Creation of an IT acceptable use policy for employees and a minimum standard for system authorization concepts