Acceptable Use Policy

maumercado

Im writing a lot of policies for the company I work for and I was wondering where should a statement saying that personal data should only be allowed on personal desktop computer and not placed on any server that belongs to the company...

such statement be placed on the acceptable use policy, right?

dynamik

It sounds like that would be defining the acceptable use of network resources.

If you haven't seen this already, check this out: SANS Institute - The SANS Security Policy Project

maumercado

that SANS resource is priceless... thank you dynamik