Acceptable Use Policies: An Explainer

Mar 17, 2021
Reading Time: 3 minutes
Written by Mahima Bhindi

Key takeaways

  • Acceptable use policies are used to set expectations in the workplace. These include monitoring employee communications, acceptable use of IT networks at work and accessing confidential information.
  • The policies should include what employee expectations are surrounding these areas of workplace technology use as well consequences for breach
  • It reduces the company’s liability if an employee has committed a breach but was already aware of acceptable use of company technology
  • An extra precaution is the implementing of additional training to prevent unacceptable use

What are acceptable use policies?

Acceptable Use Policies are documents that outline the accepted use of a company’s IT systems. This includes an employees access to confidential data and information. The use of this policy means employees are going to be aware of the company’s expectations regarding the acceptable use of workplace technology as well as the monitoring of employee communications. Acceptable use policies are sometimes also known as IT policies.

What should I include in an acceptable use policy?

Before you begin writing an acceptable use policy it is important to consider what the company would like employees to be aware of. Utilising ideas from different departments such as IT, legal, security and also human resources (HR) can help with this. This will also help in making sure it is not too vague nor infringing on employees rights. Departments can make unanimous changes to drafts before you finalise the policy Ultimately, these are the main things that should be included in your company’s policy:

  • Electronic Communications (the monitoring of work messaging apps, emails etc)
  • Confidentiality (what data and information must remain private)
  • Use of networks
  • What behaviour is acceptable?
  • What behaviour is unacceptable?
  • The use of personal devices to access workplace systems
  • In the event of a breach of any of the above, what course of action will be taken?

Overall, you want to make sure that you are creating a document that outlines all of the expectations surrounding the appropriate use of workplace technology and handling confidential data. This document will enable employees to understand the behaviours and expectations from the business. If the company is transparent about monitoring employee communication then there will be no nasty surprises in the long run. Furthermore, the policy will better protect the legal interests of the business in the event of a breach or legal audit.

The policy will need to be communicated to all employees once finalised. Employees should read and understand the acceptable use policy and ask clarifying questions if they do not understand. This ensures everyone both accepts and acknowledges what is the expected appropriate behaviour. They will need to sign it and this will need be stored in a secure environment for future access.

Benefits of acceptable use policies

So now you’ve written or are in the stage of writing an acceptable use policy. What are the benefits?

Creating and implementing an acceptable use policy mitigates significantly against the risk of potential threats that employees might face. These include scam emails, hackers and other cyber threats. Employees can anticipate these issues much better.

Additionally, as mentioned above, if the company has a transparent policy dictating what is acceptable and unacceptable behaviour then legal action against a company is significantly reduced. This allows the workplace to be better trained and more aware of their obligations.

Is an acceptable use policy enough to protect the interests of the workplace?

As well as the use of this policy, you must ensure you are providing employees with additional training about the use of workplace technology. For instance, you can teach them about the risk of spam emails and calls and who to report spam to. This provides an additional layer of training that employees will use and remember when accessing emails, confidential data and other forms of communication. Relying on the acceptable use policy alone to teach employees about how to use workplace system can be reckless and lethargic.

For more information on other workplace policies your company may need, click here.

Popular Guides

Get the latest news

By clicking ‘Sign up to newsletter’ you are agreeing to the Lawpath Terms and Conditions

You may also like


Create and access documents anytime, anywhere

Sign up for one of our legal plans to get started.