+ORP.1.A16 Policy for Secure IT Use [User] (S)

1. Overview

ORP.1.A16 Policy for Secure IT Use [User] (S)

A policy SHOULD be drawn up for all employees which transparently describes the framework conditions that must be observed during IT use and the security safeguards that must be implemented. The policy SHOULD cover the following aspects:
• the security objectives of the organisation in question
• important terms
• tasks and roles with respect to information security
• contact persons for questions regarding information security
• security safeguards to be implemented and observed by employees
The policy SHOULD be brought to the attention of all users. Every new user SHOULD confirm in writing that they have read and will comply with the policy before being allowed to use information technology. Users SHOULD reconfirm the policy regularly and after major changes. The policy should be made freely available for all staff to read (on the organisation's intranet, for example).

Summary	Standard

1.1 References

1.2 Identified Requirements

1.2 Related Regulation

2. Identified Requirements

Requirements
Source	Requirement

3. Related Regulations

Regulations
Source	Regulation

ITGC -
Bundesamt für Sicherheiter in der Informationstechnik - IT-Grundschutzkompendium Stand 2022