psjenkins/ISMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5eade2d99bef262cef5be6d01dc0bbbc9119b82e
ISMS/01-policies/asset-management-and-acceptable-use-policy.md
Paul Jenkins 5eade2d99b Initial commit
2026-03-26 09:35:22 +00:00

2.4 KiB
Raw Blame History

Title: Asset Management and Acceptable Use Policy Document ID: [POL-ASSET-001] Version: 0.1 Draft Status: Draft Owner: CISO (Paul Jenkins) Approver: CEO (Paul Hague) Classification: Internal Effective date: [DD Month YYYY] Review date: [DD Month YYYY]

Asset Management and Acceptable Use Policy

Purpose

This policy defines BlackDice's expectations for identifying, managing, and using information assets and technology resources appropriately.

Scope

This policy applies to information, software, cloud resources, endpoints, repositories, collaboration platforms, removable media, and other assets used within the ISMS scope.

Objectives

  • maintain accountability for important assets
  • ensure assets are used appropriately and securely
  • reduce misuse, loss, and uncontrolled exposure of business information

Principles / Policy Statements

In-scope information assets and supporting technology assets must be identified and assigned an owner.

Assets must be handled in accordance with their classification, business value, and criticality.

BlackDice technology resources must be used only for authorised business purposes unless limited personal use is expressly permitted by [Policy or Role].

Users must not use company assets to bypass security controls, introduce unapproved software, or perform unsafe activity that could affect cloud services, customer data, or corporate systems.

Where assets support cloud-native operations, source code, build artefacts, infrastructure definitions, and deployment configurations must be treated as controlled assets.

Roles and Responsibilities

  • Asset owners must ensure assets are identified, classified, and appropriately protected.
  • Users must use assets responsibly and report loss, misuse, or security concerns.
  • [Role] must oversee the asset management framework.

Compliance / Exceptions

Non-compliant use may lead to removal of access, investigation, and corrective action. Exceptions must be approved through the defined process.

Monitoring and Review

This policy should be reviewed alongside asset inventory accuracy, acceptable use issues, incidents, and audit findings.

Related Documents

  • Information Security Policy
  • Data Classification and Handling Policy
  • Asset Register Template
  • Remote Working Policy

Version Control

Version Date Description of Change Author
0.1 Draft [DD Month YYYY] Initial draft. [Name or Role]
Reference in New Issue View Git Blame Copy Permalink