Acceptable use Policy (ISO27001)

by Elina D

As organisations increasingly rely on digital systems and services, it is important to have an acceptable use policy (AUP). An AUP defines what users can and cannot do with the organisation's IT resources. It is one of the critical components of the ISO 27001 standard, a widely recognised information security management system (ISMS). This blog post will look at what an AUP is, why it's important, and how it can help your organisation. The exact contents of an AUP will vary from one organisation to another, but some common elements are typically included. For example, most AUPs will address the following topics:

  • Prohibited activities: These are activities that are not allowed under any circumstances. Examples might include accessing or disclosing confidential information without authorisation, downloading or installing unauthorised software, or sending spam emails. These are activities that are not allowed under any circumstances. Examples might include accessing or disclosing confidential information without authorisation, downloading or installing unauthorised software, or sending spam emails.
  • Permitted activities: These are activities that are allowed under specific conditions. For example, users might be permitted to access certain websites for work-related purposes only. Or they may be permitted to send personal emails, but only during certain times of the day.
ISMS Acceptable Policy

How employers can better enforce the Acceptable use policy

  • Increase awareness of your policies- Users frequently glance over an AUP without fully comprehending its contents. As a result, the provisions of your AUP should also be included in your employee handbook. You should also ensure that all staff is aware of the policies. This could be done during the onboarding process or as a yearly AUP review.
  • Create a plan rectifying issues- Employees are more inclined to follow your guidelines if they know there are real consequences for breaking your AUP. Have a clear policy for what will happen if an employee is detected accessing the network inappropriately.
  • Use simple language and formatting- Instead of complicated legal jargon, write your AUP in plain English for your staff to understand. A contract lawyer can assist you in creating a document that is simple to understand while still covering all of your bases. Make sure it's in a legible format in addition to the actual wording. Make distinct sections for each topic. Long paragraphs are far more challenging to read than bullet points and brief words.
  • Test your employee's knowledge- After employees have reviewed the policy, have them take a quiz to see how well they understand it. Allowing students to know that they will be required to take a short quiz will encourage them to read the entire AUP. Be willing to explain any aspect of the AUP so that your staff may trust the information included inside.

Benefits of an Acceptable Use Policy

There are many benefits to having an acceptable use policy, including:

1. Protecting Your Intellectual Property

One of the most important benefits of an acceptable use policy is that it protects your intellectual property. If you do not have a policy, then anyone can use your intellectual property without permission. This could lead to someone else selling similar products or using your trademark in a way that violates your trademark rights. By having a policy in place, you can control how your intellectual property is used and ensure that it is only used in ways that benefit your company.

2. Reducing Infringement Claims

Another benefit of an acceptable use policy is that it can help reduce infringement claims. If someone infringes on your intellectual property, you may be able to file a lawsuit against them. However, if you have an acceptable use policy in place, the infringing party may not be able to claim that they did not know that their actions were infringing. This could save you time and money by avoiding a lawsuit.

3. Improving Employee productivity

An acceptable use policy can also improve employee productivity. For example, if employees use company resources for personal reasons, they may not be as productive as they could be. Having a policy in place makes it clear that company resources should only be used for work-related purposes. This can help improve employee productivity and help your business run more efficiently.

ISMS Acceptable Policy

How to Write an Acceptable Use Policy

When writing an acceptable use policy, your organisation's specific needs must be kept in mind. You'll want to tailor your AUP to fit your company's unique culture and values. Additionally, you'll want to ensure that your AUP is clear and concise so that all employees can understand and follow it. Here are some tips for writing an effective AUP:

  • Include a statement of purpose: Begin your AUP by explaining why it exists and what it aims to accomplish. This will help employees to understand the importance of adhering to the policy.
  • Define acceptable and prohibited use: Be clear about what activities are considered good under the policy and which are not. This will help employees to know what is expected of them.
  • Include consequences for violation: Specify what will happen if an employee violates the AUP. Disciplinary action, up to and including termination, may be taken.
  • Make the policy easily accessible: Place the AUP in a location where all employees will be able to find it and review it regularly. You may also want to link the policy to your company's intranet or website.
  • Employee responsibilities: As an employee, you have specific responsibilities to your employer. These responsibilities include obeying company policies, completing work duties, and cooperating with co-workers. While you are entitled to certain rights as an employee, you also must fulfil your responsibilities to keep your job and maintain a positive working relationship with your employer.
  • Include Intellectual Property Rights: One of the most important benefits of an acceptable use policy is protecting your intellectual property. If you do not have a policy, then anyone can use your intellectual property without permission. This could lead to someone else selling products like yours or using your trademark in a way that violates your trademark rights. By having a policy in place, you can control how your intellectual property is used and ensure that it is only used in ways that benefit your company.
  • Management responsibilities: Management ensures that the acceptable use policy meets these criteria. They should review the policy regularly to ensure it remains up-to-date and relevant. Also, management should ensure that the policy is communicated clearly to employees.


Featured product

Get instant access to all the ready to use and fully editable templates on our website.