<P> Acceptable use policies are an integral part of the framework of information security policies; it is often common practice to ask new members of an organization to sign an AUP before they are given access to its information systems . For this reason, an AUP must be concise and clear, while at the same time covering the most important points about what users are, and are not, allowed to do with the IT systems of an organization . It should refer users to the more comprehensive security policy where relevant . It should also, and very notably, define what sanctions will be applied if a user breaks the AUP . Compliance with this policy should, as usual, be measured by regular audits . </P> <P> In some cases a fair usage policy applied to a service allowing nominally unlimited use for a fixed fee simply sets a cap on what may be used, intended to allow normal usage but prevent what is considered excessive . For example, users of an "unlimited" broadband Internet service may be subject to suspension, termination, or bandwidth limiting for usage which is "continually excessive, unfair, affects other users' enjoyment of the broadband service, or is not consistent with the usage typically expected on a particular access package". The policy is enforced directly, without legal proceedings . </P> <P> AUP documents are similar to and often serve the same function as the Terms of Service document (e.g., as used by Google Gmail and Yahoo!), although not always . In the case of IBM.com for instance, the Terms of Use are about the way in which IBM presents the site, how they interact with visitors of the site and little to no instruction as to how to use the site . </P> <P> In some cases, AUP documents are named Internet and E-mail Policy, Internet AUP, Network AUP, or Acceptable IT Use Policy . These documents, even though named differently, largely provide policy statements as to what behavior is acceptable from users of the local network / Internet connected via the local network . </P>

Who decides what is acceptable internet activity when there is no written policy