Does your email and web Acceptable Usage Policy (AUP) need a refresh? Shoosmiths Solicitors and MessageLabs combine to provide you with some top tips to ensuring your policy is fit for purpose. Click here.
>Refresh Your AUP
>Top Tips to ensure your Acceptable Use Policy is fit for purpose
>By Jonathan Naylor, Employed Barrister at Shoosmiths Solicitors
Now from Symantec>Contents
>Introduction >P1
>Top Tips for an Effective AUP >P1
>Next Steps >P2Introduction
Your organisation will probably have devised and implemented an Acceptable Use Policy ("AUP") some time ago in order to guard against the risks of inappropriate use of computer systems by your workers, but are you confident that your AUP remains "fit for purpose"? This is a landscape in which the threats are constantly changing and you must review your AUP to ensure that it provides a tailored and updated solution.
Are you Top Tips for an Effective AUP confident The following tips are the core elements of any effective AUP: that your AUP . Get the correct coverage remains "fit for purpose"? You should ensure that your AUP covers all individuals that are permitted to have access to your organisation's systems, such as temporary workers, self employed consultants, contractors, home workers and agency staff. You should also consider whether you wish to have a comprehensive policy covering all communications equipment, such as telephones, Blackberries, PDAs, fax machines and CCTV, rather than just email and the Internet.
. Link to your Disciplinary Policy
Make it clear that a breach of the AUP will be dealt with under the organisation's disciplinary procedure. Be clear about what constitutes inappropriate usage, giving examples such as viewing offensive material, downloading software without authority or sending chain or junk emails. Highlight that in serious cases, breach of the AUP will be deemed to be gross misconduct and may lead to summary dismissal. Give examples of what would constitute gross misconduct, e.g. accessing pornographic material, making defamatory statements about any person or organisation, on line gambling or breaching copyright or confidentiality.
. Who is responsible for the AUP?
Ensure that you designate a senior member of the organisation to be responsible for the AUP. This person can then lead the implementation, and any necessary review, of the AUP.
. Train your managers and staff
It is not enough to have devised the AUP and distributed it. Staff must understand how it applies to them and managers must appreciate how to implement the AUP. Having an AUP but failing to give line managers sufficient confidence or knowledge to enforce it is a common problem.
. Make sure that the AUP is non-contractual
It should be stressed that the AUP, while a corporate policy that must be followed, does not form part of any employee's contract of employment. This will allow your organisation to amend the Policy without the employee's consent if required.
1. Security provisions
Guidance should be given to workers regarding the secure use of the organisation's computers, such as good password use, locking PC's when a worker is away from their desk and security of lap tops, PDAs or Blackberries when travelling.
. Explain why monitoring is taking place
Employers have If workers understand the potential risks to themselves and to the business as a whole, they are more likely to accept the monitoring that a responsibility is adopted. While it is a challenge for employers to persuade members of to prevent staff that monitoring usage is necessary to protect workers as much as anything else, there is no doubt that inappropriate use of email and the misuse Internet presents significant risks. Having given workers access to these applications, employers have a responsibility to prevent misuse (and, in doing so, protect employees from the risks associated with such misuse) wherever possible.
. Good guidance for email usage and etiquette
For example, this might include setting parameters as to how frequently during a working day workers should access their email and respond to requests. You should also set out that abusive, obscene, discriminatory, racist, harassing, derogatory or defamatory messages will not be permitted.
. Set boundaries on personal use
Organisations can take different views regarding the possible limits on personal use of email and the Internet. Will you allow usage only during breaks, after working hours, or at any time provided the amount is re... [download for more]
