Sample Acceptable Use Policy Template & Examples [PDF + DOC] (2022)

An acceptable use policy, while not required by law, is arguably one of the most important policies an organization providing access to a website, application, online platform or network should have.

Indeed, it allows the organization to maintain control and ensure the security of both its service and its users. Technology is a beautiful thing but there are undoubtedly many risks associated with using online services and handling business data virtually.

The main threat to network security is without a doubt users taking risks or misusing technology, thus the importance of being diligent and trying to regulate their use to prevent breaches and data loss.

Table of Contents

PRO TIP: Don’t waste your time and take the guesswork out of the legal jargon with this personalized acceptable use policy generator trusted by over 100,000 businesses.

Sample Acceptable Use Policy Template

Acceptable use policies, unlikeprivacy policies, are not legally required, thus what should be included is not as standard. One must consider the particularities of each organization, its technology, and its end-users before drafting such a document.

However, this handy template is a good starting point and can be customized to your organization’s needs:

Download PDFDownload DOCX

Acceptable Use Policy Examples

Online Banking Services

Transferwise, now known as Wise, is a financial technology company that allows customers to hold bank accounts in multiple currencies, apply for a multi-currency credit card, and transfer money worldwide. It does not have any physical locations, unlike traditional banks and, as such, exclusively offers its services through an online platform.

(Video) Acceptable Use Policy Explained--Baltimore County Public Schools

Unsurprisingly considering the risks associated with the handling of financial data, Wise has a detailed yet easy-to-understandAcceptable Use Policywhich sets out the terms under which users can access its services (to be read in conjunction with itsUser Agreementwhich refers to its other policies).

Restricted Activities

Wise starts out by stating that its services are to be used for lawful purposes only – it uses bullet points to list out prohibited uses:

Sample Acceptable Use Policy Template & Examples [PDF + DOC] (2)

Note how general this clause is – it encapsulates any use of its services that would breach or cause the company to breach any local, national or international laws or regulations. Being a bank, it specifically mentions that its services are not to be used for fraudulent purposes or to perform tax evasion.

Restricted Businesses & Transactions

In addition to restricting how its services are to be used, Wise states that it does not support a range of businesses or transactions involved in the following categories and industries as it considers them too risky:

Sample Acceptable Use Policy Template & Examples [PDF + DOC] (3)

Note that this list is not exhaustive and that Wise reserves the right to deny service to any customers that it deems to exceed its risk tolerance threshold.

Penalties

Wise is very clear when it comes to explaining the consequences of not complying with its acceptable use policy.

Sample Acceptable Use Policy Template & Examples [PDF + DOC] (4)

It gives itself the power to immediately remove one’s access to its services, suspend or cancel payment orders, remove user-uploaded material, issue warnings, take legal action against perpetrators and report and disclose relevant information to law enforcement authorities.

These terms should not come as a surprise to individuals that choose to use Wise’s services as they are prompted to accept them at the time of account creation:

Sample Acceptable Use Policy Template & Examples [PDF + DOC] (5)

When one clicks on “Terms of Use” they are taken to a page where all applicable agreements are listed out and made accessible through hyperlinks, including the acceptable use policy:

Sample Acceptable Use Policy Template & Examples [PDF + DOC] (6)

This is a great way for the company to ensure that potential customers do not miss any of the important policies that govern the use of its website and services.

(Video) How to write an ISO 27001 compliant acceptable use policy

Educational Institution

Prestigious Washington-based Georgetown University welcomes the finest students from all over the globe. Technology is widely used by faculty staff and students to teach, study and research and, considering the size of the institution, it has numerous strong policies in place that govern how it should be used by all.

These are all accessible in one place, through theUniversity Information Security Office, including itsComputer Systems Acceptable Use Policy.

Purpose & Applicability

Perhaps to sensibilize its university population to the reason and purpose behind this policy, Georgetown University’s acceptable use document starts out by stating to whom it applies as well as the guiding principles behind it.

Sample Acceptable Use Policy Template & Examples [PDF + DOC] (7)

Note that this policy applies to anyone that uses the University’s information technology resources, and not just to students and staff.

The guiding principles are a great idea for any organization in which restrictions to technology access could be seen as a limitation of personal freedom.

The University explains that it recognizes the importance of being able to access IT resources to support education and research and to be exposed to a multitude of views. However, it does restrict usage to university-related activities only, such as research, instruction, learning, enrichment, dissemination of scholarly information, and administrative tasks.

Disclaimer

The University, by making IT resources available, is also exposing users to content that it doesn’t control, considering the amount of information that circulates on the Internet, this makes total sense. To protect itself, the University includes a disclaimer:

Sample Acceptable Use Policy Template & Examples [PDF + DOC] (8)

It also encourages users to report abuse at a dedicated email address.

Responsibilities

The University cannot possibly monitor all of the IT resources that it makes available. Thus, it sets out the responsibilities that come with choosing to use its computers or networks.

It notably reinforces the importance of taking appropriate security measures when using electronic resources, including when it comes to password management and protection from unauthorized access – it refers users to theGeorgetown University Information Security Policyto which they are expected to abide by.

Sample Acceptable Use Policy Template & Examples [PDF + DOC] (9)

Users are personally responsible and accountable for the use and security of the electronic resources that they own or use.

It also reiterates that these are shared resources and should be treated as such:

(Video) Live Webinar: PDF/UA: the inclusive document format

Sample Acceptable Use Policy Template & Examples [PDF + DOC] (10)

Access to those technology resources is not a right, but a privilege.

Oversight

The University is very transparent when it comes to how it plans to administer and ensure compliance with this policy. It reserves the right to examine all university-owned and operated computer systems and electronic resources and to take action as needed. This can include restricting or limiting access to such technology (including its networks and the material found on its computers) when evidence of a violation is found.

Note that the University mentions that abuse could lead to disciplinary or legal action.

Sample Acceptable Use Policy Template & Examples [PDF + DOC] (11)

Reporting Violations

Users of the University’s technology resources are invited to report incidents and abuse of this policy to a dedicated email address and to forward any spam received to another. Moreover, it includes links to other resources where hate and bias, and copyright infringement can be reported.

In addition to this acceptable use policy, the University has a separate document that applies to its employees’ incidental personal use of technology resources, theIncidental Personal Use of Electronic Resources Guidelines. It acknowledges that sometimes employees need to use these resources for personal purposes (but should be restricted to matters that cannot wait to be addressed during non-work hours), but does specify that this should not hinder official business or affect the performance of an employee’s duties, and expressly prohibits some uses.

Network Provider

Software and network providers are probably the two types of businesses that almost without fail have a strong and detailed acceptable use policy in place.

AT&T, the world’s largest telecommunications company, is no exception. The company has a strong broadband network which it makes accessible to customers through its Internet and wireless plans. As such, itsAcceptable Use Policyapplies to all AT&T services that provide or include access to the Internet or are provided over the Internet or wireless data networks (what the company refers to as “IP Services”). By using any of these services, customers confirm agreeing to comply with the company’s policy.

Prohibited Uses

The policy starts off by stating all prohibited activities – here are the general prohibitions and statement concerning unlawful activities:

Sample Acceptable Use Policy Template & Examples [PDF + DOC] (13)

Note how it refers and mentions all services that can be accessed through an AT&T link – customers must abide by these services’ respective rules, guidelines, or agreements in order to be found compliant with this acceptable use policy.

It then goes on to list specific prohibited uses, such as violation of intellectual property rights, the transmission of threatening material or content and using the services for inappropriate interaction with minors or for child pornography.

Sample Acceptable Use Policy Template & Examples [PDF + DOC] (14)
(Video) IT Policies, Acceptable Use Policy, Technology Policies (Q&A and Discussion)

A large section of the policy is dedicated to the abuse of email services, including the sending of spam mail using its services – the list of prohibited activities is very detailed and in the bullet-point form to make it easy to read:

Sample Acceptable Use Policy Template & Examples [PDF + DOC] (15)

In addition, AT&T strongly condemns using its services to interfere with, gain access to or violate the security of a server, network, computer, software or system, theirs or otherwise, and considers doing so a violation of its policy:

Sample Acceptable Use Policy Template & Examples [PDF + DOC] (16)

Responsibilities

In addition to mentioning in the clause above that ensuring the security of systems and machines that connect to AT&T’s services is at the responsibility of the customer, the company states that customers remain solely and fully responsible for the content that they choose to post, host, download, upload, create, access or transmit using its services.

Sample Acceptable Use Policy Template & Examples [PDF + DOC] (17)

This is a standard clause for a network provider as it would be impossible and unreasonable to ask them to monitor and take responsibility for the actions of millions of customers – including such a clause makes it clear to its customers and to third parties that could be affected by their actions.

Sanctions

A few lines of AT&T’s acceptable use policy are in bold – these serve to warn customers of how the company plans to enforce this policy as well as the potential sanctions which could arise from a violation.

Sample Acceptable Use Policy Template & Examples [PDF + DOC] (18)

While it does state that it will warn customers of a violation when feasible to give them a chance to correct their actions, the company does reserve the right to take immediate action and suspend or terminate services in some circumstances.

These notably include when the company receives a court order or government notice or when it reasonably determines that it could expose the company to liability, harm, or interfere with the company’s network or another customer’s services, the conduct violates laws or regulations or if the use otherwise presents an imminent risk of harm to the company or its customers.

AT&T includes a clause that directly addresses copyright infringement claims andDMCA notices, as well as includes an email address where all incidents should be reported for investigation.

All in all, this constitutes a fairly standard acceptable use policy for a network provider as it addresses concerns that are specific to that type of organization.

How to Draft an Acceptable Use Policy?

We trust that you will have found these examples useful as you start thinking about drafting an acceptable use policy for your own business.

While these can serve as inspiration, you should always take into consideration the particularities of your business, users, and the technology that you are making available.

Some acceptable and prohibited activities are fairly standard but others should directly be linked to the uses that could be made of your services as each of them have their own associated risks.

(Video) How to Write an Information Security Policy in 5 Minutes

Ouracceptable use policy generatoris an easy solution if you want to give yourself peace of mind. After all, a good policy can help you prevent abuse and retain control over your platform or services.

Once you have made your acceptable use policy available, don’t forget to update it from time to time as your organization and its privacy challenges evolve. And when you do so, take this as an opportunity to remind your users (whether they are customers, students, or employees) of its existence.

FAQs

What is an example of acceptable use policy? ›

Refrain from monopolizing systems, overloading networks with excessive data, degrading services, or wasting computer time, connection time, disk space, printer paper, manuals, or other resources.

How do you write an acceptable use policy? ›

3 key elements of an acceptable use policy
  1. Includes specific rules, such as no video pirating.
  2. Outlines consequences for breaking the rules, such as warnings or suspension of access.
  3. Details an organization's philosophy for granting access (for example, internet use is a privilege that can be revoked, rather than a right)
Mar 21, 2022

What does an acceptable use policy outline? ›

The purpose of the (Company) Acceptable Use Policy is to establish acceptable practices regarding the use of (Company) Information Resources in order to protect the confidentiality, integrity and availability of information created, collected, and maintained.

What are some of the important elements of an acceptable use policy? ›

7 Things To Consider When Creating An Acceptable Use Policy
  • Consider Impacts Before Establishing Rules. ...
  • Define What Data Matters and Why. ...
  • Define Any Compliance or Legal Concerns. ...
  • Solicit Feedback From Stakeholders and Revisit Policy. ...
  • Consider Personally Owned Devices That Access Company Data Assets. ...
  • Social Media.
Sep 17, 2017

What should not be part of an acceptable use policy? ›

1 Answer. Encryption policies not be part of an acceptable use policy.

Which of the following best describes an acceptable use policy? ›

Which of the following statements best defines an acceptable use policy (AUP)? It defines acceptable uses of the firm's information resources and computing equipment, including desktop and laptop computers, wireless devices, telephones, and the Internet, and it specifies consequences for noncompliance.

What are the six key elements of an AUP? ›

The National Education Association suggests that an effective AUP contain the following six key elements:
  • a preamble,
  • a definition section,
  • a policy statement,
  • an acceptable uses section,
  • an unacceptable uses section, and.
  • a violations/sanctions section.

What is the difference between an acceptable use policy and a fair use policy? ›

One consequence of sharing is that an AUP typically goes into detail about etiquette and respect for fellow users of the resource, which is not applicable for single-user software applications. An acceptable use policy is also known as a fair use policy or terms of use.

What is an acceptable use policy in the workplace? ›

An acceptable use policy (AUP) is a document that outlines the rules and restrictions employees must follow in regard to the company's network, software, internet connection and devices.

Why is IT important to have an acceptable use policy? ›

Companies and other facilities use an AUP to protect their networks from bad players. The purpose of an AUD is to ensure everyone is only using internet access for appropriate tasks. Limiting what users can do can help these internet providers uphold the law and protect other users from cybersecurity threats.

Which two of these rules could be included in a company's acceptable use standards? ›

Which two of these rules could be included in a company's acceptable use standards? Employees must not alter someone else's content without permission. Employees must not try to bypass any installed security controls.

What is an AUP violation? ›

VIOLATIONS OF THE ACCEPTABLE USE POLICY. The following constitute violations of this AUP: a. Network disruptions and unfriendly activity. Using the services for any activity which adversely affects the ability of other people or systems to use the services or the Internet is prohibited.

Who owns the acceptable use policy? ›

The Deputy Director of Administration owns this Acceptable Use Policy and is responsible for ensuring that all personnel with access to state information assets are aware of this policy and acknowledge their individual responsibilities. 6.2.

Why is IT important for schools and organizations to have an acceptable use policy? ›

Acceptable Use Policies spell out to users what they can and cannot do with the organizations IT resources. This includes all devices and the network connection itself. It is important for organizations to have acceptable use policies as it helps protect them from various types of notices and lawsuits.

What is an acceptable use policy in the workplace? ›

An acceptable use policy (AUP) is a document that outlines the rules and restrictions employees must follow in regard to the company's network, software, internet connection and devices.

What are the six key elements of an AUP? ›

The National Education Association suggests that an effective AUP contain the following six key elements:
  • a preamble,
  • a definition section,
  • a policy statement,
  • an acceptable uses section,
  • an unacceptable uses section, and.
  • a violations/sanctions section.

What is the difference between an acceptable use policy and a fair use policy? ›

One consequence of sharing is that an AUP typically goes into detail about etiquette and respect for fellow users of the resource, which is not applicable for single-user software applications. An acceptable use policy is also known as a fair use policy or terms of use.

Why do you need an acceptable use policy? ›

Companies and other facilities use an AUP to protect their networks from bad players. The purpose of an AUD is to ensure everyone is only using internet access for appropriate tasks. Limiting what users can do can help these internet providers uphold the law and protect other users from cybersecurity threats.

Videos

1. A good plan for an internet acceptable use policy
(S Bridges Mathieu)
2. Internet Usage Policy | Internet Use Policy Template
(EasyAgreements)
3. 2023 Fall Grants Creative Opportunity Fund Only Information Session (Outside NYC Applicants)
(A.R.T./New York)
4. 2023 A.R.T./New York Fall Grant Application Info Session (NYC Applicants)
(A.R.T./New York)
5. Security Policies - N10-008 CompTIA Network+ : 3.2
(Professor Messer)
6. Fair Use: Legally Use Movie Clips & Copyrighted Material In Your YouTube Videos
(MagnatesMedia)

You might also like

Latest Posts

Article information

Author: Horacio Brakus JD

Last Updated: 10/06/2022

Views: 6112

Rating: 4 / 5 (51 voted)

Reviews: 82% of readers found this page helpful

Author information

Name: Horacio Brakus JD

Birthday: 1999-08-21

Address: Apt. 524 43384 Minnie Prairie, South Edda, MA 62804

Phone: +5931039998219

Job: Sales Strategist

Hobby: Sculling, Kitesurfing, Orienteering, Painting, Computer programming, Creative writing, Scuba diving

Introduction: My name is Horacio Brakus JD, I am a lively, splendid, jolly, vivacious, vast, cheerful, agreeable person who loves writing and wants to share my knowledge and understanding with you.