Acceptable use policy
Policies and procedures |
An acceptable use policy (AUP) describes the rights and responsibilities of anyone using resources, such as computers, the Internet, video cameras and so on. It explains the procedures they are expected to follow and makes clear what is considered acceptable behaviour when using it.
You may ask staff, volunteers, clients, trustees and partners to sign your AUP before they are allowed to use your equipment. It should certainly be part of your induction documentation and available on request. If you provide public access it should also be put on paper and posted in prominent places.
What is covered will be dictated by the nature of your equipment, the people using it and your views on what is acceptable. Some examples are:
Introduction
Who theAUP applies to, what it covers, how it is communicated to users.
Disciplinary procedure
What will happen if policy is not followed, how it fits with other disciplinary
procedures.
General computer use
Health and safety issues, safekeeping of hardware, security, food and drink around PCs,
attitude to personal use, installing software, copying software, reporting faults, response times
expected.
File management
How to store documents on local and server drives, good housekeeping, limits on data stored,
security issues, who has permission to access what, how long documents need to be kept for.
Use of email
Which software to use, expected work-related usage, house styles – e.g. html or text,
monitoring by organisation, email etiquette expectations. Acceptable personal use, if any, use of
personal web mail addresses, sending and receiving attachments, anti-social or unacceptable usage,
e.g. passing on chain mail, jokes, links to websites, spam, animations, hoax virus warnings,
etc.
How to avoid spam, use of out-of-office notifications, archiving messages, membership of mailing/discussion lists.
Signature files
Format and content, e.g. name, job title, organisation, address, email and web addresses,
company and charity numbers.
Web and other online usage
Which staff have web access, expected work-related usage, use of site-filtering software or
services, downloading files, large files, streaming audio, acceptable personal use, if any.
Offensive material
Define the expectations of the organisation as much as you can, refer to other policies, such
as equal opportunities and disciplinary procedures, make it clear what the process is and who
decides what is offensive.
Messaging/chat
Use of chat programmes like MSN within the organisation, acceptable personal usage, if
any.
Purchasing procedures
Budget approval procedures, established sources, quotations required.
Online purchasing
Current use of online purchasing, care when purchasing online, procedure for using accounts
or credit cards.
Security
Physical security of building, what is in the inventory, how to report changes and mark
equipment, what is and isn’t covered by insurance policies.
Data protection
Requirements applicable to the organisation under Data ProtectionAct 1998 – see
the next page on data protection
policy.
Passwords
List of logins required for working, procedures for logging in and out of systems, advice on
how to create secure passwords (see box).
Back-ups
Who, when, how, and responsibilities of system users. Disaster recovery plans and
requirements.
Anti-virus
Which software is used and update procedures, how to avoid viruses and what to do if you
think you have one.
Your network
Who is responsible for what, e.g. backing up data, server administration, reviewing users,
licence tracking, equipment auditing troubleshooting, etc.
File management
Where users store documents (e.g. on fileserver or on local machine in My Documents).
Training
Induction details, e.g. introduction to the systems, file management, specialist
software,AUP, identifying training needs, link to other procedures such as supervision and
appraisals, what training can reasonably be expected.
How to create a safe
password
- The best passwords are of at least eight characters, with upper and lower case, at least two numbers and, if possible, special characters such as $ or * (although not all sites accept them).
- Don’t use the names of your family or whole words in English.
- Don’t use the same password for different purposes.
- You could pick a simple word and use numbers to replace specific letters, so that Banana becomes B4n4n4, or Ba6a6a.You can add couple of characters to make it up to eight: %Ba6a6a%.
- You can create patterns on your keyboard, such as Cft6&8ik<.
- You can create passwords from phrases:
- ‘I StruggleTo Remember My Password’ becomes ISTRMP
- Make a sandwich from a number that you will remember. If your birthday is on the 27th it becomes 2ISTRMP7.
- Make the middle letters lower case: 2IStrMP7.
- Put a star at the end for luck: 2IStrMP7*.
- Don’t be afraid to write passwords down but do make sure they’re secure, rather than stuck to your computer screen.
- Even better is to write down a hint, not the password, such as ‘Why I need a password birthday star’.
- Your web browser or operating system may remember passwords for you, but don’t use this option if others can easily log into your computer or you share it with others.
- Seek inspiration by searching in a search engine for ‘better password hints’.