Is this AUP template really free?

Yes. The 4-clause template is free and the download is instant — we just ask for your email so we can send you the file and a short follow-up on how to deploy it. No card, no subscription. PolicySuite is a policy management platform and this template is a sample of what the £29.99 single-policy version (employee acknowledgement form, joiner/mover/leaver checklist, cloud SaaS-specific controls, investigation procedure) and the ISO 27001 Core Set pack contain.

What's the difference between the free version and the £29.99 version?

The free version covers Scope & Definitions, Acceptable Use, Prohibited Activities, and Enforcement & Monitoring — enough to publish a defensible AUP. The £29.99 version adds the employee acknowledgement form (the audit evidence under ISO 27001 A.6.3), the joiner/mover/leaver access-revocation checklist, cloud SaaS-specific controls for Microsoft 365, Google Workspace, Slack and Zoom, BYOD/MDM integration clauses, and the detailed investigation procedure with RIPA 2000 + IPA 2016 considerations and chain-of-custody requirements. The full version is what survives an ISO 27001 audit or enterprise customer's procurement review.

Can I edit the template?

Yes. You receive both a typeset PDF and a native Word .docx by email. Open the .docx in Word, Google Docs, or LibreOffice, replace the bracketed placeholders ([Company], [Document owner], [Date of issue]), save and ship. No DRM, no template-tracking pixels.

Free Template · No Card Required

Free Acceptable Use Policy Template (UK)

Q: Will this satisfy ISO 27001 Annex A.5.10?

Annex A.5.10 (Acceptable use of information and other associated assets) requires a documented acceptable-use policy, rules of acceptable use communicated to relevant personnel, and audit-trail evidence of acknowledgement. The free 4-clause template covers the policy half of the control; the £29.99 upgrade adds the acknowledgement form and the joiner/mover/leaver workflow that close the remaining audit asks.

Built by the PolicySuite team Last updated 20 May 2026 About us

Four foundational clauses for a defensible Acceptable Use Policy — Scope & Definitions, Acceptable Use, Prohibited Activities, Enforcement & Monitoring. Drop in your company name, sign, adopt. Aligned to ISO 27001:2022 Annex A.5.10, NIST CSF PR.IP-11, UK GDPR Art. 6(1)(f) monitoring basis.

🇬🇧 UK-aligned 📄 ~1,700 words, 4 clauses ⏱️ ~3 minutes to fill in

Quick answer. The free UK Acceptable Use Policy (AUP) template below contains four foundational clauses (Scope & Definitions, Acceptable Use, Prohibited Activities, Enforcement & Monitoring) primary-source cited to ISO/IEC 27001:2022 Annex A.5.10, NIST CSF PR.IP-11, UK GDPR Article 6(1)(f) and PIDA 1998. Enter your email and the template arrives in your inbox within a minute, plus a short note on how to adopt it. The full audit-ready version — with employee acknowledgement form, joiner/mover/leaver checklist, cloud SaaS controls and investigation procedure — is £29.99 one-off or sits inside the £400 ISO 27001 Core Set pack.

What you get in the free AUP template

Four clauses covering the policy frame of an ISO 27001 Annex A.5.10 acceptable-use control. In our experience this is enough to publish a defensible AUP and demonstrate intent to comply; an ISO 27001 audit or enterprise customer's procurement review will also ask for the acknowledgement form and the joiner/mover/leaver workflow — both ship in the £29.99 upgrade.

Clause 1 — Scope & Definitions. Who and what is in-scope (employees, contractors, third parties; managed devices, personal devices via BYOD, cloud services, data), with key definitions (Systems, Personal Use, Sensitive Data, Monitoring).
Clause 2 — Acceptable Use. Six required user behaviours plus a limited Personal Use framework that protects [Company] from reputational and legal risk.
Clause 3 — Prohibited Activities. Security/access prohibitions, data/IP prohibitions, and conduct/content prohibitions — each enforceable.
Clause 4 — Enforcement & Monitoring. Monitoring scope and UK GDPR Article 6(1)(f) lawful-basis disclosure, user transparency framework, investigation procedure trigger.

Trust & quality

Quick answer. The template is drafted by the same editorial team behind PolicySuite's 988-policy catalogue across 197 frameworks and 8 jurisdictions. Many UK SMEs typically pay a consultancy £400–£1,500 for a single bespoke AUP — for example, a Cyber Essentials assessor-drafted version typically runs at the upper end. The free version covers the foundational structure; the £29.99 upgrade is what survives external audit. Primary-source cited to ICO, ISO/IEC 27001:2022, NIST CSF, PIDA 1998 and Worker Protection Act 2024.

📄 Send me the free AUP template

You'll get both formats in your inbox within a minute — a typeset PDF for printing and an editable Word .docx for dropping in your company name. No card, no upsell wall.

How the free template differs from the full version

The free version covers the policy frame. The full £29.99 version adds the employee acknowledgement form, the joiner/mover/leaver checklist with timed access revocation, cloud SaaS-specific controls for Microsoft 365 + Google Workspace + Slack + Zoom, BYOD/MDM integration clauses, role-based exception procedures, and the detailed investigation procedure with RIPA 2000 + IPA 2016 considerations. A representative consultancy quote for a single bespoke AUP is £400–£1,500; the £29.99 single-policy SKU is therefore a 13–50× cost reduction with the same audit-readiness.

Free (this page) — 4 clauses. Suitable for small businesses establishing a documented AUP for the first time.
£29.99 single-policy SKU — full audit-ready version. Adds the acknowledgement form, JML checklist, cloud SaaS controls, BYOD/MDM integration, and investigation procedure. Ships as native .docx and typeset .pdf.
ISO 27001 Core Set pack — the AUP above plus 15 sibling InfoSec policies (Access Control, Password, Remote Working, Incident Response, etc.) that share a common style and cross-reference each other.

Questions about this template

Is this really free?

Yes. The 4-clause template is free and arrives in your inbox within a minute. No card, no subscription.

What's in the free version vs the £29.99 version?

Free covers Scope, Acceptable Use, Prohibited Activities, Enforcement & Monitoring — enough to publish. The £29.99 version adds the employee acknowledgement form, the joiner/mover/leaver checklist, cloud SaaS controls, BYOD/MDM integration, and the investigation procedure with RIPA 2000 + IPA 2016 considerations.

Will this satisfy ISO 27001 Annex A.5.10?

Annex A.5.10 needs a documented AUP, rules communicated to relevant personnel, and audit-trail evidence of acknowledgement. The free version covers the policy half; the £29.99 upgrade adds the acknowledgement form and JML workflow.