An acceptable use policy is a set of rules applied by website owners and networks, created to restrict the ways in which the site or the network may be used. AUP documents are also used by universities, corporations, Internet Service Providers, and schools.

The acceptable use policies are also integral parts of information security polices; it is a common practice to ask the new members of an organization to sign an AUP before giving them access to its information. And for this reason, an AUP have to be clear and concise, and to cover the most important points about what users are (and are not) allowed to do. It can also refer the users to more comprehensive security policies. It also defines sanctions which will be applied if a user breaks the AUP.

For example, new employees of a company are asked to sign an AUP document prior to being granted access to IT systems. The AUP will succinctly describe the dos and don’ts that have to be followed while using IT system resources.

AUP documentation is similar to Terms of Service documents that are used by websites or ISPs. Different labels include Internet and E-mail Policy, Network AUP, and Acceptable IT Use Policy. All these documents are created on the same principles of permitted network or IT resource usage.

General structure of AUP documents

AUP documents, irrespective of area of application, have a universal structure consisting of certain common elements. The common elements of an AUP document include:

Statement of philosophy

AUP documents typically begin with the statement of philosophy of the organization. The statement should clearly outline the basis on which Internet access is being offered to users of their network.

Code of conduct

The code of conduct specifies the conduct expected from users who connect to a network or use network tools and applications. The code of conduct may include guidelines related to avoiding illegal activities, using suitable language when online and avoidance of online activities that may lead to identity theft or intellectual property misuse, viewing of inappropriate content online and so on.

Consequences of violations of code of conduct

This part of the AUP document specifies penalties that will be enforced if a user breaks the rules. The penalty may include a verbal or written warning for a first-time offender, or it can be an immediate termination of services or employment for repeat offenders.

Disclaimers

Disclaimers are typically incorporated into an AUP document to protect an organization from liability in certain situations. Today, nearly all websites have a “Disclaimer” page.