Skip to Navigation Skip to Content

What is an Acceptable Use Policy?

An Acceptable Use Policy, often referred to as an AUP, is a written document that clearly defines the terms and conditions under which an individual or entity is allowed to use an organization’s IT infrastructure, networks, systems, software, and digital resources. It is not limited to businesses but is also implemented in educational institutions, government agencies, and other organizations where technology is central to operations.

This is particularly important if an organization is:

  • Providing staff access to company networks
  • Setting up new employees with technology
  • Protecting company data and systems
  • Managing internet use in schools or workplaces

Key inclusions in an AUP

An AUP typically contains the following key sections:

  • Introduction: An overview of what the AUP’s intended purpose is; key definitions of terminology used within the document; and a notice to users that their use of the services in question is subject to their agreement to the AUP.
  • Scope: Describes who and what the policy applies to, i.e. user groups or particular services that are provided through a given website or network.
  • Policies: A list of what is deemed acceptable and unacceptable usage of the services.
  • Enforcement: Notes which laws will apply to enforcing the AUP; what actions the service owners may take to enforce the policy; and any penalties that may follow for users who violate the AUP.

Why do you need an acceptable use policy?

If you’ve already got a Privacy Policy and Terms and Conditions sorted for your website, you’re probably wondering whether an AUP is necessary. If your website, product or service could be used to harm, harass or violate the rights of other people, you should create an AUP and get users to agree to it prior to granting them access.

In conjunction with a broader set of terms and conditions, an AUP can provide a clear and detailed set of user guidelines to prevent users from engaging in dangerous or malicious behavior while using a specific service. For example, Google’s G Suite AUP states that users must agree not to send spam email or spread viruses and online hoaxes through their services, amongst other rules.

Is an acceptable use policy legally required?

No. However, while an AUP is not legally required for your website, it can provide you with some legal protection if things go awry. To avoid any costly repercussions and disagreements in the future, it’s best to be as clear and upfront as possible about what is expected of your users when accessing your website.

Get an Acceptable Use Policy with our ‘Compliance Pro’ package

Our ‘Compliance Pro’ package includes an Acceptable Use Policy, along with a full suite of compliance tools