If your business operates in an industry that requires a significant number of your employees to use company computers during work hours—and let’s face it, that includes most industries—then your business needs an Acceptable Use Policy (AUP). Over time, an AUP can save you time, money and major hassles.
An Acceptable Use Policy is a set of rules and guidelines meant to govern an employee’s use of a company’s technology resources, including the Internet. When implemented at a company, an AUP clearly communicates what is (and is not) permitted on company computers and networks.
While an AUP helps educate employees on issues such as password protection and online security, it also serves an important legal function for the company. In the event that an employee uses a company’s network for unsanctioned personal activities, having an AUP in place can help prevent (or reduce) any legal issues that may arise during that employee’s exit from your company.
Getting Started With an “Acceptable” Template
As it turns out, drafting a rock-solid AUP isn’t so difficult. It doesn’t require retaining an attorney and asking them to draft a document for you. The Internet actually offers a number of good templates. Here’s one example, but there are certainly others out there.
Based on your company’s needs and preferences, you can customize the AUP template to your liking. As you customize the template, you’ll want to consider what types of sites and activities you’d like to prohibit. For example, do you want your employees to have access to social media sites, such as Facebook, Twitter, or YouTube? What about online gaming sites? And, what about employees who manage personal websites or blogs?
Give your Policy Teeth
An effective AUP communicates how the company plans to enforce its policy. If employees don’t believe you 1) have the capability, or 2) will impose consequences for AUP violations, your policy won’t accomplish its purpose. Most firewalls have some blocking and tracking features, but if you need additional assistance with monitoring for AUP violations, Spiceworks is a free network utility that can help you keep an eye out for AUP violations.
Successfully Roll Out your Policy
Before you officially introduce your policy with a grand announcement at an employee meeting (or through a company-wide memo), you may want to do a few more things.
First off, consider getting feedback on your AUP draft from your employees. Having employee buy-in will help you identify any unpractical rules in your policy, not to mention it will aid you later down the road when it comes time for employees to embrace the final draft.
And second, run the draft by your company’s human resources and legal counsel. You’ll want to make sure you aren’t breaking any laws.
Once you’ve done this, you’re then ready to turn the policy loose and start using it. Make sure to have each employee sign the policy and retain a copy in their HR file. Also, make a point to review the policy each year and update it accordingly. Not only does your company continue to evolve, but so does the way that employees use technology. So, during your annual review, you’ll want to close any loopholes, strike provisions that are no longer relevant, and add new clauses to address emerging trends.
About the Author:
Rusty Haferkamp is the chief information officer for Central National Bank. In his spare time, he enjoys being outdoors, hunting, fishing, and spending time with his wife and two young daughters.