Checklist of ISO/IEC 27001-A.8.1.3 Acceptable use of assets


As technology becomes more integrated into business operations, it is essential to have policies and procedures in place to ensure the proper and secure use of technology assets. 

One such policy is the acceptable use of assets, which covers user behavior regarding the use of email, instant messaging, FTP, responsibilities of users, and more. 

This policy is vital in maintaining the security and confidentiality of company data and ensuring that employees use enterprise assets responsibly.

Sample Checklist:

  • Does the policy cover the use of technology resources such as email, instant messaging, and FTP? Are the responsibilities of users clearly defined in the policy?
  • Does the policy cover user behavior on the internet and social media? Are employees allowed to access social media during work hours? Is personal use of enterprise assets allowed, and if so, to what extent?
  • Are there clear DOs and DONTs regarding the use of technology assets, and what constitutes improper use? Is this information documented and communicated to all employees?
  • Is an appropriate warning message or logon banner presented to users during the log-on process that they must acknowledge to continue? Is this message consistent with the acceptable use of assets policy?
  • Have any monitoring procedures been approved by legal counsel? Are these procedures in compliance with all relevant laws, agreements/contracts, and regulations? Is there a mechanism in place to ensure that these procedures are followed?


In conclusion, the use of checklists can be an effective tool in evaluating the acceptable use of assets policy. 

See also  Checklist of ISO/IEC 27001-A.7.2.1 Management responsibilities

By reviewing specific aspects such as coverage of technology resources, definition of user responsibilities, allowance of personal use, and monitoring procedures, organizations can ensure their policy is comprehensive and compliant with relevant laws and regulations. 

It is important to communicate these policies clearly to all employees and enforce them consistently to promote a safe and secure work environment.

Leave a comment

Your email address will not be published. Required fields are marked *