Product Overview

Summary: This ICT Usage Standard Operating Procedure sets clear, practical rules for how employees access, use and protect your organisation’s digital systems, data and devices. It supports compliance with Australian privacy and cybersecurity expectations while reducing business risk from misuse, data loss and system downtime.

Australian organisations rely heavily on ICT systems for day‑to‑day operations, yet many still operate without a clear, documented procedure for how staff should use those systems. This ICT Usage Standard Operating Procedure provides a structured, plain‑English framework covering acceptable use of email, internet, mobile devices, cloud platforms and business applications. It aligns with Australian privacy, security and workplace expectations, giving managers a practical tool to set boundaries, manage digital risk and support consistent decision‑making.

The procedure helps you tackle common issues such as inappropriate internet use, uncontrolled file sharing, weak passwords, unmanaged personal devices and accidental disclosure of confidential information. It defines who can access what, how information is to be stored and shared, and how staff should respond to suspected cyber incidents or data breaches. By implementing this SOP, your organisation can strengthen information security, protect business reputation, support flexible and remote work arrangements, and demonstrate due diligence to regulators, clients and insurers across Australia.

Key Benefits

• Clarify acceptable use of email, internet, devices and applications for all workers.
• Reduce the risk of data breaches, cyber incidents and unauthorised disclosure of information.
• Support compliance with Australian privacy, recordkeeping and information security obligations.
• Standardise ICT onboarding, training and disciplinary processes across the organisation.
• Enable safe and controlled remote work, BYOD and cloud service usage.

Who is this for?

• Business Owners
• Directors and Executives
• IT Managers
• ICT Support Officers
• WHS and Compliance Managers
• Human Resources Managers
• Office Managers
• Team Leaders and Supervisors
• Records and Information Managers
• Cyber Security Officers

Included Sections

• 1.0 Purpose and Scope
• 2.0 Definitions and Key Terms
• 3.0 Roles and Responsibilities
• 4.0 ICT Systems and Assets Covered
• 5.0 Acceptable and Unacceptable Use of ICT Resources
• 6.0 User Access, Accounts and Password Management
• 7.0 Email, Messaging and Collaboration Tools Usage
• 8.0 Internet, Social Media and Cloud Services Use
• 9.0 Mobile Devices, Remote Access and BYOD (Bring Your Own Device)
• 10.0 Information Security, Privacy and Confidentiality Requirements
• 11.0 Data Storage, File Management and Recordkeeping
• 12.0 Monitoring, Auditing and Logging of ICT Usage
• 13.0 Incident Reporting and Response (Cyber and Privacy Incidents)
• 14.0 Training, Induction and Ongoing Awareness
• 15.0 Breaches of this Procedure and Disciplinary Actions
• 16.0 Document Control and Review

Legislation & References

• Privacy Act 1988 (Cth) and Australian Privacy Principles (APPs)
• Security of Critical Infrastructure Act 2018 (Cth) (where applicable)
• AS ISO/IEC 27001:2015 Information technology – Security techniques – Information security management systems
• AS ISO/IEC 27002:2023 Information security, cybersecurity and privacy protection – Information security controls
• Archives Act 1983 (Cth) and relevant State and Territory recordkeeping legislation
• Fair Work Act 2009 (Cth) – workplace behaviour and misconduct considerations
• Office of the Australian Information Commissioner (OAIC) – Notifiable Data Breaches (NDB) scheme guidance