Policy POL-2031
Acceptable Use Policy
IT acceptable use. State: Attestation open. Owner: Marcus Sterling.
What you can do
Permissions and gate decisions for this policy and your active persona (admin).
Policy summary
Current version metadata, effective dates, and AI-assisted summary.
- Current version
- v3 (Attestation open)
- Effective
- Apr 16, 2026
- Next review
- Apr 16, 2027
- Expires
- Apr 16, 2027 (in 335d)
- AI summary
- AI summary: Acceptable Use Policy v3 — covers it acceptable use with updates to previous version. Recommended attestation cycle: annual.
- Attestation coverage
- 82 / 92 (89%)
- Assignment audiences
- All employees
Current version body
v3 authored by Marcus Sterling.
# Acceptable Use Policy ## 1. Purpose This Acceptable Use Policy (AUP) defines the acceptable use of Northstar Logistics Holdings information systems, networks, and information resources by all employees, contractors, and temporary staff. It supports the company's commitment to information security, regulatory compliance (SOC 2 Type II, ISO 27001:2022), and operational integrity across our distribution network in Dallas, Long Beach, Newark, Rotterdam, and Hamburg. ## 2. Scope This policy applies to all Northstar employees, contractors, vendors with system access, all company-issued laptops, mobile devices, vehicle telematics terminals, all software and cloud services (Microsoft 365, Salesforce, our internal WMS), and personal devices used to access Northstar information (BYOD). ## 3. Acceptable use Authorized users may access information systems for legitimate business purposes, communicate with customers, partners, and colleagues via approved channels, install software from the corporate software catalog, and connect to corporate networks via approved VPN. ## 4. Prohibited use The following activities are strictly prohibited: unauthorized access to systems, data, or accounts; sharing of credentials or multi-factor authentication tokens; storage of customer PII on personal devices; use of consumer cloud storage (personal Dropbox, Google Drive) for company data; installation of unapproved software, browser extensions, or VPN tools. ## 5. Device encryption (SUBSTANTIVE CHANGE — added in v3) All endpoint devices accessing Northstar information must have full-disk encryption enabled (FileVault on macOS, BitLocker on Windows). Mobile devices must use device-level encryption with a passcode of at least 6 digits or a strong biometric. Loss or theft of an unencrypted device storing company data must be reported within 1 hour to security@northstarlogistics.com. This is a substantive change from v2 and triggers re-attestation for all assigned employees. ## 6. Enforcement Violations may result in disciplinary action up to and including termination of employment, contractor agreement, or vendor relationship. Repeated or severe violations may be reported to law enforcement. ## 7. Review cadence This policy is reviewed annually by Information Security, with substantive updates triggering an immediate re-attestation cycle. ## 8. Approver chain Author: Marcus Sterling · SME reviewer: Aisha Patel · Compliance reviewer: Diego Ortega · Executive approver: Hank Mendez.
Reviewer chain
SME, Legal, Security, Compliance reviewers. Restricted-category policies require Legal + Security.
| Order | Reviewer type | Reviewer | State | Decision | Comment |
|---|---|---|---|---|---|
| 1 | Subject-matter expert | Aisha Patel | Approved | Approved | Substantive change confirmed. Device encryption requirement aligns with SOC 2 CC6.1. Approved. |
| 2 | Compliance | Diego Ortega | Approved | Approved | Re-attestation flow confirmed. All 92 prior attestations correctly superseded. Approved. |
Version history
Every version with its publication date. Earlier versions are retired when a new one publishes.
| Version | State | Author | Published | Substantive | Retired |
|---|---|---|---|---|---|
| v3 | Attestation open | Marcus Sterling | Apr 16, 2026 | Substantive | — |
| v2 | Retired | Marcus Sterling | Mar 17, 2026 | Cosmetic | Mar 17, 2026 |
| v1 | Retired | Marcus Sterling | Feb 15, 2026 | Cosmetic | Feb 15, 2026 |
Recent attestations
Most recent 12 attestation rows for this policy.
| Employee | State | Assigned | Due | Attested at | IP |
|---|---|---|---|---|---|
| Diego Ortega (EMP-1001) | Overdue | Apr 16, 2026 | May 9, 2026 | — | - |
| Janet Liu (EMP-1002) | Attested | Apr 16, 2026 | May 9, 2026 | May 13, 2026 6:38 PM | 10.0.2.14 |
| Carlos Mendez (EMP-1003) | Attested | Apr 16, 2026 | May 9, 2026 | May 12, 2026 6:38 PM | 10.0.3.21 |
| Priya Shah (EMP-1004) | Attested | Apr 16, 2026 | May 9, 2026 | May 11, 2026 6:38 PM | 10.0.4.28 |
| Ahmed Rahimi (EMP-1005) | Attested | Apr 16, 2026 | May 9, 2026 | May 10, 2026 6:38 PM | 10.0.5.35 |
| Olivia Becker (EMP-1006) | Attested | Apr 16, 2026 | May 9, 2026 | May 9, 2026 6:38 PM | 10.0.6.42 |
| David Chen (EMP-1007) | Attested | Apr 16, 2026 | May 9, 2026 | May 8, 2026 6:38 PM | 10.0.7.49 |
| Ruby Williams (EMP-1008) | Attested | Apr 16, 2026 | May 9, 2026 | May 7, 2026 6:38 PM | 10.0.8.56 |
| Mateo Silva (EMP-1009) | Attested | Apr 16, 2026 | May 9, 2026 | May 6, 2026 6:38 PM | 10.0.9.63 |
| Anna Kowalski (EMP-1010) | Attested | Apr 16, 2026 | May 9, 2026 | May 5, 2026 6:38 PM | 10.1.10.70 |
| Liam O'Brien (EMP-1011) | Attested | Apr 16, 2026 | May 9, 2026 | May 4, 2026 6:38 PM | 10.1.11.77 |
| Sarah Beck (EMP-1000) | Attested | Apr 16, 2026 | May 9, 2026 | May 15, 2026 6:38 PM | 10.0.0.0 |
Full attestation roster: see audit evidence packet or the full attestation queue. Use the audit-bundle Export button on the packet to download CSV.
Change impacts
AI-classified substantive vs cosmetic deltas between versions.
- Substantivev2 → v3Apr 15, 2026
New device encryption obligation introduced in v3. AI substantive-change detector flagged this on save. Triggered re-attestation of all 92 prior attestations.