Drafting an acceptable use policy is a way to ensure your employees aren’t engaging in risky online behaviors. It is another layer of security for your network, helps businesses meet industry compliance, and reduces your own liability in the face of a cyber incident.
Draft an Acceptable Use Policy Focusing on These Five Key Points
Drafting an acceptable use policy isn’t difficult. The document should cover five key points.
1. An Introduction to the Document
This preamble will explain why the policy is being adopted and the end goals of the policy.
This section will define key terms that will be used throughout the document. It takes the guesswork out of vague terms that could be considered “loopholes” for employees.
3. Scope of The Document
This section covers who must adhere to the policy. Make sure to incorporate everyone that has access to work-issued devices when you draft an acceptable use policy, such as:
- Full time employees
- Part time employees
- Independent contractors
- Remote workforces
This section might also cover specific usage times, such as whenever employees are on the clock but excluding breaks. It should be noted that to be most effective, the policy should remain in effect at any time a work device is being used regardless of whether the employee is “on duty” or not.
The policy is the part of the document that clearly outlines unacceptable and acceptable usage of work-issued devices. While this needs to be as comprehensive as possible, make sure you are allowing the employee access to whatever information they need to efficiently do their jobs. This is the point where you can specify what will be deemed safe online behavior and prohibit risky behaviors. Some points to include when drafting an acceptable use policy may be:
- Social media interactions
- Private email use
- Online browsing
- Using work email addresses for personal reasons
- Storing personal files on work devices
- Uploading and downloading personal files including photos and music
Your teams should be aware of the potential repercussions from your company if they are found to be in breach of the acceptable usage document. You can implement a “zero-tolerance” policy, but it’s generally recommended to stick to a warning system or a “three-strike rule” when handling these incidents before taking more punitive steps.
Drafting BYOD Acceptable Use Policies
If your workforce uses a BYOD (Bring Your Own Device) operating model, you are more limited in what you can legally include in your acceptable usage document. In these cases, the policy may focus on things such as:
- Outlining who, other than the user, can use the device once proprietary information has been installed
- Guidelines for reporting lost or stolen personal devices
- Inappropriate postings, downloads and uploads and other content while on the company network
- Expectations following the employee’s separation from the company
Enforcing the policy becomes a little trickier here, so make sure to check all the legal implications of creating this policy for your BYOD workforce before implementing it. Here is a free to use, customizable example of a BYOD acceptable use policy you can implement right now.
Integris Will Help You Draft an Adoptable Use Policy
Integris recommends that all businesses draft an acceptable use policy. We understand that the process can seem daunting, however, and we are here for you. We will help you draft your acceptable use policy specifically for your business’ unique needs. Reach out to Integris for the acceptable use policy guidance you need with our free, no risk, no obligation consultation.