Most businesses and website owners are familiar with an Acceptable Use Policy (AUP) which is an agreement between two or more parties expressing one’s commitment to stick to written standards of behavior that state they must properly use specific software or hardware services.
To put it simply, an AUP is a set of rules created by an owner of a website, online service or computer infrastructure that aims to restrict unlawful or unauthorized use of their software or information assets. To reduce the risk of legal action, many corporations, ISPs, website owners and universities have set forth in creating their own AUP. Therefore, an AUP gives direction on what sort of behavior and use of the company or university’s technology is approved and frowned upon.
An AUP is an essential component of any business. They’re part of the framework of information security policies. They’re often handed to new employees to read and sign the document before they are handed access to servers. Because of this, AUPs must be concise and simple to read and understand, but also convey the importance of what users are and are not allowed to do on the company’s IT systems.
An AUP is very similar to a Terms of Service or an End-user License Agreement text that can be found on almost all software applications. There are a few differences in the documents, though. AUPs tend to cover a larger range of computer resources, like websites. They also cover etiquette and respect for other users.
Do I need an AUP for my business?
The short answer is yes. An AUP protects your business from any legal actions being directed at you. It’s better to have your employees see it upfront instead of backpedaling if something goes awry. One important thing to be mindful of when you begin to create your AUP is to not write rules so specifically that rule-breakers can find loopholes around the policy. You also want to be sure the policy isn’t too vague that it’s useless in the eyes of employees.
An AUP may also restrict your liability around the illegal sharing of files. If an employee of yours downloaded music, videos or any file illegally, your business could be liable for this. Even if the downloaded files are legal, you could be paying to back up items that are for personal use. From a time and money perspective, it’s worth it to layout all policies about storing downloaded files.
It might seem obvious as to which websites to specifically block, but you must consider this carefully as you don’t want to prevent your employees from doing their job. You want to create a happy work environment while keeping productivity high.
Work with your IT department to create an efficient AUP that displays unwanted behavior but can also be enforced. Once you have this, distribute the AUP, answer any questions and have all employees sign saying they understand.
So, what exactly do I put in my AUP?
The coverage and range of them vary drastically, as certain policies apply to different departments, systems, software or data. Here are a few things most businesses mention in their AUP:
Purpose. The reason they put the policy in place, from a business perspective.
Expectations. This is a place to add any general, overall expectations you have for your employees and their use of the internet at work.
Acceptable use. Explain here how employees are expected to use the internet.
Unacceptable use. Here, name any unacceptable uses of company internet. You can focus on the ban of any specific sites, or broad terms, like social media. You can also name any prohibited behaviors, such as downloading illegal files.
Confidentiality and disclosure. Any sort of business policies you have that revolve around confidentiality and disclosure can be added here.
Use of Network. Place information regarding user accounts, general accounts, and the limitations of the network.
Enforcement. The last of the AUP, this part details when and how the company will monitor the use of network and how violators will be punished.
As stated earlier, enforcement is crucial to ensuring all employees follow the policies in the AUP. Employees should know you continuously monitor the network to make sure all rules are being followed. You may already even have monitoring software included in your small business devices. If you don’t, they’re simple to come by and install.
The idea of an AUP is to protect you and your business. By explaining to employees what they can and cannot do with company equipment and software. There isn’t one, general AUP that will work for all businesses, schools, and universities, so it’s important that you take the time and resources to create one that will benefit and pertain to your business specifically. You’ll need to not only look at your organization and take the ideas above and customize them to your business, but you’ll need to enforce the policies. Otherwise, employees will take advantage of your relaxed attitude.