How to Draft an Acceptable Use Policy

by

December 16, 2020

Drafting an acceptable use policy is a way to ensure your employees aren’t engaging in risky online behaviors. It is another layer of security for your network, helps businesses meet industry compliance, and reduces your own liability in the face of a cyber incident.

Draft an Acceptable Use Policy Focusing on These Five Key Points

Drafting an acceptable use policy isn’t difficult. The document should cover five key points.

1. An Introduction to the Document

This preamble will explain why the policy is being adopted and the end goals of the policy.  

2. Terminology

This section will define key terms that will be used throughout the document. It takes the guesswork out of vague terms that could be considered “loopholes” for employees. 

3. Scope of The Document

This section covers who must adhere to the policy. Make sure to incorporate everyone that has access to work-issued devices when you draft an acceptable use policy, such as: 

  • Full time employees 
  • Part time employees 
  • Volunteers 
  • Independent contractors 
  • Remote workforces 

This section might also cover specific usage times, such as whenever employees are on the clock but excluding breaks. It should be noted that to be most effective, the policy should remain in effect at any time a work device is being used regardless of whether the employee is “on duty” or not.  

4. Policy 

The policy is the part of the document that clearly outlines unacceptable and acceptable usage of work-issued devices. While this needs to be as comprehensive as possible, make sure you are allowing the employee access to whatever information they need to efficiently do their jobs. This is the point where you can specify what will be deemed safe online behavior and prohibit risky behaviors.  Some points to include when drafting an acceptable use policy may be: 

  • Social media interactions 
  • Private email use 
  • Online browsing 
  • Using work email addresses for personal reasons 
  • Storing personal files on work devices 
  • Uploading and downloading personal files including photos and music 

5. Penalties

Your teams should be aware of the potential repercussions from your company if they are found to be in breach of the acceptable usage document. You can implement a “zero-tolerance” policy, but it’s generally recommended to stick to a warning system or a “three-strike rule” when handling these incidents before taking more punitive steps. 

Drafting BYOD Acceptable Use Policies 

If your workforce uses a BYOD (Bring Your Own Device) operating model, you are more limited in what you can legally include in your acceptable usage document. In these cases, the policy may focus on things such as: 

  • Outlining who, other than the user, can use the device once proprietary information has been installed 
  • Guidelines for reporting lost or stolen personal devices 
  • Inappropriate postings, downloads and uploads and other content while on the company network 
  • Expectations following the employee’s separation from the company 

Enforcing the policy becomes a little trickier here, so make sure to check all the legal implications of creating this policy for your BYOD workforce before implementing it. Here is a free to use, customizable example of a BYOD acceptable use policy you can implement right now.

Integris Will Help You Draft an Adoptable Use Policy

Integris recommends that all businesses draft an acceptable use policy. We understand that the process can seem daunting, however, and we are here for you. We will help you draft your acceptable use policy specifically for your business’ unique needs. Reach out to Integris for the acceptable use policy guidance you need with our free, no risk, no obligation consultation.

We're Integris. We're always working to empower people through technology.

Keep reading

How Can I Measure the ROI in Managed IT Services?

How Can I Measure the ROI in Managed IT Services?

How Can I Measure the ROI in Managed IT Services? The Quick Take Measuring the ROI of managed IT services is crucial for IT managers and C-suite leadership. Here are the key steps: Step #1—Define Goals and Metrics: Set clear goals and identify key performance...

What Are Best Practices for Managing IT Projects?

What Are Best Practices for Managing IT Projects?

What Are Best Practices for Managing IT Projects? The Quick Take Managing IT projects effectively is crucial for ensuring success and maximizing ROI. Here are the best practices to follow: Define Clear Objectives and Scope: Set specific, measurable, achievable,...

What Is The Future of Managed IT Services?

What Is The Future of Managed IT Services?

What Is the Future of Managed IT Services? The Quick Take: The future of managed IT services for small and medium-sized businesses is bright, with the market expected to grow from $1.735 trillion to $2.173 trillion by 2028. Key trends driving this growth include:...