2. Clear Ownership, but Blurred Use
Organizational IT resources should be used only for the purposes
that they are provided for
Increasingly organizations are allowing users to use cooperate
resources for personal use & vice versa
COPE vs. BYOD
What is acceptable & what’s not are getting blurred
Organizations should have the right to inspect all data stored on
or communicated via organizational resources without invading
privacy of users 2
3. Acceptable Use Policy (AUP)
Defines what’s acceptable & what’s not
States the purpose why resources are provided
It sets guidelines as to how computers, network, website, or
system may be used
It restrict the ways in which those resources may be used
Defines the consequences of violating the rules of conduct
Ensure compliance 3
4. Process
Initiate & Establish Structure
Review & Research
Preparation of Draft Policy
Circulation & Consultation
Ratification & Communication
Implementation
Monitoring
Review, Evaluation & Revision 4
Source: www.webwise.ie/teachers/acceptable-use-policy/how-to-
develop-an-acceptable-use-policy-2/
5. Initiate & Establish Structure
Define the teams who are responsible for preparation of AUP &
approval of it
Define policy scope
Typically developed under the IT Council
Approved by IT Advisory Board and/or CIO Board
5
6. Review & Research
Develop an inventory of computers, network, websites, or
systems may be used
Consider both in-house & outside resources that users have access to
Laptops, tablets, smartphones, Wi-Fi, e-Mail, Voice mail, Enterprise social
networking platforms, cooperate accounts
Identify types personal devices & resources they access/connect
Determine pros & cons of covering these in UAP or a separate policy such
as BYOD
6
7. Draft Policy Content
Establish purposes for providing resources
Define resources covered under AUP
Define what is non-business use
State the right to inspect & monitor
State what is monitored, how, & under what circumstances
State restrictions on solicitation
State relevant laws & consequences of violation
Contact information for clarifications & feedback
7
8. Process (Cont.)
Circulation & Consultation
Share with stakeholders
Solicit feedback
Ratification & Communication
Obtain approval
Then communicate to all
stakeholders
Implementation
Phased enforcement
Monitoring
Regular (automated) checks
Identify any overlooked issues
Review, Evaluation & Revision
Evolve as technology & use
evolve
Cover missing pieces
8
Editor's Notes
Restrictions on solicitation – No political campaigns, fund raising