CronLab, the IT content security provider expands its reach in France, Switzerland and Belgium with the signing of a distribution agreement with Cerberis
Read more...
Web Filter Acceptable Use Policy (AUP / Fair Use Policy) Advise
Background
Web Acceptable Use Policies (AUPs) are an important part of upholding information security and compliance at any organisation. It is common to ask new users of an organisation to sign an AUP before they are given access to the web.
An AUP must be clear and concise whilst also covering they key points about what the users are allowed to do and what they are not allowed to do. It should also clearly define what sanctions will be applied if a user breaks the AUP. Compliance with the AUP should be measured by regular audits, such as controlling the logs of the web surfing.
Finally, it is important that every user of the organisation signs the AUP. It could also be helpful to send out regular reminders of the AUP.
Things to think about when writing an AUP
To create buy-in for an AUP it is important that all key stakeholders are involved in creating the policy. This includes senior management, business unit managers, HR, IT, legal as well as interested user groups (in some countries the union).
It is important to know that web filters today are much more sophisticated than they were 10 years ago. Today web filters, such as CronLab’s Hosted Web Filter includes separate access levels for different groups, as well as soft blocks for time restricted use of certain sites, as well as special policies on off-work hours. It should however be noted that even usage during off-hours will represent your company’s image. Nor does off-hours usage lessen the organisation’s legal responsibilities.
It should furthermore be agreed who will be responsible for monitoring and enforcing the AUP, commonly the IT or HR department.
Key elements
Introduction
The introduction should cover the reasons why access to the web is allowed in the organisation and its intended purposes. Particularly when an AUP is written for a college or school setting, AUPs remind students that connection to the internet is a privilege and not a right.
Monitoring
This segment of the policy should outline what monitoring and logging systems are in place, as well as technical restrictions.
Code of conduct
This segment should outline the behaviour that is expected by the user on the web. It would typically also include “netiquette” rules, such as usage of appropriate language on the web whilst also avoiding illegal activities. Additionally, it is helpful if this segment includes a caution not to reveal personal information that could cause identity theft.
Sanctions upon violating the AUP
This segment should very clearly outline what sanctions will be taken within the company if the user violates the AUP, including HR procedures (from further restricting access to the web to verbal or written warnings to even termination of employment). These can be different for the first, second and third violation of the policy. It should also be clearly stated that any illegal activities shall be reported to the local police authorities.
The AUP could also include the organisation’s right to take legal action against the user for abuses. If it does, it should clearly state which jurisdiction should be applicable.
Acceptable uses
This segment should cover work related usage, as well as, if allowed by the organisation, limited private use. If private use of the web is allowed, it should be stated here to what degree that is permitted. Note that access to web sites with CronLab’s Hosted Web Filter can be limited to after-work hours, or to a set number of hours during the week. The filter can also be configured differently for different users, to optimally suit their needs. It should finally also be noted that the filter does allow for group-based white/black lists of sites, that can be specifically tailored to the group’s needs.
Unacceptable uses
This segment should contain information on unacceptable uses of the web. This includes how the user is allowed to communicate as a member of the organisation.
Unacceptable behaviours may include:
- Creation and transmission of indecent, offensive or obscene images or documents including sexual harassment and non-sexual harassment online
- Creation of defamatory material or creation and transition of copyrighted and confidential material
- Transmission of unsolicited commercial or advertising material
- Deliberate unauthorized access to services using the network connection of the organisation
- Waste time on tasks not related to the work the user has been asked to perform
- Misrepresentation; users should make clear that any views opinions expressed online are their own and not the necessarily the views of the organisation
- Violating the privacy of others online, including promoting violence and hate speech
- Usage of the network in such a way that it denies or significantly degrades the service to others
- Corrupting or destroying other users’ data
- Introducing the network to viruses or other malware
Interesting links
- CronLab: Hosted Web Filter
- UK Business Link: Sample IT policies, disclaimers and notices
This document is intended as guidance, but CronLab takes no responsibility of its completeness, accuracy or enforceability. CronLab recommends that any organisation implementing an AUP should have the AUP approved by its legal department as well as by the HR department.
- 2012-03-192012-03-12
CronLab, the award winning IT content security provider, partners with CIDE Interactive to help deliver high tech devices specifically designed with childrens’ online safety and the daily family use in mind.
Read more...Follow us
