Acceptable Use Policy

Introduction

An Acceptable Use Policy (AUP) outlines the acceptable and prohibited behaviors to ensure proper usage and protection of our technology and data.

Scope

This policy applies to all individuals who access organization-provided systems. Whether you’re an employee, contractor, or visitor, these guidelines govern your use of networks, devices, and software.

Enforcement

Violators of policies may lead to discipline up to and including termination. Access to technology may be limited or disabled for violating organization policies and standards.

Policies

Acceptable Use

Organization-provided technology is to be used for business purposes. Personal use of technology is permitted as long as it is incidental and does not disrupt business operations, harm productivity, or result in personal profit.

Unacceptable Use

Users may not use or disclose organization data without authorization.
Users may not connect unapproved devices to the organization's technology.
Users may not use technology to engage in activities that are threatening, discriminatory, defamatory, fraudulent, deceptive, obscene, harassing, or illegal.
Users may not violate the organization's or any third party’s copyright, trademark, proprietary, or other intellectual property rights.
Users may not violate the software licenses of any third party.
Users may not use unapproved third parties. See the {approved_vendors_list}.
Users may not use unapproved software, including personal instances of approved software. See theApproved Software.
Users may not bring organization-provided technology to unapproved countries. See the {approved_countries_list}.
Users may not bypass or disable security controls on technologies unless a part of their job function.
Users may not intentionally spread malware or cause harm to the performance of any technology.
Users may not use technology to solicit for non-organizational purposes.
Users may not conduct activity that disrupts the performance of technology.

Mandatory Behavior

Users are required to immediately report security events, suspicious activity, and lost devices to {incident_contact_information}.
Users must review and comply with the.
Users must review and comply with theData Policy.
Users must complete mandatory training by their specified deadlines.
Users may not use shared, generic, guest, anonymous, emergency, or temporary accounts without explicit approval.
Users may not access accounts and technologies without permission.
Users must ensure the physical security of their devices by attending to them at all times, and they must not be checked in transportation carrier luggage systems.
Users must lock devices when they are not being used.
Users may not share their passwords, pins, and multi-factor authentication tokens with anyone.
Users may not insecurely store or send passwords.
Users may not use the same password across personal and professional accounts.
Users must attribute work generated from technology like Artificial Intelligence.
Users must promptly return assigned IT equipment upon request or when separating from the organization.
Users must not store data on a non-organizational issued device or with a third-party file storage service that has not been approved for such storage by the organization.

Other Notices

Users are responsible for the quality of work (including when leveraging technology like AI).
Users are responsible for periodically reviewing policies for updates.
Users are responsible for contacting the policy owners with questions or concerns regarding complying with organizational policies.
User activity is subject to monitoring when accessing organization-provided technologies.
User access to technology may be limited or disabled for violating organization policies and standards.
Data created on organization-provided technologies is solely owned by the organization.

Acknowledgment and Agreement

I, ___________________, acknowledge that I have received, read, and understand the Organization's Acceptable Use Policy and agree to comply with its terms. I understand that a violation of this Policy may subject me to discipline, up to and including termination of my employment for just cause

Name:___________________

Signature:___________________

Date: ___________________

PreviousStyle Guide NextHuman Resource Policy

Last updated 1 year ago

Policies

Acceptable Use

Organization-provided technology is to be used for business purposes. Personal use of technology is permitted as long as it is incidental and does not disrupt business operations, harm productivity, or result in personal profit.

Unacceptable Use

Users may not use or disclose organization data without authorization.

Users may not connect unapproved devices to the organization's technology.

Users may not use technology to engage in activities that are threatening, discriminatory, defamatory, fraudulent, deceptive, obscene, harassing, or illegal.

Users may not violate the organization's or any third party’s copyright, trademark, proprietary, or other intellectual property rights.

Users may not violate the software licenses of any third party.

Users may not use unapproved third parties. See the {approved_vendors_list}.

Users may not use unapproved software, including personal instances of approved software. See theApproved Software.

Users may not bring organization-provided technology to unapproved countries. See the {approved_countries_list}.

Users may not bypass or disable security controls on technologies unless a part of their job function.

Users may not intentionally spread malware or cause harm to the performance of any technology.

Users may not use technology to solicit for non-organizational purposes.

Users may not conduct activity that disrupts the performance of technology.

Mandatory Behavior

Users are required to immediately report security events, suspicious activity, and lost devices to {incident_contact_information}.

Users must review and comply with the.

Users must review and comply with theData Policy.

Users must complete mandatory training by their specified deadlines.

Users may not use shared, generic, guest, anonymous, emergency, or temporary accounts without explicit approval.

Users may not access accounts and technologies without permission.

Users must ensure the physical security of their devices by attending to them at all times, and they must not be checked in transportation carrier luggage systems.

Users must lock devices when they are not being used.

Users may not share their passwords, pins, and multi-factor authentication tokens with anyone.

Users may not insecurely store or send passwords.

Users may not use the same password across personal and professional accounts.

Users must attribute work generated from technology like Artificial Intelligence.

Users must promptly return assigned IT equipment upon request or when separating from the organization.

Users must not store data on a non-organizational issued device or with a third-party file storage service that has not been approved for such storage by the organization.

Other Notices

Users are responsible for the quality of work (including when leveraging technology like AI).

Users are responsible for periodically reviewing policies for updates.

Users are responsible for contacting the policy owners with questions or concerns regarding complying with organizational policies.

User activity is subject to monitoring when accessing organization-provided technologies.

User access to technology may be limited or disabled for violating organization policies and standards.

Data created on organization-provided technologies is solely owned by the organization.

Acknowledgment and Agreement

Name:___________________

Signature:___________________

Date: ___________________