Acceptable use policy

From Wikipedia, the free encyclopedia

[hide]This article has multiple issues. Please help improve it or discuss these
issues on the talk page. (Learn how and when to remove these template messages)

This article needs additional citations for verification. (August 2012)

This article possibly contains original research. (February 2009)

An acceptable use policy (AUP), acceptable usage policy or fair use policy, is a set
of rules applied by the owner, creator or administrator of a network, website, or service, that restrict
the ways in which the network, website or system may be used and sets guidelines as to how it
should be used. AUP documents are written
for corporations,[1] businesses, universities,[2] schools,[3] internet service providers (ISPs),[4] and
website owners,[5] often to reduce the potential for legal action that may be taken by a user, and often
with little prospect of enforcement.
Acceptable use policies are an integral part of the framework of information security policies; it is
often common practice to ask new members of an organization to sign an AUP before they are given
access to its information systems. For this reason, an AUP must be concise and clear, while at the
same time covering the most important points about what users are, and are not, allowed to do with
the IT systems of an organization. It should refer users to the more comprehensive security policy
where relevant. It should also, and very notably, define what sanctions will be applied if a user
breaks the AUP. Compliance with this policy should, as usual, be measured by regular audits.
In some cases a fair usage policy applied to a service allowing nominally unlimited use for a fixed
fee simply sets a cap on what may be used, intended to allow normal usage but prevent what is
considered excessive. For example, users of an "unlimited" broadband Internet service may be
subject to suspension, termination, or bandwidth limiting for usage which is "continually excessive,
unfair, affects other users' enjoyment of the broadband service, or is not consistent with the usage
typically expected on a particular access package".[6] The policy is enforced directly, without legal
proceedings.

Contents
[hide]

1Terminology
2Common elements of AUP statements
3Enforceability
4See also
5References
6External links

Terminology[edit]
AUP documents are similar to and often serve the same function as the Terms of Service document
(e.g., as used by Google Gmail and Yahoo!), although not always. In the case of IBM.com for
instance, the Terms of Use are about the way in which IBM presents the site, how they interact with
visitors of the site and little to no instruction as to how to use the site.
In some cases, AUP documents are named Internet and E-mail Policy, Internet AUP, Network AUP,
or Acceptable IT Use Policy. These documents, even though named differently, largely provide
policy statements as to what behavior is acceptable from users of the local network/Internet
connected via the local network.

The examples and perspective in this article deal primarily with the United
Kingdom and do not represent a worldwide view of the subject. You
may improve this article, discuss the issue on the talk page, or create a new
article, as appropriate. (October 2013) (Learn how and when to remove this template
message)

Common elements of AUP statements[edit]

This section's use of external links may not follow Wikipedia's policies or
guidelines. Please improve this article by
removing excessive or inappropriate external links, and converting useful links
where appropriate into footnote references. (October 2016) (Learn how and when to
remove this template message)

In general, AUP statements/documents often begin with a statement of the philosophy of

the sponsoring organization and intended reason as to why Internet use is offered to the users of
that organization's network. For example, the sponsoring organization adopts a philosophy of self-
regulation and offers the user connection to the local network and also connection to the Internet
providing that the user accepts the fact she/he is going to be personally responsible for actions taken
when connected to the network or Internet. This may mean that the organization is not going to
provide any warning system should the user contravene policy, maintaining that it is up to the user to
know when his/her actions are in violation of policy. Often Acceptable Use Policy documents provide
a statement about the use of the network and/or Internet and its uses and advantages to the
business, school or other organisation sponsoring connection to the Internet. Such a statement may
outline the benefit of email systems, ability to gain information from websites, connection with other
people through the use of instant messaging, and other similar benefits of various protocols
including the relatively new VoIP services.
The most important part of an AUP document is the code of conduct governing the behaviour of a
user whilst connected to the network/Internet. The code of conduct may include some description of
what may be called netiquette which includes such items of conduct as using appropriate/polite
language while online, avoiding illegal activities, ensuring that activities the user may embark on
should not disturb or disrupt any other user on the system, and caution not to reveal personal
information that could be the cause of identity theft.
Most AUP statements outline consequences of violating the policy. Such violations are met with
consequences depending on the relationship of the user with the organisation. Common actions that
schools and universities take is to withdraw the service to the violator and sometimes if the activities
are illegal the organization may involve appropriate authorities, such as the local police. Employers
will at times withdraw the service from employees, although a more common action is to terminate
employment when violations may be hurting the employer in some way, or may
compromise security. Earthlink, an American Internet service provider has a very clear policy relating
to violations of its policy. The company identifies six levels of response to violations:

issue warnings: written or verbal

suspend the Member's newsgroup posting privileges
suspend the Member's account
terminate the Member's account
bill the Member for administrative costs and/or reactivation charges
bring legal action to enjoin violations and/or to collect damages, if any, caused by violations.
Central to most AUP documents is the section detailing unacceptable uses of the network, as
displayed in the University of Chicago AUP. Unacceptable behaviours may include creation and
transmission of offensive, obscene, or indecent document or images, creation and transmission of
material which is designed to cause annoyance, inconvenience or anxiety, creation
of defamatory material, creation and transmission that infringes copyright of another person,
transmission of unsolicited commercial or advertising material and deliberate unauthorised access to
other services accessible using the connection to the network/Internet. Then there is the type of
activity that uses the network to waste time of technical staff to troubleshoot a problem for which the
user is the cause, corrupting or destroying other user's data, violating the privacy of others online,
using the network in such a way that it denies the service to others, continuing to use software or
other system for which the user has already been warned about using, and any other misuse of the
network such as introduction of viruses.
Disclaimers are often added in order to absolve an organisation from responsibility under specific
circumstances. For example, in the case of Anglia Ruskin University a disclaimer is
added absolving the University for errors or omissions or for any consequences arising from the use
of information contained on the University website. While disclaimers may be added to any AUP,
disclaimers are most often found on AUP documents relating to the use of a website while those
offering a service fail to add such clauses.
Particularly when an AUP is written for a college or school setting, AUPs remind students (or when
in the case of a company, employees) that connection to the Internet, or use of a website, is a
privilege, as demonstrated in the Loughborough University's Janet Service AUP and not a right.
Through emphasising this "privilege" aspect, Northern Illinois University then make the connection
that any abuse of that privilege can result in legal action from the University.
In a handbook for writing AUP documents, the Virginia Department of Education indicate that there
are three other areas needing to be addressed in an AUP:

a statement that the AUP is in compliance with state and national telecommunication rules and
regulations
a statement regarding the need to maintain personal safety and privacy while accessing the
Internet
a statement regarding the need to comply with Fair Use Laws and other copyright regulations
while accessing the Internet
Through a cursory reading of AUP statements found by a Google Search the variation of the
inclusion of these items in AUP documents is highly variable. However, those statements in a school
or university setting are more likely to include a statement to address at least the "personal safety"
issue.

Enforceability[edit]
Example:
6.3 This Policy shall be governed by the laws of England and the parties submit to the exclusive
jurisdiction of the Courts of England and Wales.
Due to the many jurisdictions covered by the Internet, the AUP document needs to specify the
jurisdiction, which determines the laws that are applicable and govern the use of an AUP. Even if a
company is only located in one jurisdiction and the AUP applies only to its employees, naming the
jurisdiction saves difficulties of interpretation should legal action be required to enforce its
statements.
AUP can be effectively enforced with Content and URL filters.
 Acceptable Use Policies
An acceptable use policy (AUP) is a policy that outlines, in writing, how a school or district
expects its community members to behave with technology. Similar to a Terms of Service
document, an AUP should define publicly what is deemed acceptable behavior from users
of hardware and information systems such as the Internet and any applicable networks.

Many schools address both acceptable and unacceptable online behavior in their AUPs
not only prohibiting certain behavior (for example, plagiarism, pirating, visiting non-school
related sites, etc.), but also defining positive goals for incorporating technology into the
school day. Additionally, AUPs also can help comply with E-rate requirements set forth by
the Childrens Internet Protection Act (CIPA). (See our E-rate Toolkit)

Todays educators have the tough job of maintaining the delicate balance of protecting
students while providing access to the digital world. Educators need to be comprehensive
yet not limiting when creating a stimulating but safe learning environment. An AUP is a first
step in framing these opportunities.

Remember, though that even if your AUP is School Board approved, it is only as strong as
your commitment to enforce it. An AUP needs the schools whole community support
(including students), as it can come into play when well-intentioned filters and monitoring
systems fail.

Guidelines

While there is no set blueprint for writing AUPs, there are some universal guidelines for
crafting them. Here are some suggestions:

Research whether your state has an AUP that your district/school can use or adapt.
Create a committee of stakeholders who will write your AUP.
Begin with a statement of your vision, philosophy, or mission to frame the intent of your
AUP. How is this technology and access a benefit to students, and what are the strategies
that are in place to support such positive growth?
Outline how the AUP supports or ties into any existing Code of Conduct. You should be
addressing ethical issues as well as legal responsibilities.
Define clearly what is acceptable use and what is unacceptable use.
Include strong undertones of shared responsibility and ownership.

Delineate the need for safety and privacy.

Outline consequences of violating what rules/expectations are set forth.
Consider whether you want to add any sort of legal disclaimer absolving your school/district
from any illegal or otherwise inappropriate usage.
Contemplate whether you need a statement about how you are complying with existing
policies (e.g., bullying), state or national telecommunication rules and regulations, as well as
fair use and other intellectual property laws.
 Include places for all stakeholders (teacher/administrator, parent/guardian, and student) to
sign and date the AUP.

Cover your bases

Just to make sure you have covered your bases, ask yourself:

How often do you plan to review and revise your AUP? Will it coincide with any technology
plan updates?
Have you used clear language that is free of complicated legalese? Have you defined any
complex terms?
How have you folded the AUP into your overall Code of Conduct?
Does your AUP read like a list of donts or does it highlight the dos as well?
Does your AUP focus on students behaviors versus the devices? One test is to see if the
expectation applies to a non-techy tool like a school textbook or a handwritten note.
Do you need a separate AUP for your staff?
Is the tone of your AUP appropriate for all audiences in your community?
Do you need School Board approval?
Is AUP the right title or would you rather call it a Responsible Use Policy (RUP)?
Does an AUP cover all of your needs, or do you require more, such as a Technology Values
document, an Internet Safety Plan, or Social Media Guidelines (see examples below)?

TOPICS

You may want to consider addressing the following topics:

Use of Network
Internet Safety (privacy, inappropriate content, unwanted contact)
Filtering and Monitoring
Copyright and Ownership of Work
Network Security and Privacy (student data)
Disciplinary Action
Digital Citizenship
Social Media Usage

Now What?

If theres one thing that we heard loud and clear from administrators and teachers who
helped design their schools AUPs, its the importance of open and frequent communication
with the community. Consider different ways that you can be transparent about your
expectations to different stakeholders at your school. Do you want to organize a public
forum to field questions from families? Do you want to hold in-services for teachers and
staff? Perhaps you want to create activities or assignments for students to ensure that they
 fully understand the content and implications of your AUP. Whatever you choose, continue
to invite families into discussions so that there is a mutual understanding and commitment
to upholding your AUP.

Samples

We truly recognize that all schools are unique, hence the difference in the details of AUPs.
Knowing that imitation is the sincerest form of flattery, these schools have shared their well-
thought out AUPs with us and with you:

Cape Elizabeth AUP

The Nueva School AUP
Hillbrook School AUP
Campbell Hall Technology Values & AUP
NYC DOE Social Media Guidelines

These AUPs are specimens only and may not be suitable to each user.

Additional Resources

Visit these sites for more resources and information regarding AUPs:

Fitzer, Kim, and Jim Peterson. "An Educator's Guide to Enforcing Acceptable Use
Policies." An Educator's Guide to Enforcing Acceptable Use Policies. University of Illinois at
Urbana-Champaign, 7 Aug. 2002. Web. 12 Mar. 2013.

"Educational Technology." Educational Technology. State of Washington - Office of

Superintendent of Public Instruction, n.d. Web. 12 Mar. 2013.

"Acceptable Use Policies - NetCitizens." Acceptable Use Policies - NetCitizens. NetCitizens,

n.d. Web. 12 Mar. 2013.

Maderich, Mary. "AUP Best Practices for K-12." Aups. PBWorks, 24 Nov. 2008. Web. 12
Mar. 2013.

Office of Education Technology. "Acceptable Internet Use Policy." VDOE :: Acceptable

Internet Use Policy. Virginia Department of Education, 2012. Web. 12 Mar. 2013.

"AUP Elements.doc" Heartland AEA - Iowa Area Education Agencies, n.d. Web. 12 Mar.
2013.

"Rethinking Acceptable Use Policies to Enable Digital Learning." Web 2.0/Mobile AUP
Guide. Consortium for School Networking (CoSN), Mar. 2013. Web. 12 Mar. 2013.
"Making Progress: Rethinking State and School District Policies Concerning Mobile
Technologies and Social Media." Making Progress. Consortium for School Networking
(CoSN), n.d. Web. 12 Mar. 2013.