fraqtal/agentic-dev-template
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
Files
main
agentic-dev-template/docs/compliance/templates/device-policy.template.md
Danijel Martinek d32464c94b docs(compliance): add skeleton policy templates (backup, password, device, onboarding, offboarding) 
Five skeleton templates for docs/compliance/templates/. Each has YAML
frontmatter (status: template, playbook-section), a "not code-enforced"
banner, and [FILL IN:] markers throughout. password-policy banner cites
ADR-025 §Deferred items by number (MFA + password policy + lockout
deferral). Cross-template relative links all resolve.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-20 12:20:35 +00:00

3.5 KiB
Raw Permalink Blame History

status, playbook-section, title, last-reviewed
status playbook-section title last-reviewed
template 50 Acceptable Use & Device Policy [FILL IN: YYYY-MM-DD]

Acceptable Use & Device Policy

Template status — fill every [FILL IN: …] marker before use.

Not code-enforced — device management, endpoint security, and acceptable-use controls are implemented outside the application codebase (MDM, EDR, organisational policy). This template documents those controls; the consumer configures and enforces them at the infrastructure and HR level.

1. Purpose & Scope

This policy defines the acceptable use of devices and systems for all personnel — employees, contractors, and third-party service providers — who access [FILL IN: organisation name]'s systems, data, or networks.

Owner: [FILL IN: role — e.g., CISO / Head of Engineering]

2. Covered Devices

Device type Management requirement
Company-issued laptops / desktops [FILL IN: MDM solution]
Personal devices (BYOD) — if permitted [FILL IN: MDM profile / prohibition]
Mobile phones (company-issued) [FILL IN:]
Personal mobile devices (BYOD) [FILL IN:]

BYOD is [FILL IN: permitted / not permitted]. If permitted: [FILL IN: describe BYOD enrolment requirements].

3. Required Endpoint Controls

All devices accessing production systems or personal data MUST have:

  • Full-disk encryption enabled: [FILL IN: e.g., FileVault / BitLocker / dm-crypt]
  • Endpoint protection (antivirus / EDR): [FILL IN: product name]
  • Automatic OS and software updates enabled
  • Screen lock after [FILL IN: e.g., 5 minutes] of inactivity
  • Strong device passcode / PIN (minimum [FILL IN: e.g., 8 characters])
  • Remote-wipe capability enrolled: [FILL IN: MDM / tool]
  • VPN required for access to [FILL IN: e.g., production database, staging environment]

4. Acceptable Use

4.1 Permitted uses

  • Business activities of [FILL IN: organisation name]
  • Reasonable personal use that does not interfere with professional responsibilities
  • [FILL IN: any additional permitted uses]

4.2 Prohibited uses

  • Accessing, storing, or processing personal data outside approved systems
  • Installing unapproved software on managed devices: [FILL IN: software approval process]
  • Sharing credentials or device access with unauthorised parties
  • Using personal cloud storage for business data: [FILL IN: exceptions, if any]
  • [FILL IN: any organisation-specific prohibitions]

5. Lost or Stolen Devices

  1. Report immediately to [FILL IN: contact — e.g., IT helpdesk / security@org].
  2. Remote wipe is initiated within [FILL IN: e.g., 2 hours] of report.
  3. The incident is assessed for personal-data impact and escalated to the incident runbook if PII was accessible (see incident-runbook.template.md).
  4. Document in [FILL IN: incident tracker].

6. Device Return & Offboarding

On termination or role change, devices are returned within [FILL IN: e.g., 1 business day] and wiped via [FILL IN: wipe procedure]. See offboarding.template.md for the full offboarding checklist.

7. Review Cycle

This policy is reviewed [FILL IN: frequency — e.g., annually]. The next scheduled review is [FILL IN: YYYY-MM-DD].