Writing Policies Lab Understand Policy Requirements

Learning objective: By the end of this lesson, students will be able to analyze the specific requirements and goals that should shape an Acceptable Use Policy based on a given scenario and stakeholder needs.

What is an Acceptable Use Policy (AUP)?

In this exercise, you’ll dive into the requirements and objectives that will shape your Acceptable Use Policy.

Review the provided scenario and stakeholder needs for the Acceptable Use Policy (AUP).

• Scenario: You are the IT Manager at a mid-sized software company. The company has recently experienced several incidents of inappropriate use of tech resources, including data breaches caused by employee negligence. Leadership has asked you to draft an AUP to mitigate these risks.

• Stakeholder needs:

  • Legal: Ensure the policy complies with relevant laws and regulations.
  • HR: The policy should align with the company’s code of conduct and disciplinary procedures.
  • IT: The policy must cover key security practices and acceptable use guidelines for all tech resources.
  • Employees: The policy should be clear, understandable, and not overly restrictive.

Before you begin, you should research best practices and examples of AUPs. Here are some resources to guide your research:

• SANS Institute: Policy Template Examples
• Office of Innovative Technologies: Understanding Acceptable Use Policies (AUPs)

Based on the scenario, stakeholder needs, and your research, list the key requirements and objectives for your AUP.

• What main topics should it cover?
• What specific guidelines are needed?