Acceptable use policies are an indispensable aspect of the structure of data security strategies; it is normal practice to solicit new individuals to an organization to sign an AUP before they are offered admittance to its data frameworks. Consequently, an AUP must be brief and clear, while simultaneously covering the most significant focuses on what clients are, and are not, permitted to do with the IT frameworks of the organization. It ought to allude clients to the more far-reaching security strategy where pertinent. It should also eminently characterize what assents/sanctions will be applied if a client breaks the AUP. Consistence with this approach should, not surprisingly, be estimated by ordinary reviews.
One of the most important aspects of AUP statements is it should outline the consequences of violating the policy. These set violations should be met with consequences determined by the relationship of the user with the organization. For example, schools and universities often withdraw their services to the violator. Actions, that may also be illegal, may involve the appropriate authorities. Employers will at times withdraw services from employees, although a more common action is to terminate employment when violations may be hurting the employer in some way or may compromise security.
Central to most AUP documents is the section detailing unacceptable uses of the network. Unacceptable behaviors may include:
• Creation and transmission of offensive, obscene, or indecent documents or images • Creation and transmission of material which is designed to cause annoyance, inconvenience, or anxiety • Creation of defamatory material • Creation and transmission that infringes the copyright of another person • Transmission of unsolicited commercial or advertising material • Deliberate unauthorized access to other services accessible using the connection to the network/internet. • Corrupting or destroying other user's data • Violating the privacy of others online • Using the network in such a way that it denies the service to others • Misuse of the network in a way that exposes it to viruses
Disclaimers can also be added in order to absolve your organization from responsibility, dependent on the circumstance. While disclaimers may be added to any AUP, disclaimers are most often found on AUP documents relating to the use of a website while those offering a service fail to add such clauses.