5.10 Acceptable use of information and other associated assets

Inform personnel and external parties of information security requirements and establish a policy on acceptable use. Develop procedures for the full lifecycle of information, considering access restrictions, authorized users, copy protection, storage, marking, disposal, and deletion.