An acceptable use policy (AUP), acceptable usage policy or fair use policy, is a set of rules applied by the owner, creator or administrator of a network, website, or service, that restrict the ways in which the network, website or system may be used and sets guidelines as to how it should be used. AUP documents are written for corporations,businesses, universities,schools,internet service providers (ISPs), and website owners, often to reduce the potential for legal action that may be taken by a user, and often with little prospect of enforcement.
Acceptable use policies are an integral part of the framework of information security policies; it is often common practice to ask new members of an organization to sign an AUP before they are given access to its information systems. For this reason, an AUP must be concise and clear, while at the same time covering the most important points about what users are, and are not, allowed to do with the IT systems of an organization. It should refer users to the more comprehensive security policy where relevant. It should also, and very notably, define what sanctions will be applied if a user breaks the AUP. Compliance with this policy should, as usual, be measured by regular audits.
In some cases a fair usage policy applied to a service allowing nominally unlimited use for a fixed fee simply sets a cap on what may be used, intended to allow normal usage but prevent what is considered excessive. For example, users of an "unlimited" broadband Internet service may be subject to suspension, termination, or bandwidth limiting for usage which is "continually excessive, unfair, affects other users' enjoyment of the broadband service, or is not consistent with the usage typically expected on a particular access package". The policy is enforced directly, without legal proceedings.