What is an acceptable use policy and what should it cover?

An acceptable use policy, or AUP, defines how employees and authorized users may use organizational IT resources including computers, networks, email, internet access, and mobile devices. It should cover permitted and prohibited uses, personal use guidelines, social media conduct, email and messaging standards, software installation restrictions, data handling requirements, monitoring and privacy expectations, password requirements, consequences for violations, and acknowledgment that the user has read and understands the policy.