
July 1, 2026
Hacker Hub - July 2026
Supply chain attacks are one of the fastest growing cyber threats. SMEs are frequently the entry point attackers use to reach larger targets. Here is what you need to know and what to do about it.
Read MoreDo your users know what they can and can’t do while using your company data?
An Acceptable Use Policy (AUP) is more than a set of guidelines – it’s a critical line of defence in protecting your organisation from intentional or accidental misuse. It sets the standard for how IT resources should and shouldn’t be used, helping to safeguard against security risks, legal issues, and reputational damage.
Let’s face it: not everyone uses company resources responsibly. Without clear and concise guidance, people will operate how they believe they should. This can lead to mishandling of data, use of unlicensed software, and even a major data breach.
An AUP helps you:
Writing a strong AUP isn’t about creating a list of “don’ts.” It’s about clarity, consistency, and covering all the bases.
Here’s what you need to include:
ISO27001 auditors love a good policy, and the AUP is no exception. Annex A.5.10 specifically expects an AUP to be documented and implemented. Additionally, this also aligns with Annex A.6.3, which requires organisations to educate employees on information security responsibilities.
Put simply, a solid AUP ticks compliance boxes and supports the wider goal of building a security-aware culture – the cornerstone of any effective ISO27001 implementation.
An Acceptable Use Policy is more than a compliance requirement – it’s a practical tool for protecting your business, data, and people. Done right, it’s the backbone of your information security controls and a big tick in the ISO27001 compliance box.
We have created a base AUP for you, although we have detailed some of the key contents of an AUP, we thought we would get you started. Ensure you review the content and align it to how your business operates.
But here it is - Free AUP Example
Still looking for answers? You might find what you are looking for on our FAQ page
Alternatively, feel free to get in touch so we can discuss your organisations specific requirements.

July 1, 2026
Supply chain attacks are one of the fastest growing cyber threats. SMEs are frequently the entry point attackers use to reach larger targets. Here is what you need to know and what to do about it.
Read More
June 1, 2026
Five of the most common cyber threats targeting small and medium-sized businesses today, explained in plain English with practical steps you can act on right now.
Read More
June 1, 2026
AI tools are now accessible to attackers and defenders alike. Anthropic's Mythos model proves the game has changed. Here's what that means for your business.
Read More