fraqtal/agentic-dev-template
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
Files
main
agentic-dev-template/docs/compliance/templates/device-policy.template.md
Danijel Martinek d32464c94b docs(compliance): add skeleton policy templates (backup, password, device, onboarding, offboarding) 
Five skeleton templates for docs/compliance/templates/. Each has YAML
frontmatter (status: template, playbook-section), a "not code-enforced"
banner, and [FILL IN:] markers throughout. password-policy banner cites
ADR-025 §Deferred items by number (MFA + password policy + lockout
deferral). Cross-template relative links all resolve.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-20 12:20:35 +00:00

87 lines
3.5 KiB
Markdown
Raw Permalink Blame History

---
status: template
playbook-section: 50
title: "Acceptable Use & Device Policy"
last-reviewed: "[FILL IN: YYYY-MM-DD]"
---
# Acceptable Use & Device Policy
> **Template status** — fill every `[FILL IN: …]` marker before use.
> **Not code-enforced** — device management, endpoint security, and acceptable-use controls are implemented outside the application codebase (MDM, EDR, organisational policy). This template documents those controls; the consumer configures and enforces them at the infrastructure and HR level.
---
## 1. Purpose & Scope
This policy defines the acceptable use of devices and systems for all personnel — employees, contractors, and third-party service providers — who access `[FILL IN: organisation name]`'s systems, data, or networks.
**Owner:** `[FILL IN: role — e.g., CISO / Head of Engineering]`
---
## 2. Covered Devices
| Device type | Management requirement |
| -------------------------------------- | -------------------------------------- |
| Company-issued laptops / desktops | `[FILL IN: MDM solution]` |
| Personal devices (BYOD) — if permitted | `[FILL IN: MDM profile / prohibition]` |
| Mobile phones (company-issued) | `[FILL IN:]` |
| Personal mobile devices (BYOD) | `[FILL IN:]` |
BYOD is `[FILL IN: permitted / not permitted]`. If permitted: `[FILL IN: describe BYOD enrolment requirements]`.
---
## 3. Required Endpoint Controls
All devices accessing production systems or personal data MUST have:
- [ ] Full-disk encryption enabled: `[FILL IN: e.g., FileVault / BitLocker / dm-crypt]`
- [ ] Endpoint protection (antivirus / EDR): `[FILL IN: product name]`
- [ ] Automatic OS and software updates enabled
- [ ] Screen lock after `[FILL IN: e.g., 5 minutes]` of inactivity
- [ ] Strong device passcode / PIN (minimum `[FILL IN: e.g., 8 characters]`)
- [ ] Remote-wipe capability enrolled: `[FILL IN: MDM / tool]`
- [ ] VPN required for access to `[FILL IN: e.g., production database, staging environment]`
---
## 4. Acceptable Use
### 4.1 Permitted uses
- Business activities of `[FILL IN: organisation name]`
- Reasonable personal use that does not interfere with professional responsibilities
- `[FILL IN: any additional permitted uses]`
### 4.2 Prohibited uses
- Accessing, storing, or processing personal data outside approved systems
- Installing unapproved software on managed devices: `[FILL IN: software approval process]`
- Sharing credentials or device access with unauthorised parties
- Using personal cloud storage for business data: `[FILL IN: exceptions, if any]`
- `[FILL IN: any organisation-specific prohibitions]`
---
## 5. Lost or Stolen Devices
1. Report immediately to `[FILL IN: contact — e.g., IT helpdesk / security@org]`.
2. Remote wipe is initiated within `[FILL IN: e.g., 2 hours]` of report.
3. The incident is assessed for personal-data impact and escalated to the incident runbook if PII was accessible (see [`incident-runbook.template.md`](./incident-runbook.template.md)).
4. Document in `[FILL IN: incident tracker]`.
---
## 6. Device Return & Offboarding
On termination or role change, devices are returned within `[FILL IN: e.g., 1 business day]` and wiped via `[FILL IN: wipe procedure]`. See [`offboarding.template.md`](./offboarding.template.md) for the full offboarding checklist.
---
## 7. Review Cycle
This policy is reviewed `[FILL IN: frequency — e.g., annually]`. The next scheduled review is `[FILL IN: YYYY-MM-DD]`.
Reference in New Issue View Git Blame Copy Permalink