- Acceptable use policy
An acceptable use policy (AUP; also sometimes acceptable usage policy) is a set of rules applied by network and website owners which restrict the ways in which the network or site may be used. AUP documents are written for
corporations, businesses, universities, schools, and website owners often to reduce the potential for legal actionthat may be taken by a user, and often with little prospect of enforcement.
Acceptable use policies are also integral to the framework of
information securitypolicies; it is often common practice to ask new members of an organization to sign an AUP before they are given access to its information systems. For this reason, an AUP must be conciseand clear, while at the same time covering the most important points about what users are, and are not, allowed to do with the IT systems of an organization. It should refer users to the more comprehensive security policy where relevant. It should also, and very notably, define what sanctions will be applied if a user breaks the AUP. Compliance with this policy should, as usual, be measured by regular audits.
AUP documents are similar to and often doing the same job as a document labelled
In some cases, AUP documents are named [http://www.visiongateway.net/support/downloads/document/AUP%20-%20Employee.pdf Internet and E-mail policy] , [http://www.aapt.com.au/popup/acceptable_use_policy.asp Internet AUP] , or [http://www.k12.wa.us/K-20/AUPSchBoardNetworkUse.aspx Network AUP] and also [http://www.lboro.ac.uk/computing/policies/loughborough-aup.html Acceptable IT Use Policy] . These documents, even though named differently, largely provide policy statements as to what
behaviouris acceptable from users of the local network/Internet connected via the local network.
Common elements of AUP statements
In general, AUP statements/documents often begin with a [http://www.solis.co.uk/aup/index statement of the philosophy] of the
sponsoring organization and intended reason as to why Internet use is offered to the users of that organisation's network. For example, the sponsoring organisation adopts a philosophyof self-regulation and offers the user connection to the local network and also connection to the Internet providing that the user accepts the fact she/he is going to be personally responsible for actions taken when connected to the network or Internet. This may mean that the organisation is not going to provide any warning system should the user contravene policy, maintaining that it is up to the user to know when his/her actions are in violation of policy.ssOften Acceptable Use Policy documents provide a statement about the use of the network and/or Internet and its [http://www.pen.k12.va.us/VDOE/Technology/AUP/home.shtml uses and advantages] to the business, school or other organization sponsoring connection to the Internet. Such a statement may outline the benefit of email systems, ability to gain information from websites, connection with other people through the use of instant messaging, and other similar benefits of various protocols including the relatively new VoiP services.
The most important part of an AUP document is the [http://title3.sde.state.ok.us/technology/aup.htm code of conduct] governing the behaviour of a user whilst connected to the network/Internet. The code of conduct may include some description of what may be called netiquette which includes such items of conduct as using appropriate/polite language while online, avoiding illegal activities, ensuring that activities the user may embark on should not disturb or disrupt any other user on the system, and caution not to reveal personal information that could be the cause of
Most AUP statements outline [http://www.earthlink.net/about/policies/use/ consequences of violating] the policy. Such
violations are met with consequences depending on the relationship of the user with the organization. Common actions that schools and universities take is to withdraw the service to the violator and sometimes if the activities are illegal the organization may involve appropriate authorities, such as the local police. Employers will at times withdraw the service from employees, although a more common action is to terminate employment when violations may be hurting the employer in some way, or may compromise security. [http://www.earthlink.net/about/policies/use/ Earthlink] , an American Internet service providerhas a very clear policy relating to violations of its policy. The company identifies six levels of response to violations:
* issue warnings: written or verbal
* suspend the Member's newsgroup posting privileges
* suspend the Member's account
* terminate the Member's account
* bill the Member for administrative costs and/or reactivation charges
* bring legal action to enjoin violations and/or to collect damages, if any, caused by violations.
Central to most AUP documents is the section detailing unacceptable uses of the network, as displayed in the [http://nsit.uchicago.edu/policies/eaup/ University of Chicago AUP] . Unacceptable behaviours may include creation and transmission of offensive,
obscene, or indecent documentor images, creation and transmissionof material which is designed to cause annoyance, inconvenience or anxiety, creation of defamatorymaterial, creation and transmission that infringes copyrightof another person, transmission of unsolicited commercial or advertisingmaterial and deliberate unauthorised access to other services accessible using the connection to the network/Internet. Then there is the type of activity that uses the network to waste time, [http://www.surfcontrol.com/uploadedfiles/AUP_Booklet_10011_uk.pdf as indicated in SurfControl's advice on writing AUPs] , of technical staff to troubleshoot a problem for which the user is the cause, corrupting or destroying other user's data, violating the privacy of others online, using the network in such a way that it denies the service to others, continuing to use software or other system for which the user has already been warned about using, and any other misuse of the network such as introduction of viruses. Disclaimers are often added in order to absolve an organisation from responsibility under specific circumstances. For example, in the case of [http://www.anglia.ac.uk/ruskin/en/home/tools/disclaimer.html Anglia Ruskin University] a disclaimer is added absolving the University for errors or omissions or for any consequences arising from the use of information contained on the University website. While disclaimers may be added to any AUP, disclaimers are most often found on AUP documents relating to the use of a website while those offering a service fail to add such clauses. [http://www.psychologyuk.co.uk/forum/faq.php?faq=aup#faq_forum_disclaimer PsychologyUK] , a magazine forum site, includes the type of disclaimer that can be used in an AUP for a website or online service of some type.
Particularly when an AUP is written for a college or school setting, AUPs remind students (or when in the case of a company, employees) that connection to the Internet, or use of a website, is a privilege, as [http://www.lboro.ac.uk/computing/policies/loughborough-aup.html demonstrated in the Loughborough University's Janet Service AUP] and not a right. Through emphasising this "privilege" aspect, [http://www.niu.edu/aup/ Northern Illinois University] then make the connection that any abuse of that privilege can result in legal action from the University.
In a [http://www.pen.k12.va.us/VDOE/Technology/AUP/home.shtml handbook for writing AUP documents] , the Virginia Department of Education indicate that there are three other areas needing to be addressed in an AUP:
* a statement that the AUP is in compliance with state and national telecommunication rules and regulations
* a statement regarding the need to maintain personal safety and privacy while accessing the Internet
* a statement regarding the need to comply with Fair Use Laws and other copyright regulations while accessing the Internet
Through a cursory reading of [http://www.google.co.uk/search?q=acceptable+use+policy&sourceid=navclient-ff&ie=UTF-8&rlz=1B3GGGL_enAU213AU213 AUP statements found by a Google Search] the variation of AUP documents including each of these items is highly variable. However, those statements in a school or university setting are more likely to include a statement to address at least the "personal safety" issue.
As displayed in a small company's website AUP, [http://www.taglab.com/contact/acceptableusepolicy.html Taglab] , the enforceability of an AUP may be partly determined on including wording that preserves the enforceability of an AUP, particularly if part of an AUP is found to be void for whatever reason, and if a company decides to add to or change the AUP. Taglab's statements regarding enforceability include:b
6.1 If any provision of this AUP or part thereof shall be void for whatever reason, the offending words shall be deemed deleted and the remaining provisions shall continue in full force and effect.
6.2 The Company reserves the right to add, delete or modify any provision of this Policy at any time without notice, effective upon posting of the modified Policy at http://www.taglab.com/contact/acceptableusepolicy.html
6.3 This Policy shall be governed by the laws of England and the parties submit to the exclusive jurisdiction of the Courts of England and Wales.
And of course with the ever widening of the number of jurisdictions covered by the Internet, the AUP document needs to indicate the jurisdiction , meaning the laws that are applicable and govern the use of an AUP. Even if a company is only located in one jurisdiction and the AUP applies to only its employees naming the jurisdiction saves difficulties of interpretation should legal action be required to enforce its statements.
* [http://www.spamhaus.org/aups.html Examples of spam-banning AUPs]
* [http://www.io.com/~kinnaman/aupessay.html Essay on AUPs of educational organizations]
* [http://info.yahoo.com/legal/us/yahoo/utos/utos-173.html Yahoo!]
* [http://www.earthlink.net/about/policies/use/ Earthlink ISP - consequences of violating]
* [http://www.enta.net/Policies/Acceptable_Use_Policy/ Entanet, a UK example of an AUP]
* [http://www.visiongateway.net/support/downloads/document/AUP%20-%20Employee.pdf visionGATEWAY Email and Internet Use Policy] (
* [http://www.surfcontrol.com/uploadedfiles/AUP_Booklet_10011_uk.pdf SurfControl's advice on writing AUPs] (
* [http://www.pen.k12.va.us/VDOE/Technology/AUP/home.shtml Virginia Department of Education Handbook for writing AUP documents]
* [http://www.sans.org/resources/policies/Acceptable_Use_Policy.pdf SANS sample AUP] (
* [http://www.collegeofcommerce.com/file.php/1/itpolicy.html School/College (Republic of Ireland) IT AUP, released on the GFDL]
* [http://www.datasecuritypolicies.com/tag/acceptable-use-policy The SANS Security Policy Project] provides a free collection of policies and policy templates.
Wikimedia Foundation. 2010.
Look at other dictionaries:
Acceptable Use Policy — guidelines which users on an Internet access server must obey … English contemporary dictionary
acceptable use policy — AUP The rules of permitted behaviour on a particular portion of the Internet … Big dictionary of business and management
accepted use policy — (AUP) Official document of the National Science Foundation (The NSFNET Backbone Services Acceptable Use Policy 1992) that describes both acceptable and unacceptable uses of the Internet … IT glossary of terms, acronyms and abbreviations
Use of performance-enhancing drugs in sport — The use of performance enhancing drugs in sport is commonly referred to by the term doping , particularly by those organizations that regulate competitions. The use of performance enhancing drugs is mostly done to improve athletic performance.… … Wikipedia
User account policy — is a document which outlines the requirements for requesting and maintaining an account on computer systems or networks, typically within an organization. It is very important for large sites where users typically have accounts on many systems.… … Wikipedia
Information security policy documents — An information security policy document contains the written statements for how an organization intends to protect information. Written information security policy documents are required for compliance with various security and privacy… … Wikipedia
drug use — Introduction use of drugs for psychotropic rather than medical purposes. Among the most common psychotropic drugs are opiates ( opium, morphine, heroin), hallucinogens (LSD, mescaline, psilocybin), barbiturates, cocaine, amphetamines,… … Universalium
One-China policy — The One China policy (simplified Chinese: 一个中国; traditional Chinese: 一個中國 政策 ; pinyin: yī gè Zhōngguó) refers to the policy or view that there is only one state called China , despite the existence of two governments that claim to be China … Wikipedia
Energy policy — is the manner in which a given entity (often governmental) has decided to address issues of energy development including energy production, distribution and consumption. The attributes of energy policy may include legislation, international… … Wikipedia
Drug policy — A drug policy most often refers to a government s attempt to combat the negative effects of drug addiction and misuse in its society. Governments try to combat drug addiction with policies which address both the demand and supply of drugs, as… … Wikipedia