Acceptable Use Policy
A document outlining the rules and guidelines that users must agree to in order to use a network, website, or service. It defines what is considered acceptable and unacceptable behavior, protecting the service provider and its users from potential misuse.
Late 1980s
2
Definitions
In Corporate and IT Governance
In a corporate setting, an Acceptable Use Policy (AUP) is a critical component of IT governance and security. It is a set of rules applied by an owner, creator, or administrator of a network, website, or service, that restricts the ways in which the network, website or system may be used and sets out guidelines as to how it should be used.
Key Concepts:
- Scope: Defines who the policy applies to (e.g., employees, contractors, guests) and what resources it covers (e.g., company network, email, software, devices).
- Prohibited Activities: Explicitly lists forbidden actions, such as accessing illegal content, installing unauthorized software, sharing confidential information, conducting personal business on company time, or engaging in cyberbullying.
- Security Practices: Often includes mandatory security measures for users, like creating strong passwords, locking computers when away, and reporting suspicious emails.
- Consequences: Clearly states the repercussions for violating the policy, which can range from a warning to termination of employment or legal action.
Example: A company's AUP might state: 'Employees are prohibited from using the corporate email system to send unsolicited commercial email (spam). Violation of this policy may result in disciplinary action, up to and including termination.' This is a common clause in a corporate User Agreement.
For Internet Service Providers (ISPs) and Online Services
For ISPs, social media platforms, and other online service providers, the Acceptable Use Policy (often part of the Terms of Service or ToS) is a legal document that users must agree to before using the service. Its primary goal is to protect the provider's infrastructure and shield it from legal liability.
Key Concepts:
- Resource Protection: Prevents activities that could harm the network or degrade service for other users, such as launching denial-of-service attacks, sending spam, or hosting malware.
- Legal Compliance: Prohibits users from using the service for illegal activities, such as copyright infringement, fraud, or distributing illicit materials. This helps the provider comply with laws like the Digital Millennium Copyright Act (DMCA).
- Content Moderation: Sets the rules for user-generated content, defining what is considered harassment, hate speech, or otherwise inappropriate, and giving the provider the right to remove such content and suspend accounts.
Example: A cloud hosting provider's AUP will forbid customers from using their servers to host phishing websites. If a customer does so, the provider can immediately suspend the service to protect its network reputation and other users. This is a standard part of their Fair Use Policy.
Origin & History
Etymology
The term is a straightforward combination of 'Acceptable Use,' referring to permissible actions, and 'Policy,' a set of rules or principles. It directly describes its function: a policy defining acceptable use.
Historical Context
The concept of an **Acceptable Use Policy** gained prominence in the late 1980s and early 1990s with the growth of the internet. One of the most famous early examples was the NSFNET (National Science Foundation Network) AUP. As the backbone of the early internet, its AUP initially restricted use to non-commercial, research, and educational purposes. This policy was a significant factor in shaping the early, non-commercial culture of the internet. As the internet was privatized and commercialized in the mid-1990s, the NSFNET AUP was retired. However, the model was adopted by the new Internet Service Providers (ISPs), corporations, and universities. These organizations needed a way to manage their resources, protect themselves from legal liability arising from user actions, and ensure their networks remained stable. The **AUP** became the standard tool for achieving this, evolving from a simple 'no commercial use' rule to a comprehensive document covering security, privacy, illegal content, and spam. Today, nearly every online service has an **AUP** or an equivalent **Terms of Use** document.
Usage Examples
Before accessing the company's Wi-Fi, all employees must read and agree to the Acceptable Use Policy to ensure they understand the rules regarding network usage.
The university's AUP explicitly prohibits using its network for commercial activities or illegal file sharing.
Our new SaaS platform's Terms of Service includes a detailed Acceptable Use Policy section to prevent system abuse; this User Agreement is mandatory for all subscribers.
Frequently Asked Questions
What is the primary purpose of an Acceptable Use Policy (AUP)?
The primary purpose of an AUP is to protect the service provider, its network, and its users by clearly defining the rules for using a service or resource. It helps prevent illegal, unethical, or harmful activities, minimizes legal liability for the provider, and ensures a safe and reliable environment for all users. It sets clear expectations for behavior.
How does an AUP differ from a Terms of Service (ToS) document?
While they often overlap and are sometimes used as synonyms, an Acceptable Use Policy typically focuses specifically on user behavior and prohibited actions (e.g., no spamming, no illegal downloads). A Terms of Service (ToS) or User Agreement is often a broader legal document that covers the AUP's content but also includes details about intellectual property, liability limitations, payment terms, and dispute resolution. Think of the AUP as a specific component often found within a larger ToS.