An acceptable usage policy (AUP) is a set of rules applied by network and website owners which restrict the ways in which the network or site may be used. AUP documents are written for corporations, businesses, universities, schools, and website owners often to reduce the potential for legal action that may be taken by a user.

Acceptable usage policies are also integral to the framework of information security policies; it is often common practice to ask new members of an organisation to sign an AUP before they are given access to its information systems. For this reason, an AUP must be concise and clear, while at the same time covering the most important points about what users are, and are not, allowed to do with the IT systems of the organisation. It should refer users to the more comprehensive security policy where relevant. It should also, and very notably, define what sanctions will be applied if a user breaks the AUP. Compliance with this policy should be measured by regular audits.

Edit