
6
InformatIon SecurIty PolIcy DeveloPment for comPlIance
Acceptable Use (continued)
Describe appropriate and nonappropriate
use of resources to include the following:
• Appropriate use of e-mail and related
resources
• No expectation of privacy
• Monitoring and logging with or without
the user’s consent
NOTE: The above may be included as part of
the overall information security policy.
List other acceptable and nonacceptable
uses for your organization.
ISO/IEC 27001 A.7.1.3 L095
NIST SP 800-53 PL-4 L096
HIPAA Standard
PCI DSS V2.0
AUP V5.0
Data Classification and Document Retention
Describe the method of information
classification.
ISO/IEC 27001 A.7.2.1 L097 ...