Request approval to publish updated Acceptable Use Policy content

[warmanaMOJ]

The current (live) content is available here: https://intranet.justice.gov.uk/guidance/security/it-computer-security/ict-security-policy-framework/it-acceptable-use-policy/

The proposed new content is available for preview, here: https://github.com/ministryofjustice/itpolicycontent/blob/aup/content/confluence/acceptable-use-policy.md

[cybersquirrel]

Three thoughts:

• (slower time) maybe we could make this even more accessible and approachable by using 'we' and 'our' (e.g. 'acceptable use of MoJ IT is when we use it to perform our work')?
• The five things at the bottom don't sit right with me as part of this content. I think I had envisaged them being used as a standalone thing, and referencing this, rather than being part of it.
• Can I confirm that the 'report it / ask for help' route is right for all parts of the MoJ?

[warmanaMOJ]

Replied via email.

[warmanaMOJ]

Updated as per feedback.

The current (live) content is available here: https://intranet.justice.gov.uk/guidance/security/it-computer-security/ict-security-policy-framework/it-acceptable-use-policy/

A new standalone topic containing the five best practices is previewable here: https://github.com/ministryofjustice/itpolicycontent/blob/aup/content/confluence/protect-yourself-online.md

The revised proposed AUP content is available for preview, here: https://github.com/ministryofjustice/itpolicycontent/blob/aup/content/confluence/acceptable-use-policy.md

[warmanaMOJ]

Revised content:

The definitive list of AUP Policy statements has not been changed, and is still visible here: https://intranet.justice.gov.uk/guidance/security/it-computer-security/ict-security-policy-framework/it-acceptable-use-policy/ Note POL.ITAUP.002, discussed earlier today.

The current AUP guidance is visible here: https://intranet.justice.gov.uk/guidance/security/it-computer-security/acceptable-use-policy/

The approval request is to replace the current AUP guidance with two topics.

1. A new standalone topic containing the five best practices is previewable here: https://github.com/ministryofjustice/itpolicycontent/blob/aup/content/confluence/protect-yourself-online.md
2. Revised AUP guidance, previewable here: https://github.com/ministryofjustice/itpolicycontent/blob/aup/content/confluence/acceptable-use.md

[cybersquirrel]

Approved. I have a minor question about the five 'best practices' in terms of whether specific guidance for a given system overrides eg the password guidance here, but this is pretty subtle!