Is a regulating policy concerning peer-to-peer applications required so that companies and institutions can better manage the security issues of internal peer-to-peer applications? There is high security and privacy risks involved when using p2p applications like KaZaA, Bearshare, Audiogalaxy and ICQ. With the high speed networks of today it is very important to really know what is going on in your network and which applications is doing what and with whom. If not, there are high possibilities that your system will be used for more or less malicious purposes. Therefore it is interesting to find out if p2p applications have found their way behind company walls. A policy can prevent the issues discussed either by banning employees from using p2p applications or by regulate the use of these applications in a very detailed manner. The implementation of a policy makes the usage controlled and easily supervised by the company security staff. Implementing a policy that regulates the use of p2p applications can prevent possible attacks on the company/organisation network.