It may feel like a slippery slope developing an acceptable use policy (AUP) for your network- the last thing you want to do is scare off potential customers with harsh languages or confusing policies. Yet, it is essential for you to have the right tools in place to protect yourself and your clients from the bad guys that don’t care about the rules. You will occasionally have to ask a great client to softly fix a problem, and it is important to have those types of things in writing. It’s the only way that you can legally protect your reputation once sources of abuse arise.
With that said, here are a few tips to draft a great acceptable use policy.
SEE ALSO: The Ins & Outs of Network Security
Make Sure All Terms are Enforceable
It may be tempting to write an acceptable use policy that spells out every intricate detail of how you want customers to act on your network. Try to resist this approach for two reasons -
- Too many restrictions may drive away the right types of potential customers.
- If the terms are not enforceable without extreme amounts of effort, then there’s nothing to gain from them.
Remember that an acceptable use policy is a legal, binding contract that each of your users will agree to before accepting service. It’s primary purpose is to protect you from network abuse within your clients’ accounts, so you want to ensure that the language is legally sound and enforceable. Doing so will also protect your other customers and your entire network as well.
Make the Policy Specific to Your Network
Likewise, it may be tempting to grab a generic AUP off the Internet and just throw it into place on your website. That’s rarely a sound option because that document will not represent who you are as a company and the type of behavior you expect from your customers. Now, that doesn’t mean you can’t start with a pre-written AUP or even borrow parts from a competitor, just be sure to modify it so that it fits your network and your services.
Additionally, be sure get rid of the terms that don’t apply to your business model since they will ultimately confuse your users. And if you do choose to “borrow” from another company’s AUP, don’t forget to change their name and contact information within the document. You’d be surprised how often businesses make mistake.
Make One Policy for Usage of All Products
You also want to make sure that you have one acceptable use policy in place that covers all of your different products and services. It creates consistency and saves the confusion that results from having multiple policies - saving your support team from more inquiries.
This consistency is especially valuable as your company grows, so it’s a good idea to have one policy that contains specific language for each of your products.
With that said, that does not mean that you can’t have different rules for different products- just have them all in one place within a single document for clarity.
Do Not Negotiate Customer Modifications
At times, larger customers may come to you and request special provisions within your CUS to fit their requirements. Think twice before accepting those modifications, because you are essentially giving up part of what makes your network secure. For instance, if a customer were to ask to be allowed to send unsolicited email, is gaining that particular client worth risking your entire industry reputation? Hopefully the answer will always be “no”.
If you have a number of customers coming to you frequently requesting the exact same type of modification, then that’s probably a signal to revisit your acceptable use policy. Maybe the language could be made a little clearer or maybe a certain provision is a little too strict- use customer feedback to help you make those decisions.
Do Not Try to Reinvent the Wheel
Now that we’ve mentioned a bunch of things not to do, let’s discuss how you should actually write your acceptable use policy. Feel free to start with an AUP from a similar company that you respect and admire- these are not copyrighted documents and it is acceptable to reference pieces and parts of someone else’s work. It is essential to make it your own though for the reasons we’ve already shared.
Additionally, you’ll want to make sure that the following traits are present-
- It is simple and easy to understand throughout
- It covers all of your main requirements
- Each of your terms are defined (spam, abuse, etc)
- Each line is as short as possible and to the point
As we said earlier, the big key in drafting an acceptable use policy is making it your own and using language that protects you from undesirable offenders. Let us know if you have any additional questions.