Acceptable Use Policy (AUP) is a policy created by management to specify acceptable usage for corporate network services as well as the consequences of violating these standards. Acceptable use policies lately have become an important feature of corporate IT culture for a number of reasons, but mainly because of the widespread implementation of Internet access for desktop users.
Management often becomes concerned about the possibilities of employees surfing the Internet for personal use on company time, using company e-mail to send personal messages, sending spam or mail bombs, and so on. Another concern is management’s possible legal liability if employees should access illegal or pornographic material on the Internet using their corporate Internet accounts.
Even if a company doesn’t have desktop Internet access for its employees, it should still have an acceptable use policy governing access to shared network resources such as file servers and color laser printers.
To be effective, an acceptable use policy needs to have the following characteristics:
- Acceptable and unacceptable usage must be simply and clearly explained in the policy.
- A graded series of consequences of unacceptable usage must be clearly stated in the policy.
- The policy itself must be clearly visible in employees work areas.
- Management should regularly call employees attention to the policy.
Detailing unacceptable uses of the network
Unacceptable behaviours may include creation and transmission of offensive, obscene, or indecent document or images, creation and transmission of material which is designed to cause annoyance, inconvenience or anxiety, creation of defamatory material, creation and transmission that infringes copyright of another person, transmission of unsolicited commercial or advertising material and deliberate unauthorised access to other services accessible using the connection to the network/Internet.
Users may only glance through AUPs or not read them at all. Often, this happens because AUPs use standard do’s and don’ts and may be written in a way that is hard to read and understand. For the user, this is a mistake because he or she may never know about any unusual requirements. For example, some social networking sites may not allow discussions that disparage or offend certain religious, racial or political groups.
The majority of AUPs also spell out the consequences of breaching the laid-down regulations. These range from warning users to disabling user accounts to extreme measures such as legal action.