An acceptable use policy is a written document that sets out practices and restrictions regarding the use of company technology. It describes what employees can and can't do when using corporate computers, networks, websites or systems.
Why might you need an acceptable use policy?
Effective use of the internet and email can bring significant benefits to your business. However, unregulated use of technology can cause serious issues, such as employees:
- wasting time surfing the internet
- sending personal emails
- clogging up the system with large attachments
- exposing your IT systems to cyber threats, eg viruses, phishing emails, etc
- sharing sensitive business information externally without authorisation
- breaching data privacy laws and regulations
An acceptable use policy can help you limit exposure to cyber risks and data breaches, ensure compliance and protect your business' reputation.
What is included in an acceptable use policy?
An acceptable use policy should include:
- a general statement regarding the safe and fair use of email and internet
- code of conduct setting out acceptable user behaviour, eg what websites the users may visit, how they should log on to the network, etc
- details of unacceptable uses, eg violating the privacy of others, accessing or downloading offensive or indecent materials, infringing copyright, libelling or defaming other persons using the business' email system, etc
- guidelines around 'netiquette', ie using appropriate language when emailing
- consequences of breaching the policy
Your acceptable use policy should also state under what circumstances - if any - you might monitor staff email and internet use, and how you will carry out such monitoring. Read about monitoring and security of staff.
The policy should be easy to read, concise and say clearly if you allow staff to use the internet and/or email for their own personal purposes.
Sample acceptable use policies
You can write your own acceptable use policies or customise our sample documents for your business:
For an acceptable use policy to be efficient, you should make staff aware of it, implement monitoring systems and set boundaries for site browsing, downloading, installing of software, data leakage, etc. You should update your policies regularly to meet the changing legal requirements, technologies and threats.