Drafting an Acceptable Use Policy, also called an Authorized Use Policy (AUP) for your network, can be tricky. You don’t want to scare off potential customers with harsh language or confusing policies. However, having the right published policy (terms of service) is essential to protect yourself and your clients from bad actors who don’t respect the rules.
Sometimes, you may need to ask a great client to fix a problem, and having those requests in writing is important. Also, an AUP is critical to support your termination for cause, prevent legal issues, or protect your reputation once legal issues arise.
Here are a few tips for drafting a great AUP:
- Don’t try to reinvent the wheel.
- Make your AUP specific to your network.
- Create one policy that covers all of your products and services.
- Make sure all the terms in your AUP are enforceable
- Don’t negotiate customer modifications.
- Have a system that lets you act on violations of your AUP quickly.
See also: The Ins & Outs of Network Security
Do not try to reinvent the wheel.
Now that we have covered what to avoid, let’s discuss how to write an AUP.
Make sure that your AUP has the following traits:
- It is simple and easy to understand.
- It covers all your main requirements.
- Each of your terms is defined, such as spam and abuse.
- Each line is as concise and to the point as possible.
It’s not unusual for companies to look at an AUP from a similar company that they respect and admire since authorized use policies are not copyrighted. It is common to see someone reference someone else’s work, but making your AUP your own is essential for the reasons we’ve already shared.
When was the last time you looked at the AUPs of peers in your same market?
Make your AUP specific to your network.
Using a generic AUP from the internet and placing it on your website is an easy solution. However, it’s rarely a good idea because that document won’t represent your company or the behavior you expect from your customers. While starting with a pre-written AUP or borrowing parts from a competitor is not out of the question, modifying it to fit your network and services.
Additionally, removing any terms that don’t apply to your business model is important. Including irrelevant terms will ultimately only confuse your users. If you choose to “borrow” from another company’s AUP, don’t forget to change their name and contact information within the document. Surprisingly, many businesses make this mistake.
Make one policy that covers all your products and services.
Having a single AUP that covers all of your products and services can create consistency and prevent confusion resulting from having multiple policies. This can also save your support team from dealing with more inquiries.
As your company grows, consistency becomes even more valuable. It’s a good idea to have a single AUP containing specific language for each product while allowing different rules. This can be achieved by consolidating all rules in one place within a single document for clarity.
How many AUPs do you have?
Make sure all the terms in your AUP are enforceable.
Creating a detailed AUP that covers every aspect of customer behavior on your network may be tempting. However, this approach should be avoided:
- Too many restrictions may discourage potential customers who are a good fit for your business.
- If the terms are unenforceable without extreme effort, they serve no purpose.
Remember that an AUP is a legally binding contract that users must agree to before receiving service. Its primary purpose is to protect you from network abuse within your clients’ accounts. Therefore, ensuring that the language is legally sound and enforceable is crucial. Doing so will also help protect your other customers and your entire network.
Do not negotiate customer modifications.
Occasionally, larger customers may request special provisions within your AUP to fit their requirements. However, carefully consider before accepting any of these modifications, as they could compromise the security of your network.
But, if you have multiple customers frequently requesting the same type of modification, it may be a signal to revisit your AUP. The language could be clearer, or a certain provision could be too strict. Use customer feedback to help make those decisions.
Have a system that lets you act on violations of your AUP quickly.
As mentioned earlier, the most important aspect of drafting an AUP is to make it your own and use language that protects you from unwanted activity. But, once you do make it your own, do you have a simple-to-manage and-use system that allows you to detect AUP violations and act on them quickly and uniformly?
What are you doing to act on child protection takedowns, attack reports, copyright, trademark violations, phishing and spam or other types of abuse that your AUP expressly prohibits? Alternatively, how well are you distinguishing between bad actors and compromised users, or is the data simply a blur of information?
Detecting and acting to enforce your AUPs can be tricky if you don’t have the right tools. Speak with us at email@example.com about making your AUP enforcement, abuse desk, and SOC simpler and easier to manage with AbuseHQ.