# Annex A 5.10 - Acceptable Use of Information and Other Associated Assets ### Description **Title of Control:** Acceptable Use of Information and Other Associated Assets **Introduction (what is it?):**\ This control emphasizes the need to establish rules and procedures for the acceptable use and handling of information and other associated assets. The goal is to ensure that these assets are used, protected, and handled appropriately to maintain their security. **What is the purpose of it?**\ The purpose of this control is to establish clear guidelines for the appropriate use, protection, and handling of information and other associated assets. By defining acceptable behaviours, permitted uses, and monitoring activities, organizations can mitigate risks and safeguard their assets. **What are the benefits of meeting these requirements?**\ Meeting these requirements offers several benefits: * **Risk Reduction:** Clear guidelines for acceptable use and handling reduce the risk of unauthorized or inappropriate access, use, and disclosure of assets. * **Compliance:** Following established rules ensures compliance with information security policies, regulations, and legal requirements. * **Protection of Assets:** By defining appropriate behaviors and procedures, assets are protected against potential misuse, loss, or damage. * **Awareness:** Personnel and users become aware of their responsibilities and obligations when using and handling assets. * **Monitoring:** Monitoring activities help detect and prevent unauthorized or suspicious use of assets. **How difficult is this control to meet?**\ The difficulty of meeting this control depends on the complexity of an organization's information environment and the types of assets involved. Establishing and communicating clear rules can be straightforward, but ensuring ongoing compliance and monitoring may require additional effort. **What are the sub-requirements?** 1. Identify, document, and implement rules for acceptable use and procedures for handling information and other associated assets. 2. Make personnel and external users aware of information security requirements, and their responsibility for using information processing facilities. 3. Establish a topic-specific policy on the acceptable use of information and other associated assets, including expected behaviors, permitted/prohibited use, and monitoring activities. 4. Create acceptable use procedures for the full information life cycle based on classification and determined risks. 5. Consider access restrictions, record maintenance, protection of copies, storage, marking of storage media, and authorization of disposal in acceptable use procedures. **Other information:** * Third-party assets, like public cloud services, should also be controlled and aligned with acceptable use guidelines. * Collaborative working environments require careful consideration to ensure assets are properly managed. In conclusion, this control highlights the importance of establishing clear guidelines for the acceptable use and handling of information and other associated assets. By doing so, organizations can ensure assets are used appropriately, protected effectively, and compliance with information security policies and legal requirements is maintained. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://manual.harpe.io/start/iso27001-2022-wiki/annex-a-controls/annex-a.5-organisational-controls/annex-a-5.10-acceptable-use-of-information-and-other-associated-assets.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.