Definition: An Acceptable Use Policy is a policy that defines what activities may be used to access, generate data from, transmit data from, store or maintain the network, website, or service and how it may be accessed, generated data from, or transmitted between users. For example, an AUP might state that only authorized persons may attempt to gain access to a particular network, website, or file system. An AUP may also lay down how the rules governing access may be applied. Common examples of AUPs include those set by the intermediary hosting service provider or a website host.
This policy is useful in that businesses or individuals may be expected to observe the rules laid out in the AUP as applicable to their particular business or activity. An AUP gives customers and users a clear understanding of how a business or organization can and must interact with its customers.
An ACCEPTABLE USES POLICY (AUP) establishes the acceptable range of actions that can be taken by an employee and their employers when accessing company assets or network resources.
AUP mentions how the company deals with the various technology products that they provide to their employees, and directs employees on how to act and interact when working on company computers. It also outlines what actions employees above a certain age can do by signing onto the computer in the workstation or using a work laptop. An AUP is very important for businesses that make use of computers at their workplace.
The purpose of an AUP is to educate employees about issues of concern across the business network. If an issue is discovered, it can be dealt with quickly and efficiently without the assistance of an outside consultant or attorney. The policy also clarifies what is covered by the company’s guidelines, thereby minimizing the likelihood of employees having issues with their products or services. Most importantly, an AUP promotes transparency in a manner that is difficult when dealing with issues online.
Ignoring the requirements of an acceptable use policy can result in fines, loss of rights and benefits, repayment of funds from fines or court proceedings as well as other possible legal action. Employees who ignore the rules put in place by an employer can also face legal consequences such as penalties or fines.
The AUP is a document that’s intended to recognize the need to be proactive and what might happen, should an incident arise that needs to be handled as soon as possible. This document doesn’t criminalize an individual or organization’s practices nor does it give employees a green light to break the rules or misuse company resources. Instead, it gives an organization the flexibility to respond to incidents, investigate potential risks to internal network/data security and adjust key operational controls such as firewalls.