Something along these lines, define your SHALL’s and MUSTS – and include other topics such as mobile usage, teleworking, electronic comms
this should give you a starter though
ACCEPTABLE HARDWARE AND SOFTWARE USAGE
Only corporate systems SHALL be connected to the corporate network.
User SHALL NOT install and connect network devices such as WLAN Access point to the corporate network.
Equipment, information or software of the group MUST not be taken off-site without prior authorization.
Employees are not allowed to install non-authorised software. Software SHALL only be acquired through sources defined by information technology, to ensure that copyright is not violated. Any maximum number of users permitted by a licence SHALL NOT be ex-ceeded.
All employees, contractors and third party users MUST return all of the organization’s assets in their possession upon termination of their employment, contract or agreement.
MALICOUS CODE & VIRUS PROTECTION
Employees MUST make sure to always run the standard, supported anti-virus software as available from the corporate download site
Employees SHALL NOT open any files or macros attached to an email from an unknown, suspicious or untrustworthy source. Delete these attachments immediately, then “dou-ble delete” them by emptying the deleted items folder.
Employees SHALL delete spam, chain, and other junk email without forwarding, in ac-cordance with the Acceptable Use Policy.
Employees MUST NOT download files from unknown or suspicious sources.
Employees SHOULD avoid direct disk sharing with read/write access unless there is an absolute business requirement to do so.
Employees MUST always scan a storage device from an unknown source for viruses be-fore using it.