Acceptable Usage Policy
An Acceptable Usage Policy (AUP) is a legal and technical document that describes how staff are permitted to use the computer system. After writing your AUP, put it in your Employee Handbook. Have it reviewed by your business attorney. Have users sign it before they are assigned a username.
In this article, please note that I am not an attorney and that this article should not be construed as legal advice. If you have any questions on the applicability of these policies to your organization, please contact your legal counsel.
Following are some of the most common categories that should be addressed in an Acceptable Usage Policy
- Security, Privacy and Monitoring
You should state that the company reserves the right to monitor employee’s computer usage and activities.Although you may not be watching all of your employees all the time, you don’t want an employee to use the legal defense of the expectance of privacy (4th amendment). This has actually been successful without an AUP.
- Use of system for lawful purposes only
In this section, the different type of unlawful purposes should be enumerated as much as possible including child pornography, schemes to defraud, sending spam, any Threats against the United States or any other foreign government, and the various laws that affect usage of computers and digital systems including violating the Electronic Communications Privacy Act, the Computer Fraud and Abuse Act, or the Economic Espionage Act
Also cover respect for intellectual property with the consideration that if an employee steals copywritten text, images, or software, the company could be liable. Types of intellectual property include copywritten text, copywritten images, Software, Videos
and music / audio files.
In the policy, state that failure to abide by this policy is cause for dismissal from the company.
- Accessing Websites
What is your company policy on accessing websites? Is it appropriate to check personal e-mail on MSN and Hotmail? Can users access websites for personal purposes such as eBay or Myspace? State the details here as clearly as possible.
- Who Can Install software
In most companies, only system administrators and management are permitted to install software. In most cases, it is not a good idea to let all users install software because they can accidentally viruses, adware and spyware and most users do not possess the technical capacity to choose the right configuration options.
- Personal Files
Whenever files are stored on your system, there is a cost associated with the storage, management, backup, etc. In most cases, it is not a good idea to allow employees to store personal files on company computers. Personal files may also not comply with your company’s security policies and could contain viruses and inappropriate material that could be a liability for the company. If you would like to allow users to access personal files from the company computer, it is a good policy to require that they use a removable storage drive so the data stays off the company’s system.
- Access From Home
In this section, state the company’s policy on who is permitted to access the company’s computer system from home and how the connection is to be used. Consider that a user’s home computer may not conform to the company’s security policies and could contain viruses and inappropriate files. Many companies only allow access from home with company-issued laptops.
- Where To Store Files
In this section, state where company files should be located. For example, if you have a shared drive, state that all files should be stored here. If the user’s My Documents and files stored on their local hard drive are not backed up, state that here.
In this section, communicate the details of your backup system and data retention policy. How long do you store backup files after they have been deleted? Can these files be recovered if necessary?
- Who Owns Computer Data
This should state that the company owns all data on their network.
- Using Employee-Owned Computers on Company Network
This could cause a potential violation of security policies. If the employee leaves the company, could they take company files with them on their laptop? Could sensitive company files be accessed by other people?
- Virus Protection on Network
In this section, state your standards for virus protection. Some companies are able to enforce having up-to-date virus protection by denying logins to computers that do not have current protection.
- Using Computers for Personal Activities
In this section, define whether personal usage of computers is Not permitted or only permitted at certain times (i.e. breaks). If you have restrictions on how computers can be used for personal activities, state them here.
- Security Standards
In this section, state the security standards you have for your network, user rights, and how files are encrypted.
- P2P File Sharing
P2P file sharing including Kazaa and WinMX can take up a very large amount of your bandwidth and can be difficult to detect the computer from which the traffic is originating. Also consider that your company could be at risk if employees download pirated software, music, and movies online.
- E-Mail Standards
In this section, cover your policies for Sending personal e-mails (i.e. jokes / pictures), sending file attachments, sending to large lists, and spam.
- Inappropriate Activities
In this section, cover all activities that may be legal, but considered inappropriate by the company. These may include viewing pornography, operating an FTP or website from company network, chain letters, forging an e-mail address (spoofing), mailbombing (sending multiple e-mails to the same address), subscribing someone else to an e-mail list without that person’s permission.
It is important to also cover what defines hacking activities on the company network. These can include any attempt to remove any security measure such as gaining unauthorized access, probing the security of the network, and your policy on IRC or text chat on computers.
Need Help Now?Click Here To Get 2 Free Hours of Emergency Tech Support To Solve Your Computer Crisis! ($220 Value!)
Save Money And Increase Productivity With Our FREE 27-Point Audit
Click here to schedule your free 27-Point Technology Audit. ($197 Value!)
Having an ineffective backup system or no backup system is worse than driving without insurance! Click here for more information on our backup systems.