Acceptable Use Policy – Definition

Cite this article as:"Acceptable Use Policy – Definition," in The Business Professor, updated May 1, 2019, last accessed October 27, 2020,


Acceptable Use Policy (AUP) Definition

Acceptable Use Policy (AUP) has diverse meanings depending on its context of usage. In this context, it is defined as a guide containing some set of rules that employees must obey while discharging their duties. It is regarded as a document that outlines the behaviors and code on conducts that an organization or an employer accepts. AUP contains policies that guide employees in cases of information technologies in the workplace. It also contain guidelines on how a website or company’s technology is meant to be used. These guidelines protect against computer or technology misuse.

A Little More on What is an Acceptable Use Policy

Whether small or large, organizations make use of a set of technologies to make their services accessible by customers. Employees perform a wide range of tasks as assigned to them by the employee and to do this effectively, policies and guidelines must be put in place especially in the usage of computers. There are a number of hazards and threats that are attributed to the misuse of technologies or computers in an organization. Employees often engage in search of irrelevant items, spam messages and emails with bad contents, watching of pornographies among others. Upon the identification of the threats of internet misuse and abuse, the introduction of AUP has helped organizations manage these threats to a large extent.

AUP erase the concept of confidentiality in employee’s usage of internet, computers and technologies in their workplace and also prohibit unrelated activities on with organization’s internet or computer. Being a remedy for IT abuses and misuse in workplace, there are certain templates or guidelines that AUP should include, they are;

  • Prohibition of download and dissemination of uncouth items such as ponography and materials that are offensive and discriminatory.
  • AUP should clearly indicate what the computer systems in an organization should be used for.
  • It should give a template for emails and messages that are permitted to be sent on the company’s IT system.
  • If the company permits personal use of computer, such should not interfere with the work of the employees.
  • Prohibition of searching, copying and sending confidential or private materials that are not related to the company.
  • Advice for employees on inappropriate usage of IT systems and penalties for such.

Furthermore, a company’s AUP should not just include what a company expects of its employees but should also contain legal sanctions and consequences that erring employees would face.

References for Acceptable Use Policy

Academic Research for Acceptable Use Policy

Acceptable internet use policy, Siau, K., Nah, F. F. H., & Teng, L. (2002). Communications of the ACM, 45(1), 75-79.

•    Reinforcing the security of corporate information resources: A critical review of the role of the acceptable use policy, Doherty, N. F., Anastasakis, L., & Fulford, H. (2011). International journal of information management, 31(3), 201-209.

•   Internet acceptable use policies: Navigating the management, legal, and technical issues., Stewart, F. (2000). Information Systems Security, 9(3), 1-7.

•   Identifying IT user mindsets: acceptance, resistance and ambivalence, Lapointe, L., & Beaudry, A. (2014, January). In 2014 47th Hawaii International Conference on System Sciences (HICSS) (pp. 4619-4628).

•    Management of acceptable use of computing facilities in the public library: avoiding a panoptic gaze?, Gallagher, C., McMenemy, D., & Poulter, A. (2015). Journal of Documentation, 71(3), 572-590.

•    Evaluating Australian social media policies in relation to the issue of information disclosure, Pallegedara, D., & Warren, M. (2014).

ICE: information center expert: a consultation system for resource allocation, Heltne, M. M., Vinze, A. S., Konsynski, B. R., & Nunamaker Jr, J. F. (1988). ACM SIGMIS Database: the DATABASE for Advances in Information Systems, 19(2), 1-15.

Measures for improving information security management in organisations: the impact of training and awareness programmes., Waly, N., Tassabehji, R., & Kamala, M. A. (2012, March). In UKAIS (p. 8).

•    Corporate financial communication and the internet: manipulating investor audiences?, Guillamón-Saorín, E., & Martínez-López, F. J. (2013). Online information review, 37(4), 518-537.

An Overview of Information Management and Information Managers, Bent, D. (2013, November). In Proceedings of the Annual Conference of CAIS/Actes du congrès annuel de l’ACSI.


Was this article helpful?