There are a lot of templates on the network, just look not for "lalal regulations" but for "pc user manual" or "pc user job description" or "rule for using a local network" (the latter option is mainly displayed on the instructions of institutes).
PS It's better to look in the English-speaking segment, there are more thoughtful things, what licks in the Russian-speaking part of the Internet, mostly either nonsense or from the category of "ass cover" paper.

This piece of paper will have no real meaning. Yes, she can scare some normal people. But anyone who is at least not a complete log of legislation knows perfectly well that such a piece of paper is not worth the paper on which it is printed.
The maximum that you can write there is the deprivation of the award.
Do not impute responsibility - there you will swell from the bureaucracy
Comm. all the more do not impute a secret - you will swell up there twice.

1. Paper is needed. It is needed, no matter what they write against it, in order to prove to the regulatory authorities (and this is not only the FSTEC / FSB, but also the usual labor inspectorate, by the way) in the case of an akhtung that you made at least some effort.
2. It must be paper. A tick in the virtual space is perceived differently, and the same controllers, in which case, will only smirk at your offer to send logs to email.
3. You still can't list all the risks there. And those who want to discuss the wording will surely outplay you in words. Therefore, with broad strokes, there are risks about the removal of information, about the introduction of information, about the transfer of information (those that have become known due to the provision of access and / or status).
4. The fact that the employee is considered not a child and has the qualification of working on a PC at a level capable of distinguishing obvious threats.
===
Well, from time to time, newsletters with copy-paste articles on the topic. But this is no longer for paper, but for real benefit.

everything is in Google, take templates and adapt for you

proceed from what the business owner wants + your CI.
Write the
ISMS Concept,
Sub-Policies,
Standards,
Procedures,
Instructions.
securitypolicy.ru/%D1%88%D0%B0%D0%B1%D0%BB%D0%BE%D...