Programs & Services » School Operations & Support Services » Technology Infrastructure

Acceptable Internet Use Policy

Print
Share & Bookmark, Press Enter to show all options, press Tab go to next option
Font Size: + -

State legislation requires local school boards to review their Acceptable Internet Use Policy (AUP) every two years and post their AUP to the local education agency's website; superintendents are to take appropriate steps to implement and enforce AUP. This process is supportive of the Children’s Internet Protection Act (CIPA), E-Rate program and an organization’s cybersecurity posture. An AUP outlines appropriate use by students and employees of all organization-owned technology connected to the Internet including but not limited to end-user devices, networks and their components, Internet access, software and user accounts. An AUP can be adopted to require signatures as well as be written and presented in a differentiated manner.   

Minimum Required AUP Components 

While state and federal legislation contains the precise language, a checklist is provided here as summary: 

  • Prohibition of utilizing, transmitting, or storing illegal material
  • Prohibition of interfering with the filtering/blocking of material
  • Prohibition of circumventing the filtering/blocking of material
  • Prohibition of unauthorized access to devices, accounts, or data
  • Prohibition of unlawful activities
  • Prohibition of unauthorized distribution or use of student personal information
  • Participation in the prevention of students gaining access to harmful or inappropriate material as deemed so by state law and the local education agency
  • Participation in ensuring safe and secure communication
  • Participation in instruction of Internet safety for students to include safe and secure communication over the Internet
  • Participation in appropriate measures taken against those who violate AUP as prescribed by the local education agency. 

Suggested AUP Components 

While state legislation requires local school boards to, “review, amend if necessary, and approve the school division's acceptable use policy for the Internet,” the following provides a list of suggestions taken as summary from the Model Security Plan and Best Practice Guidance in Cybersecurity for K-12 Schools document:  

  • Participation in keeping user account credentials concealed
  • Prohibition of altering any security measures put in place by authorized local education agency actors
  • Prohibition of circumventing any security measures put in place by authorized local education agency actors
  • Prohibition of installing or utilizing any unauthorized hardware or software
  • Participation in local education agency's data usage, transmission and storage policies
  • Participation in reporting the observance of violation of AUP to the appropriate local education agency employee
  • Participation in reporting lost or stolen devices to the appropriate local education agency employee
  • Participation in local education agency's software adoption policies including for standalone and web applications

Required Filtering and Monitoring 

While state legislation and CIPA contains the precise language, local education agencies are required to select and implement a technology to filter access to the Internet such that content defined in law as child pornography, obscene, or harmful to minors is to be blocked. Local education agencies are to establish a process for requests by adults to access blocked Internet content with a bona fide use description. Additionally, local education agencies’ Internet safety policy is required to include monitoring of students' online activity.