How to Draft an Acceptable Use Policy


December 16, 2020

Drafting an acceptable use policy is a way to ensure your employees aren’t engaging in risky online behaviors. It is another layer of security for your network, helps businesses meet industry compliance, and reduces your own liability in the face of a cyber incident.

Draft an Acceptable Use Policy Focusing on These Five Key Points

Drafting an acceptable use policy isn’t difficult. The document should cover five key points.

1. An Introduction to the Document

This preamble will explain why the policy is being adopted and the end goals of the policy.  

2. Terminology

This section will define key terms that will be used throughout the document. It takes the guesswork out of vague terms that could be considered “loopholes” for employees. 

3. Scope of The Document

This section covers who must adhere to the policy. Make sure to incorporate everyone that has access to work-issued devices when you draft an acceptable use policy, such as: 

  • Full time employees 
  • Part time employees 
  • Volunteers 
  • Independent contractors 
  • Remote workforces 

This section might also cover specific usage times, such as whenever employees are on the clock but excluding breaks. It should be noted that to be most effective, the policy should remain in effect at any time a work device is being used regardless of whether the employee is “on duty” or not.  

4. Policy 

The policy is the part of the document that clearly outlines unacceptable and acceptable usage of work-issued devices. While this needs to be as comprehensive as possible, make sure you are allowing the employee access to whatever information they need to efficiently do their jobs. This is the point where you can specify what will be deemed safe online behavior and prohibit risky behaviors.  Some points to include when drafting an acceptable use policy may be: 

  • Social media interactions 
  • Private email use 
  • Online browsing 
  • Using work email addresses for personal reasons 
  • Storing personal files on work devices 
  • Uploading and downloading personal files including photos and music 

5. Penalties

Your teams should be aware of the potential repercussions from your company if they are found to be in breach of the acceptable usage document. You can implement a “zero-tolerance” policy, but it’s generally recommended to stick to a warning system or a “three-strike rule” when handling these incidents before taking more punitive steps. 

Drafting BYOD Acceptable Use Policies 

If your workforce uses a BYOD (Bring Your Own Device) operating model, you are more limited in what you can legally include in your acceptable usage document. In these cases, the policy may focus on things such as: 

  • Outlining who, other than the user, can use the device once proprietary information has been installed 
  • Guidelines for reporting lost or stolen personal devices 
  • Inappropriate postings, downloads and uploads and other content while on the company network 
  • Expectations following the employee’s separation from the company 

Enforcing the policy becomes a little trickier here, so make sure to check all the legal implications of creating this policy for your BYOD workforce before implementing it. Here is a free to use, customizable example of a BYOD acceptable use policy you can implement right now.

Integris Will Help You Draft an Adoptable Use Policy

Integris recommends that all businesses draft an acceptable use policy. We understand that the process can seem daunting, however, and we are here for you. We will help you draft your acceptable use policy specifically for your business’ unique needs. Reach out to Integris for the acceptable use policy guidance you need with our free, no risk, no obligation consultation.

We're Integris. We're always working to empower people through technology.

Keep reading

Strong Cybersecurity Postures: How to Unleash their Power

Strong Cybersecurity Postures: How to Unleash their Power

In the vast digital landscape where virtual dragons and sneaky trolls roam a strong cybersecurity posture has never been more important. Imagine a band of modern-day knights led by our protagonist, Alex. Armed with a trusty laptop and a cup of coffee, Alex navigates...

How to Spot a Phishing Attack in 2023

How to Spot a Phishing Attack in 2023

In 2023 cyber threats lurk behind every tree trunk in today's digital jungle, and cybersecurity awareness is more critical than ever. Among the craftiest of these threats are phishing attacks. Phishing attacks are cunningly engineered with social manipulation at their...

How to Choose an IT Consultant in Boulder, CO

Regardless of industry size or type, Boulder IT consultants play a massive role in the way companies in the Boulder area do business. While most companies may have their own in-house IT department, many of these departments are small and cannot handle all the...