A policy that defines how employees may use an organization's systems, devices, and data, and what behavior is prohibited.
An acceptable use policy (AUP) tells people what they can and cannot do with company laptops, accounts, networks, and information. It typically covers passwords, email, internet use, removable media, and personal use of work systems.
Because most incidents involve human behavior, a clear AUP, acknowledged by staff, is a practical control. It also gives the organization a basis for enforcement when rules are broken.
Related frameworks
KaitoSec