There’s an interesting section in the Wikipedia entry for Acceptable Use Policies called “Is an AUP the best approach?” here.
Here’s an excerpt:
In a well respected essay on the topic of AUP documents, Dave Kinnaman, raises the issue as to whether writing and enforcing AUP documents is the right way to approach the governance as to how Internet connections are to be used at school, at work or in people’s own free time.
In this essay he raises the question with the perspective that the Internet is no different from anywhere we use 3rd party property. Do we write a “users guide” to go to a school, or do we write a user’s guide to shopping in the shopping mall? No, and why we do not is because we are educating young adults to behave in certain ways when at the shopping mall, or at school, or in the library.
Businesses should have a good AUP document that, according to visionGateway, a business implementing secure networks for businesses, should cover the business legally in any situation that the business might need to take to protect its interests. Also privacy and individual rights need to be addressed.
So the question is, do we teach our students at school and encourage our employees at work to maintain self-control, or do we explicitly outline acceptable use policies? Possibly both AUPs and self-control can be encouraged and when used together it could bring the best outcome for both organisations and individuals.
I think it’s an interesting question, but in the end your auditors are going to ask for your AUP. If you don’t have one they’ll probably tell you to get one.
What do you think?
