The Purpose of AUP and the Description of a Selected AUP
The establishment and maintenance of acceptable use policies (AUP) is a common practice in many different organizations. The major purpose of the policies covering acceptable use is to outline rules concerning the exploitation of company resources and information technologies in particular. To be more precise, acceptable use usually includes the rules that guide the management of access to the Internet in the workplace, the management of passwords, and information security.
The ultimate goal of AUPs for organizations is to educate their employees about the proper use of resources, the behaviors and practices deemed as acceptable and unacceptable in regard to organizational goals, culture, and standards (Greene, 2014). This policy is also common in educational institutions where it is needed in order to regulate the use of information technologies that belong to schools and are kept on their territories.
In that way, an acceptable use policy represents an agreement between the users and the providers of resources in organizations. In particular, this policy covers such technologies as computers, mobile devices, software, laptops, fax machines and printers, memory cards and flash drives, network bandwidth, and the Internet in general (Wieland & Pitt, 2013). In that way, the policy can be rather lengthy and include many aspects. As an alternative, a company may choose to have several different policies governing specific aspects of work and kinds of property. Developing a policy it is important to take into account several educational, legal, and policy considerations (Williamson & Johnston, 2013).
The acceptable use policy selected for this assignment is the one published by Princeton University. The policy is brief and does not contain many points. In the policy statement, it is clearly mentioned to whom this policy applies and which resources it covers. The points of this policy entitled “Prohibited Use” and “Political Use” specify the views of Princeton University and ensure that the users of technologies provided by this organization maintain integrity with its culture (Princeton University, 2017).
At the same time, the policy states that all resources that can be accessed on the territory of the University and provided to its authorized users are fully available for institutional use. Personal use is limited. As for the issue of confidentiality, the policy says that the organization keeps its right to access any kind of information stored or processed using its technologies (Princeton University, 2017). At the same time, students of the University are granted a level of privacy that is higher than that of the University staff (Princeton University, 2017).
Critique of the Selected AUP and Recommendations for Improvement
The acceptable use policy selected for this assignment is focused on the major and most important points. Perhaps, this is the case because this particular policy exists in a set of other related policies. In other words, it is possible that while formulating their AUP, the policymakers of Princeton Undercity decided not to overload their statements with too much information and kept them brief and to the point. As a result, they had no choice but to divide all the necessary information between several policies.
This is why, on the website, it says that the Acceptable Use Policy of the University covers the use of information technologies owned and provided by the organization alongside several other policies. Namely, the other related policies are “Rights, Rules, Responsibilities,” and “The Information Security Policy” (Princeton University, 2017).
As mentioned by Williamson and Johnston (2013), acceptable use policy needs to consider educational aspects. The selected policy does not provide a clear explanation of why the policy is in place and why certain regulations, such as a limited level of privacy for employees, were established. In that way, the addition of this element to the policy statement could serve as an improvement from the perspective on the readers’ understanding of the purpose of this policy.
Compliance with the Policy
Apart from creating a clearly stated and easy to understand acceptable use policy, organizations are also responsible for the development of measures aimed at the achievement of compliance with the outlined rules and regulations. One of the ways to achieve a high level of compliance is to establish fines and punishments that the individuals who violate the policy would face. Moreover, the aforementioned punishments need to be clearly communicated to the members to whom the policy applies. Otherwise, the lack of compliance may occur simply due to the lack of knowledge of acceptable and unacceptable behaviors in the organization.
In order to ensure compliance with its acceptable use policy, the policymakers of Princeton University added a point about punishments to their statement. In particular, in the selected policy, it is said that the University members, staff, or students who violate the presented rules might face such disciplinary actions as expulsion from further study, termination, dismissal from work, and the limitation of network and technology use privileges (Princeton University, 2017). Being informed about the strict measures that the University takes to maintain discipline and adherence to its culture, the employees and students are unlikely to take a risk and violate the rules.
Furthermore, in order to elaborate on the details of compliance with the policy, the University provides a separate document entitled “Guidelines for Compliance with the Acceptable Use Policy” (Princeton University, 2017). This document contains examples of situations in which the violation of the acceptable use policy may occur with the description of kinds of penalties assigned for certain actions. This way, the document helps ensure that the policy is comprehended well by its readers and that the level of compliance is high. Also, the initial AUP informs students and staff members about the privacy limits in order to avoid liabilities and complaints.
Increasing AUP Awareness
In order to increase the awareness of the AUP in the selected organization, the policy is properly disseminated among the people to whom it applies – students and staff members. It has a separate page that contains links to other relevant policies such as “Rights, Rules, Responsibilities,” and “The Information Security Policy.” In addition, the selected AUP is also presented in combination with a detailed guideline designed to help increase compliance and improve the comprehension of the policy. The latter document contains examples of situations and actions regarded as violations, as well as the description of appropriate penalties and punishments.
In that way, the selected policy regulates and covers the actions of staff members and students in regard to the use of information technologies and devices in the territory of the University. It is accompanied by a policy that guides the responsibilities of the University community members, and the policy-focused specifically on information security. Their connection ensures that the dissemination of a single policy from this list will take the readers to the other two, thus creating an increased level of awareness.
References
Greene, S. (2014). Security program and policies: Principles and practices (2nd ed.). New York, NY: Pierson IT Certification.
Princeton University. (2017). Acceptable use policy. Web.
Wieland, J., & Pitt, C. (2013). Essential information security. Zaltbommel, Netherlands: Van Haren.
Williamson, R., & Johnston, H. (2013). The school leader’s guide to social media. London, United Kingdom: Routledge.