Do compliance laws, such as HIPAA or GLBA, play a role in AUP definition?


Yes, compliance laws play a huge role in defining an organization’s acceptable use policy. An organization risks huge losses – both financial and reputational – if it found to be violating compliance laws like the HIPAA or GLBA. While most of these organizations have technical controls in place to prevent violations, it is absolutely critical to spell out the acceptable use of resources that doesn’t cause these violations.

Additionally, the AUP can state that using methods to circumvent the procedures and controls in place is a violation as well. This will help the organization do its due diligence in complying to the laws as well as retain the right to take the violator to court for jeopardizing the organization’s security with their actions.