An AUP (Acceptable Use Policy) for private networks defines proper usage behaviors as well as unacceptable behaviors and their consequences. Learn how to create (or improve upon) your network AUP.
Time Required: n/a
- Establish clear owners for the policy (one individual or one group). Owners maintain responsibility for content but do not necessarily enforce the policy.
- Give notice to the entire network community that policy creation (or revision) is underway. Establish a contact point for collecting feedback.
- Collect one or more model AUP documents to use as examples.
- Collect and categorize past incidents of controversial intranet network use within organizational memory.
- Create a rough outline of your AUP document based on community feedback, past network incidents, and sample documents from other organizations.
- Make sure the outline includes the key intranet network policy issues: use of email, bulletin board postings, abuse of network resources, and netiquette.
- If your network is connected to the Internet, be sure to include coverage of personal Internet use in the outline.
- If your network has an open Web publishing model, include intranet content ownership, roles, and responsibilities in the outline.
- Draft the complete network AUP document from the outline. Spell out the consequences of non-compliance clearly. Be honest about any monitoring (active and passive) that may be occurring.
- Publish the draft for the entire organization to read and comment upon.
- Conduct training sessions to help raise awareness of key policies: for example, password management and handling of confidential information or viruses.
- Revise the draft document based on feedback and publish again to the organization.
- Establish a periodic update process for future revisions of the document.
- Encourage honesty as the best policy.
- Over time, identify and reward role models within the organization, but make the award criteria objective to avoid the appearance of favoritism.