18. Exercise: Policy and Procedure Management
Exercise: Policy and Procedure Management
Review the following end-user / acceptable use policy and answer the scenario below.
Answer the following scenario:
QUESTION:
It is day one at your new job and you have been asked to review the organization's end-user / acceptable use policy in preparation for an upcoming external assessment. Unfortunately, you can see that the policy has a number of issues right away. To begin with, the policy doesn't have a policy statement and it isn't clear who the policy affects. There are also some sections that are too passive or are overly detailed.
**- Write a policy statement that clearly states what the policy is for **
** - Create a scope section and statement**
** - Make corrections to the remaining excerpts to make the policy audit ready **
ANSWER:
Purpose: The purpose of this document is to establish what is considered to be acceptable use of all company data and information assets.
Scope: This policy covers all company data, employees, contractors, or any other individual permitted to use company data or information assets.