Browse Definitions :
Definition

acceptable use policy (AUP)

What is an acceptable use policy (AUP)?

An acceptable use policy (AUP) is a document stipulating constraints and practices that a user must agree to for access to a corporate network, the internet or other resources. Many businesses and educational institutions require employees or students to sign an AUP before being granted a network ID.

From an information technology (IT) perspective, an AUP states what a user can and cannot do when using computers and computing resources. This applies whether the organization provides the device or it is a personal device that the user provides.

One of the benefits of an AUP is that it spells out acceptable and unacceptable employee behavior and actions. AUPs also provide a company with a legal mechanism to compel compliance, and they describe penalties for noncompliance.

checklist of the benefits of an acceptable use policy
Depending how an acceptable use policy is written, it can help protect an organization in a range of areas.

9 key elements of an acceptable use policy

Internet service providers (ISPs) usually require new customers to sign an AUP. It may be part of a service level agreement (SLA) between the ISP and customer.

The following are nine stipulations that might be included in an ISP's acceptable use policy:

  1. not using the service in violation of any law;
  2. not attempting to disrupt the information security of any computer network -- such as internet use -- or end user;
  3. not posting commercial messages to usenet groups without prior permission;
  4. not sending junk email messages or spam to anyone who doesn't want to receive them;
  5. not attempting to mail bomb a site in order to flood the server;
  6. not attempting to steal intellectual property from the vendor;
  7. requiring users to report any attempt to break into their account;
  8. acknowledging that disciplinary action may be imposed if the AUP is violated; and
  9. noting that the AUP complies with applicable law as applied IT and related issues and may be subject to periodic audits.

A disclaimer is often included in an AUP absolving the organization from responsibility for a data breach, malware or other issue. Statements about when a person is in violation of this policy and when law enforcement might be called in could also be included.

Examples of how AUPs are used

The following are examples of areas where an acceptable use policy could be helpful:

  • Social media. An AUP sets parameters on how employees should use social media sites, often stipulating what should not be discussed about the company and its business.
  • Internet and other system use. Policies usually cover whether an organization's computer systems can be used only for business purposes. They often stipulate whether these resources can be used for personal email or other electronic communications, shopping, playing computer games and gambling.
  • Cybersecurity. An AUP sets rules related to an organization's IT security policies. These include rules around accessing restricted information; changing access data, such as passwords; opening questionable email attachments; using public Wi-Fi services; and using company approved authentication procedures.
  • Non-employee users. Use policies set restrictions on how non-employees can use company information systems and network resources.
  • Accessing private or confidential information. AUPs prevent users from unauthorized access to proprietary or confidential data and unauthorized use of that data.
  • Bring your own device (BYOD). Many organizations allow or require employees to use personal devices for business purposes. However, with BYOD, an AUP is necessary to prevent security issues and misunderstandings about how these devices should be used.

Best practices to ensure AUPs are followed

Signing an acceptable use policy may be required as part of an employment contract. It often happens during the employee onboarding process or as needed with existing employees.

However, employees must be reminded periodically of their responsibility to understand and adhere to the rules spelled out in the AUP. Some best practices that help employees comply with these policies include the following:

  • Work with the company legal department to ensure the AUP addresses issues properly.
  • Have clearly written policies with minimal technical jargon or confusing legal terms.
  • Provide training classes that emphasize the rules included in an AUP.
  • Test employee knowledge, awareness and understanding of an AUP with periodic questionnaires.
  • Ensure that AUP language is periodically reviewed and updated, especially when there is a major change in business operations, such as introducing a new product or a merger, or when an audit is conducted.

BYOD acceptable use policies are becoming common. Find out more about BYOD policy enforcement and creation.

This was last updated in June 2022

Continue Reading About acceptable use policy (AUP)

Networking
  • firewall as a service (FWaaS)

    Firewall as a service (FWaaS), also known as a cloud firewall, is a service that provides cloud-based network traffic analysis ...

  • private 5G

    Private 5G is a wireless network technology that delivers 5G cellular connectivity for private network use cases.

  • NFVi (network functions virtualization infrastructure)

    NFVi (network functions virtualization infrastructure) encompasses all of the networking hardware and software needed to support ...

Security
  • virus (computer virus)

    A computer virus is a type of malware that attaches itself to a program or file. A virus can replicate and spread across an ...

  • Certified Information Security Manager (CISM)

    Certified Information Security Manager (CISM) is an advanced certification that indicates that an individual possesses the ...

  • cryptography

    Cryptography is a method of protecting information and communications using codes, so that only those for whom the information is...

CIO
  • B2B (business to business)

    B2B (business-to-business) is a type of commerce involving the exchange of products, services or information between businesses, ...

  • return on investment (ROI)

    Return on investment (ROI) is a crucial financial metric investors and businesses use to evaluate an investment's efficiency or ...

  • big data as a service (BDaaS)

    Big data as a service (BDaS) is the delivery of data platforms and tools by a cloud provider to help organizations process, ...

HRSoftware
  • talent acquisition

    Talent acquisition is the strategic process an organization uses to identify, recruit and hire the people it needs to achieve its...

  • human capital management (HCM)

    Human capital management (HCM) is a comprehensive set of practices and tools used for recruiting, managing and developing ...

  • Betterworks

    Betterworks is performance management software that helps workforces and organizations to improve manager effectiveness and ...

Customer Experience
  • martech (marketing technology)

    Martech (marketing technology) refers to the integration of software tools, platforms, and applications designed to streamline ...

  • transactional marketing

    Transactional marketing is a business strategy that focuses on single, point-of-sale transactions.

  • customer profiling

    Customer profiling is the detailed and systematic process of constructing a clear portrait of a company's ideal customer by ...

Close