The leaders of all organizations take steps to protect them from liabilities and damage resulting from the inappropriate use of IT systems. At the highest levels, the organization’s governing body (school board are generally responsible for adopting policy) will adopt policies to protect the organization by ensuring they comply with relevant laws and regulations, and to minimize threats to the IT systems which represent a significant expense. As long as policies are lawful, and policies are usually written with significant input from the governing body’s legal counsel, then policy defines what IT users should do, and violation can lead to termination.
While policy is the ultimate rules that are followed by users of school IT, users of IT are rarely aware they are following policy as it has been translated into the procedures they follow to gain access to systems and to use them for teaching, learning, and participating in school operations. If it is discovered that IT procedures violate policy, they will be overturned. In schools where collaborative IT planning is observed, new procedures that meet the needs of the IT professionals, but that aligns with policy will be defined. Revising policy takes a significant amount of time and policy makers typically revise IT (and other policy) on a regular basis (usually with years between revisions).
While the acceptable use policies adopted by school boards are the ultimate policy that must be followed, those can be written in language that is difficult for laypeople to understand. This is especially true regarding children, who we know comprise the majority of school IT users. In response, IT professionals and educators will collaborate to create acceptable use policies that are written in language that is appropriate for the students.
Having students and adults sign AUP’s is a largely symbolic activity in schools. The signature does indicate students, parents, educators, and others have been made aware of the policy. Whether one has signed an AUP or not, they are obligated to follow policy and failure to follow the policy can result in school administrators taking actions to ensure policy is followed. Because it is symbolic, it does not mean that AUP’s are meaningless. These can present a valuable opportunity for teaching students about cybersecurity, cyberbullying, privacy, and other situations in which IT may be misused, and lessons focused on the school’s AUP are often included in the curriculum in part to address the International Society for Technology in Education’s standards related to digital citizenship.