Acceptable Use Policy: A Must Have for Any Business
Does your business have an Acceptable Use Policy (AUP)? In an age when the lines between business and personal tech are continually blurred, it's vital that you have one.
Putting an AUP in place protects your business and employees by setting clear boundaries for technology use. We outline how to create an effective AUP for your business here.
Step One: Understand Your Technology Stance
Some businesses provide employees with technology and other devices to perform their duties. Others encourage employees to bring their own devices or offer incentives to them for doing so.
The first step to creating an AUP for your business is to understand and clarify where the line between business-provided tech and employee-provided tech lies to create a policy that accounts for your situation. If the lines between the two are blurred, clear them up.
Step Two: Know Your Scope
Every business uses technology differently. Moreover, employees at different organizational levels may have greater or limited access to networks and data. Outsiders, such as consultants or contractors, may also access your tech.
Creating an AUP that works means clearly understanding who fits where. It also entails having a firm understanding of the platforms your business uses, which may include:
Your business network or networks
- Platforms your company uses to manage workflow and projects
- Client or partner platforms
- The Internet
- Social media platforms
Your AUP will account for the various users and platforms required to keep your business running smoothly.
Step Three: Plan Your AUP
Once you understand your stance and scope, it's time to plan an effective Acceptable Use Policy for your business. Your first order of business will be to outline what your policy covers in a broad manner. Typically, this includes:
• Rules Outlining Restrictions
This section will specify the behaviors that are not permitted using company technology. These may include but are not limited to bypassing security protocols, sending unauthorized electronic communication, installing malware, disclosing confidential information, and taking part in illegal activities.
You may want to solicit input from managers and employee focus groups to assist with this section.
• Software Guidelines
Most businesses require specific software and applications to run properly. While there are several legitimate software sources available, an equal amount of counterfeit and malicious ones make the prospect of downloading a program that could harm your business a reality.
Your AUP should outline the proper procedure for downloading any applications. This usually entails getting manager or IT's approval and assistance.
• Remote Work Parameters
With many businesses adopting partial or complete work-at-home models, you'll want to include a section in your AUP that addresses what kind of monitoring may take place to ensure compliance with company policies.
While you may want to give employees the 'benefit of the doubt,' setting parameters ensures that all employees are treated equally.
• Bring Your Own Device (BYOB) Rules
If your business allows employees to use their own devices for work, it is essential to outline policies they should adhere to. These guidelines may include rules for limiting access, downloading software, and what types of monitoring may occur.
• Violations and Consequences
An effective AUP will include a section that outlines what will happen if the policy is not followed. This section will require you to consider the type of penalties imposed, ranging from reprimands for minor offenses to termination for severe AUP violations.
Developing this portion of your AUP may require human resources and legal counsel input. Moreover, it may include familiarizing yourself with employment laws where you operate.
Step Four: Write Your AUP
Once you've planned your AUP and know what you want it to cover, it's time to write it. While there is no comprehensive or "right way" to do this, several resources are available.
Here's an example provided by the Sans institute that includes a pdf you can refer to. For more examples, just search the term 'acceptable use policy' in your preferred web browser.
Step Five: Review, Refine, Repeat
Once you've completed your first draft of your Acceptable Use Policy, it's time to review it with your leadership team and any employees you feel can add value to the process. Use their input to refine the policy making sure to weed out things like:
- Unclear phrasing and ambiguity
- Technical jargon that impedes understanding
- Dated or obsolete references
Keep an open mind during the review process and approach, knowing that it will bring about a cohesive and comprehensive policy that benefits everyone. Remember, too, that a 'final' version of the AUP only exists in concept. In reality, your policy will be a living document that should be reviewed and updated periodically.
The trends, insights, and solutions you need to grow your business.
By signing up, you’re subscribing to our monthly email newsletter, The
Wire. You may unsubscribe at any time.
Your information stays safe with us. Learn more about our privacy policy.