These will probably differ from business to business. For example, some organizations do not allow users to access chat rooms or non-company email, while others do. Some do not allow users to play games during downtime, while some do.

Issues like these will depend on how your organization views these types of activities. Equally, your policy might change over time. In the early days, you may be happy to be very flexible. Later on, when your business gets busier, you might begin to take a more pragmatic approach toward "recreational" activities. These decisions are entirely up to your organization, but they should be reflected in your AUP.

Examples of issues you might want to include in your AUP are:-

•  changing default settings on software (usually barred)
•  downloading and installing new software to company computers (again, usually barred)
•  making sure all floppy disks are checked for viruses before use password protection and security
   (ie. users should not disclose them to others)
•  use of equipment for commercial gain
•  use of chat rooms
•  use of web-based email
•  online games

Some users will not understand the reasons for such restrictions, so providing an explanation as to why they exist will ensure that problems are kept to a minimum, as well as improving the knowledge and awareness of your users.

E-commerce is a large and growing part of the internet experience, but what, for example, if a user does some online banking, and then fails to exit from their browser properly or to complete the transaction, resulting in the passwords still being saved in the memory. What, then, if another employee comes along and uses that same computer? Or what if someone is looking over the shoulder of the first user and sees the passwords they key in?

Your policy could clarify whether or not users are entitled to use your network for e-commerce activities such as banking or shopping, and that they are responsible for maintaining the security of their passwords, credit/debit card details, etc. You could further stipulate the organization bears no liability for breaches in security in the event a user fails to be diligent with their private details. (You may also wish to link this to any financial management support available in your community such as debt counselling or credit unions).