Acceptable Use Policy - Explained
What is an Acceptable Use Policy?
Written by Jason Gordon
Updated at June 25th, 2021
- Marketing, Advertising, Sales & PR
- Accounting, Taxation, and Reporting
- Professionalism & Career Development
-
Law, Transactions, & Risk Management
Government, Legal System, Administrative Law, & Constitutional Law Legal Disputes - Civil & Criminal Law Agency Law HR, Employment, Labor, & Discrimination Business Entities, Corporate Governance & Ownership Business Transactions, Antitrust, & Securities Law Real Estate, Personal, & Intellectual Property Commercial Law: Contract, Payments, Security Interests, & Bankruptcy Consumer Protection Insurance & Risk Management Immigration Law Environmental Protection Law Inheritance, Estates, and Trusts
- Business Management & Operations
- Economics, Finance, & Analytics
- Courses
Table of Contents
What is an Acceptable Use Policy (AUP)?What Goes Into an Acceptable Use PolicyAcademic Research on Acceptable Use PolicyWhat is an Acceptable Use Policy (AUP)?
Acceptable Use Policy (AUP) has diverse meanings depending on its context of usage. In this context, it is defined as a guide containing some set of rules that employees must obey while discharging their duties. It is regarded as a document that outlines the behaviors and code on conducts that an organization or an employer accepts. AUP contains policies that guide employees in cases of information technologies in the workplace. It also contain guidelines on how a website or companys technology is meant to be used. These guidelines protect against computer or technology misuse.
Back To: HUMAN RESOURCES, EMPLOYMENT, & LABOR
What Goes Into an Acceptable Use Policy
Whether small or large, organizations make use of a set of technologies to make their services accessible by customers. Employees perform a wide range of tasks as assigned to them by the employee and to do this effectively, policies and guidelines must be put in place especially in the usage of computers. There are a number of hazards and threats that are attributed to the misuse of technologies or computers in an organization. Employees often engage in search of irrelevant items, spam messages and emails with bad contents, watching of pornographies among others. Upon the identification of the threats of internet misuse and abuse, the introduction of AUP has helped organizations manage these threats to a large extent. AUP erase the concept of confidentiality in employee's usage of internet, computers and technologies in their workplace and also prohibit unrelated activities on with organizations internet or computer. Being a remedy for IT abuses and misuse in workplace, there are certain templates or guidelines that AUP should include, they are;
- Prohibition of download and dissemination of uncouth items such as pornography and materials that are offensive and discriminatory.
- AUP should clearly indicate what the computer systems in an organization should be used for.
- It should give a template for emails and messages that are permitted to be sent on the company's IT system.
- If the company permits personal use of computer, such should not interfere with the work of the employees.
- Prohibition of searching, copying and sending confidential or private materials that are not related to the company.
- Advice for employees on inappropriate usage of IT systems and penalties for such.
Furthermore, a companys AUP should not just include what a company expects of its employees but should also contain legal sanctions and consequences that erring employees would face.
Academic Research on Acceptable Use Policy
- Acceptable internet use policy, Siau, K., Nah, F. F. H., & Teng, L. (2002). Communications of the ACM, 45(1), 75-79.
- Reinforcing the security of corporate information resources: A critical review of the role of the acceptable use policy, Doherty, N. F., Anastasakis, L., & Fulford, H. (2011). International journal of information management, 31(3), 201-209.
- Internet acceptable use policies: Navigating the management, legal, and technical issues., Stewart, F. (2000). Information Systems Security, 9(3), 1-7. Identifying IT user mindsets: acceptance, resistance and ambivalence, Lapointe, L., & Beaudry, A. (2014, January). In 2014 47th Hawaii International Conference on System Sciences (HICSS) (pp. 4619-4628).
- Management of acceptable use of computing facilities in the public library: avoiding a panoptic gaze?, Gallagher, C., McMenemy, D., & Poulter, A. (2015). Journal of Documentation, 71(3), 572-590.
- Evaluating Australian social media policies in relation to the issue of information disclosure, Pallegedara, D., & Warren, M. (2014).
- ICE: information center expert: a consultation system for resource allocation, Heltne, M. M., Vinze, A. S., Konsynski, B. R., & Nunamaker Jr, J. F. (1988). ACM SIGMIS Database: the DATABASE for Advances in Information Systems, 19(2), 1-15.
- Measures for improving information security management in organisations: the impact of training and awareness programmes., Waly, N., Tassabehji, R., & Kamala, M. A. (2012, March). In UKAIS (p. 8).
- Corporate financial communication and the internet: manipulating investor audiences?, Guillamn-Saorn, E., & Martnez-Lpez, F. J. (2013). Online information review, 37(4), 518-537.
- An Overview of Information Management and Information Managers, Bent, D. (2013, November). In Proceedings of the Annual Conference of CAIS/Actes du congrs annuel de l'ACSI.