Acceptable use policy
|
|
An acceptable use policy (AUP) is a set of rules applied by many transit networks which restrict the ways in which the network may be used. A well known example is NSFNet which does not allow commercial use. Enforcement of AUPs varies with the network.
Most providers of services on the Internet include an AUP as one of the key provisions of their terms of service.
Acceptable use policies are also integral to the framework of information security policies; it is often common practice to ask new members of an organisation to sign an AUP before they are given access to its information systems. For this reason, an AUP must be concise and clear, while at the same time covering the most important points about what users are, and are not, allowed to do with the IT systems of the organisation. It should refer users to the more comprehensive security policy where relevant. It should also, and very notably, define what sanctions will be applied if a user breaks the AUP. Compliance with this policy should, as usual, be measured by regular audits.
External links
- JANET Acceptable Use Policy (http://www.ja.net/documents/use_policy.pdf)
- Examples of spam-banning AUPs (http://www.spamhaus.org/aups.html)
- Essay on AUPs of educational organizations (http://www.io.com/~kinnaman/aupessay.html)
- SANS sample AUP (http://www.sans.org/resources/policies/Acceptable_Use_Policy.pdf)
- This article was originally based on material from the Free On-line Dictionary of Computing, which is licensed under the GFDL.