An Acceptable Use Policy (AUP) is a written agreement all parties on a community computer network promise to adhere to for the common good. An AUP defines the intended uses of the network including unacceptable uses and the consequences for non-compliance. You will most commonly see AUP when registering on community Web sites or when working on a corporate intranet.
Why Acceptable Use Policies Are Important
A good Acceptable Use Policy will cover provisions for network etiquette, mention limits on the use of network resources, and clearly indicate of the level of privacy a member on the network should expect. The best AUPs incorporate "what if" scenarios that illustrate the usefulness of the policy in real-world terms.
The importance of AUPs is fairly well-known to organizations like schools or libraries that offer Internet as well as internal (intranet) access. These policies are primarily geared towards protecting the safety of young people against inappropriate language, pornography, and other questionable influences. Within corporations, the scope expands to include other factors such as guarding business interests.
What Should an Acceptable Use Policy Contain?Many policy details you should expect to find in an AUP relate to computer security. These include managing passwords, software licenses, and online intellectual property. Others relate to basic interpersonal etiquette, particularly in email and bulletin board conversations. A third category deals with overuse or misuse of resources, such as generating excessive network traffic by playing computer games, for example.
If you are in the process of developing an Acceptable Use Policy, or if you already have such a policy in your organization, here are some factors to consider in evaluating its effectiveness:
- Does it clearly specify the policy owner or owners?
- Have scenarios been documented unambiguously for the key policy issues? Descriptions of so-called "use cases" or "situational analyses" help everyone to relate the policy to real life situations especially those based on actual past experience.
- Are the consequences for non-compliance clear and intended to be enforced?
- Scanning proxy server logs to find hits to inappropriate Web sites including non work-related access occurring during business hours.
- Installing filtering software that blocks access to certain public Web sites
- Scanning of incoming and outgoing emails
- Establishing disk space quotas on shared network drives
Use Cases for an AUPConsider what you would do in these situations:
- a co-worker asks to log into the network using your user name and password because their account is "unavailable"
- you receive a politically sensitive joke in email that you think is very funny and are considering forwarding it to your office mates
- the person sitting next to you spends all of their time at work downloading financial quotes and trading stocks online
- your word processor claims it has detected a virus on your computer