Why must an organization have an acceptable use policy (AUP) even for non-employees, such as contractors, consultants, and other third parties?


Contractors, consultants, and third parties – either on-premises or remotely – all access the organization’s assets – systems, information, and network. They can accidentally or deliberately abuse the assets and put the organization and risk and can even cause compliance failures. It is in the organization’s best interest to have an AUP for them. Further, organizations that provide Guest Internet access also push an AUP to guest users, usually in the form of a captive portal.