Acceptable Use Policy (AUP)

Security+ 🏆 • Security Operations 🛡️ • Difficulty: free

Definition

An Acceptable Use Policy sets the rules for how employees, contractors, and guests may use an organization’s IT systems and data—what is allowed, what is prohibited, and the consequences for misuse.

Examples

Employees must use company email for business, avoid personal cloud storage for work files, and accept that emails may be logged and reviewed.
BYOD phones are permitted only if enrolled in the company’s MDM; copying customer data to personal apps is prohibited.

Discover 🔎

An Acceptable Use Policy is the plain-language guide that explains how to behave on company systems. It protects people and the organization by setting expectations up front: which devices and services you may use, how to handle data, what the privacy and monitoring rules are, and what happens if the rules are broken. Because it is read and signed by everyone, an AUP turns security from guesswork into understood norms.

Open the interactive lesson Browse more topics

Tip: The interactive version includes progress tracking, decks, and premium deep dives.