LEGAL · AUP TEMPLATE

Acceptable Use Policy · template

Starter text for your organization's AUP. Edit in Admin → Branding. Users will be required to click-through accept this text on first login and again whenever it's updated.

NOT LEGAL ADVICE

This template is a reasonable starting point. Your legal / compliance team should review and adapt it for your jurisdiction, industry, and risk posture before publishing. Meridian does not assume responsibility for the adequacy of any AUP you publish.

Sample AUP

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
                  <YOUR ORGANIZATION> · ACCEPTABLE USE POLICY
                             Meridian NIP · v1.0
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

1. AUTHORIZATION
   This system is the property of <YOUR ORGANIZATION>. Access is granted
   only to named individuals by <YOUR ORGANIZATION>'s network-operations
   leadership. Credentials are personal and non-transferable. Shared
   logins are prohibited; a credential used from multiple devices or by
   multiple people is grounds for immediate revocation.

2. PURPOSE & SCOPE
   Meridian is an operational platform for DNS, network, directory, and
   certificate diagnostics. You may use it only for work relating to
   <YOUR ORGANIZATION>'s networks and those networks expressly under
   your management responsibility.

3. AUDIT & MONITORING
   All queries, sandboxed commands, privileged actions, and data exports
   are audit-logged. Audit records are cryptographically tamper-evident
   and retained per corporate retention policy. You have no expectation
   of privacy when using this system.

4. EXTERNAL TESTING
   Use of diagnostic tools (ping, dig, port scan, certificate inspection,
   packet capture, etc.) against systems OUTSIDE <YOUR ORGANIZATION>'s
   administrative control must comply with:
   (a) the Computer Fraud and Abuse Act (18 U.S.C. § 1030) or local
       equivalent;
   (b) any written Rules of Engagement for the target system;
   (c) <YOUR ORGANIZATION>'s Third-Party Engagement Policy.
   When in doubt, do not proceed.

5. PRIVILEGED ACTIONS
   Certain actions — packet capture, service restart, AD password reset,
   Infoblox writes, certificate revocation — require approvals logged to
   the audit trail. You must provide a clear written justification for
   each privileged action.

6. DATA HANDLING
   Exported query results, packet captures, and PDF reports may contain
   information subject to <YOUR ORGANIZATION>'s data-classification
   policies. Handle exports as you would any other sensitive internal
   document. Do not disclose exports to parties outside
   <YOUR ORGANIZATION> without written authorization.

7. CREDENTIALS
   You must enroll multi-factor authentication within 7 days of first
   login. API tokens are personal; you are responsible for any action
   taken with a token you created.

8. PROHIBITED CONDUCT
   The following are prohibited and grounds for immediate revocation and
   disciplinary action:
    - Sharing your credentials with any other person
    - Attempting to circumvent audit logging, permission checks, or
      license enforcement
    - Using the platform for personal or commercial activities unrelated
      to <YOUR ORGANIZATION>'s operations
    - Testing systems you do not have written authorization to test
    - Exfiltrating credentials, API keys, certificates, or audit records
    - Disabling security controls (AppArmor, fail2ban, integrity scans)

9. SESSIONS & TIMEOUT
   The portal signs you out after a configured period of inactivity.
   One active session per user by default; signing in on a new device
   signs you out of the previous one and is recorded to the audit log.

10. ACCEPTANCE
    By logging in and clicking "I accept", you affirm that you have
    read, understood, and agree to this policy. <YOUR ORGANIZATION>
    may update this policy with reasonable notice; continued use after
    an update constitutes acceptance of the revised policy.

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Questions or concerns: <SUPPORT EMAIL>
Policy owner: <POLICY OWNER NAME / TITLE>
Effective: <DATE>
Revision: 1.0
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

How click-through works

Each revision of the AUP is stored in the aup_versions table with a version number. On every login the portal checks whether the user has an aup_acceptances row for the currently-active version. If not, the full text is shown with an "I accept" checkbox and a submit button. Acceptance is recorded with timestamp, IP, and user-agent.

Toggles

In Admin → Branding → Login page text:

Require click-through AUP accept on first login — if disabled, new users bypass acceptance (not recommended)
Re-prompt on AUP version change — if disabled, existing users don't re-accept when you publish new text
Show AUP link in footer — adds "Acceptable Use Policy" to every page footer for easy reference

MERIDIAN 1.0.0 · DOCUMENTATION

meridiannip.com ↗