1. When it is ready, can it also be used as information security policy? As a more detailed version?
2. And secondly, is it necessary that employees sign the acceptable use policy? Or is it good enough to communicate the policy within the organization?
Assign topic to the user
ISO 27001 IT SECURITY POLICY
Define the detailed security rules for everyone in the company.
Get it now 
ISO 27001 IT SECURITY POLICY
Define the detailed security rules for everyone in the company.
Get it now
ISO 27001 IT SECURITY POLICY
Define the detailed security rules for everyone in the company.
Get it now
1. When it is ready, can it also be used as information security policy? As a more detailed version?
Please note that the Information security policy and the Acceptable use policy templates cover different requirements of the standard, so you cannot use the Acceptable use policy as an Information security policy. You can see the difference between them by comparing section 2 of each template. You can see this section of the Information Security Policy through our free demo at this link: https://advisera.com/27001academy/documentation/information-security-policy/
For further information, see:
- What should you write in your Information Security Policy according to ISO 27001? https://advisera.com/27001academy/blog/2016/05/30/what-should-you-write-in-your-information-security-policy-according-to-iso-27001/
2. And secondly, is it necessary that employees sign the acceptable use policy? Or is it good enough to communicate the policy within the organization?
For certification purposes, you have to show evidence that people are aware of the policy content, and signing it is one way to show this evidence. Another way is through attendance lists about training or workshop activities where this policy is presented.
Comment as guest or Sign in
Apr 29, 2020