‪(480) 285-8227 dave@dealercomply360.com

Acceptable Use Policy

Purpose:
The purpose of this Acceptable Use Policy (AUP) is to outline the proper use of [Dealership Name]’s technology assets. This includes hardware, software, and services provided or managed by [Dealership Name] and any personally owned devices voluntarily used for dealership business under the Personal Device Policy. The policy ensures responsible, lawful, and secure use of resources to support [Dealership Name]’s mission and protect its assets, customers, and employees.

1. Scope

This policy applies to all users and [Dealership Name] Technology Assets, including but not limited to:

  • Computer equipment, hardware, storage media, and software.
  • Business applications, data files, licenses, and operating systems.
  • Networks, internet, email systems, collaboration tools, and voice communication services.
  • Personally owned devices used for business purposes under the BYOD policy.

2. Roles and Responsibilities

  • Users: Must know and comply with this AUP and other relevant [Dealership Name] policies.
  • Supervisors: Ensure team compliance and report violations or suspicious activities.
  • IT Department: Monitor compliance, maintain systems, and address security concerns.

3. Acceptable and Prohibited Use

3.1 Acceptable Use

Users must:

  1. Authorized Use:
    • Use Technology Assets for authorized purposes and comply with all applicable laws and [Dealership Name] policies.
  2. Credentials:
    • Protect user credentials and report unauthorized use immediately.
    • Be responsible for all actions performed using their credentials.
  3. Access and Confidentiality:
    • Access only authorized information and systems.
    • Protect confidential customer and business information in compliance with the Information Security Program (ISP).
  4. Data Protection:
    • Secure data in all forms (electronic and hard copy) against unauthorized access, theft, or loss.
  5. Legal Compliance:
    • Use only legal versions of software and comply with vendor licenses and third-party agreements.
  6. Incident Reporting:
    • Report suspicious activities, theft, or compromise of assets immediately to a supervisor or IT department.
  7. Personal Use:
    • Limit personal use of Technology Assets to incidental and minor activities that do not interfere with business operations or place the dealership at risk.
  8. Return of Assets:
    • Return all dealership-issued assets upon termination of employment or when requested.

3.2 Prohibited Use

Users must not:

  1. Illegal or Unethical Use:
    • Use Technology Assets for illegal activities or behavior that violates dealership policies.
  2. Unauthorized Installations:
    • Install unauthorized software or hardware.
  3. Unauthorized Access:
    • Share credentials, allow unauthorized individuals access to assets, or attempt to bypass security controls.
  4. Confidentiality Breaches:
    • Access, process, or store confidential information without authorization.
    • Speak or share confidential information in public or with unauthorized parties.
  5. Device Security:
    • Leave devices unsecured or unattended.
    • Connect personal devices to dealership systems without authorization.
  6. Circumvention of Controls:
    • Alter or remove security settings, antivirus software, or monitoring tools.
  7. Malicious Activities:
    • Introduce malware, hacking tools, or unauthorized software.
    • Use personal email accounts to introduce malicious content to dealership systems.
  8. Cloud Services:
    • Use unapproved cloud services without approval from the Information Security Coordinator.
  9. Behavioral Violations:
    • Engage in abusive, harassing, defamatory, profane, racist, sexist, or otherwise inappropriate behavior using Technology Assets.

4. Personally Owned Devices

Users who use personal devices for dealership business must comply with the [Dealership Name] BYOD policy, including:

  • Adhering to dealership security requirements for personal devices.
  • Allowing IT to configure security settings on devices accessing dealership systems.
  • Reporting lost or compromised devices immediately.

5. Monitoring and Privacy

  • [Dealership Name] reserves the right to monitor the use of Technology Assets to ensure compliance with this policy.
  • Users should have no expectation of privacy when using dealership-owned or managed systems.

6. Compliance and Sanctions

  • Violations of this policy may result in disciplinary actions, including termination of employment.
  • Severe violations, including illegal activities, may result in legal action.

Acknowledgment

I acknowledge that I have read and understand the Acceptable Use Policy and agree to comply with its provisions.

Employee Signature: ___________________________
Date: ___________________________

Manager Signature: ___________________________
Date: ___________________________

This policy integrates robust standards for acceptable and prohibited use, enhancing compliance and security for [Dealership Name]’s assets and operations. Let me know if further customizations are needed!

4o