[{"data":1,"prerenderedAt":508},["ShallowReactive",2],{"document-acceptable-use-policy-D12622":3},{"document":4,"label":23,"preview":11,"thumb":24,"thumb600":25,"description":26,"descriptionCustom":6,"apiDescription":5,"pages":8,"extension":10,"parents":27,"breadcrumb":31,"related":39,"customDescModule":174,"customdescription":26,"mdFm":175,"mdProseHtml":507},{"description":5,"descriptionCustom":6,"label":7,"pages":8,"size":9,"extension":10,"preview":11,"thumb":12,"svgFrame":13,"seoMetadata":14,"parents":16,"keywords":15},"ACCEPTABLE USE POLICY OVERVIEW This Acceptable Use Policy governs the use and security of all information and computer equipment from [COMPANY NAME]. It also covers the use of email, the internet, voice and mobile computing equipment. This policy applies to all information, in any form, relating to the business activities of [COMPANY NAME] worldwide, and to all information processed by [COMPANY NAME] about other organizations with which it deals. This policy also covers all IT and information communication facilities operated by or on behalf of [COMPANY NAME]. Internet/Intranet/Extranet-related systems, including but not limited to computer equipment, software, operating systems, storage media, network accounts providing electronic mail, WWW browsing, and FTP, are the property of [COMPANY NAME]. These systems are to be used for business purposes in serving the interests of the company, and of our clients and customers in the course of normal operations. [COMPANY NAME] is committed to protecting his employees, partners and the company from illegal or damaging actions by individuals, either knowingly or unknowingly. It is the responsibility of every [COMPANY NAME] computer user to know these guidelines, and to conduct their activities accordingly. PURPOSE The purpose of this policy is to outline the acceptable use of computer equipment at [COMPANY NAME]. These rules are in place to protect the employee and [COMPANY NAME]. Inappropriate use exposes [COMPANY NAME] to risks including virus attacks, compromise of network systems and services, and legal issues. SCOPE This policy applies to employees, contractors, consultants, temporary workers and other workers of [COMPANY NAME], including all personnel affiliated with third parties. This policy applies to all equipment owned or leased by [COMPANY NAME]. It also applies to the use of information, electronic and computer equipment and network resources to conduct business activities or interact with internal networks and business systems, whether owned or leased by [COMPANY NAME], the employee or a third party. All employees, contractors, consultants, temps and other workers of [COMPANY NAME] and its subsidiaries are responsible for exercising judgment with respect to the appropriate use of information, electronic devices and network resources in accordance with [COMPANY NAME] policies and standards and local laws and regulations. INDIVIDUAL'S RESPONSIBILITY Access to the [COMPANY NAME] IT systems is controlled by the use of User IDs, passwords and/or tokens. All User IDs and passwords are to be uniquely assigned to named individuals and consequently, individuals are accountable for all actions on the [COMPANY NAME] IT systems. Individuals must not: Allow anyone else to use their user ID/token and password on any [COMPANY NAME] IT system. Leave their user accounts logged in at an unattended and unlocked computer. Use someone else's user ID and password to access [COMPANY NAME]'s IT systems. Leave their password unprotected (for example writing it down). Perform any unauthorised changes to [COMPANY NAME]'s IT systems or information. Attempt to access data that they are not authorised to use or access. Exceed the limits of their authorisation or specific business need to interrogate the system or data. Connect any non-([COMPANY NAME] authorised device to the [COMPANY NAME] network or IT systems. Store [COMPANY NAME] data on any non-authorized [COMPANY NAME] equipment. Give or transfer [COMPANY NAME] data or software to any person or organisation. outside [COMPANY NAME] without the authority of [COMPANY NAME]. Line managers must ensure that individuals receive clear directives on the extent and limits of their authority over computer systems and data. INTERNET AND EMAIL The use of the internet and email of [COMPANY NAME] is intended for professional purposes. Personal use is permitted when it does not affect the individual's professional performance, does not in any way harm [COMPANY NAME], does not violate any terms and conditions of employment and does not place the individual or [COMPANY NAME] in violation of legal or other obligations. All individuals are therefore responsible for their actions on the internet as well as when using email systems. Individuals must not: Use the internet or email for harassment or abuse. Use blasphemies, obscenities or disrespectful remarks in communications. Access, upload, send or receive data (including images) that [COMPANY NAME] considers offensive in any way, including sexually explicit, discriminatory, defamatory or libelous material. Use the internet or email to make personal gains or run a personal business. Use the internet or email to play. Use email systems in a way that could affect their reliability or efficiency, for example by distributing chain letters or spam. Place on the internet any information relating to [COMPANY NAME], modify any information concerning it or express any opinion on [COMPANY NAME], unless they are expressly authorized to do so. Send sensitive or confidential information that is not protected to the outside world. Use of unsolicited email originating from within [COMPANY NAME] 's networks of other Internet/Intranet/Extranet service providers on behalf of, or to advertise, any service hosted by [COMPANY NAME] or connected via 's network. Forward business email to personal email accounts (for example, Gmail account). Make official commitments by internet or email on behalf of [COMPANY NAME], unless authorized to do so. Download copyrighted material such as music media files (MP3), films and videos (non-exhaustive list) without appropriate approval. In any way, violate copyright, database rights, trademarks or other intellectual property rights. Download any software from the internet without the prior consent of the IT department. Connect [COMPANY NAME] devices to the internet using non-standard connections. GENERAL USE OWNERSHIP [COMPANY NAME] proprietary information stored on electronic and computing devices whether owned or leased by [COMPANY NAME], remains the sole property of [COMPANY NAME]. You must ensure through legal or technical means that proprietary information is protected in accordance with the data protection standards. You have a responsibility to promptly report the theft, loss or unauthorized disclosure of [COMPANY NAME] proprietary information. You may access, use or share [COMPANY NAME] proprietary information only to the extent it is authorized and necessary to perform the tasks assigned to you. ",null,"Acceptable Use Policy","7",513,"doc","https://templates.business-in-a-box.com/imgs/1000px/acceptable-use-policy-D12622.png","https://templates.business-in-a-box.com/imgs/250px/12622.png","https://templates.business-in-a-box.com/svgs/docviewerWebApp1.html?v6#12622.xml",{"title":15,"description":6},"acceptable use policy",[17,20],{"label":18,"url":19},"Human Resources","/templates/human-resources/",{"label":21,"url":22},"Company Policies","/templates/company-policies/","Acceptable Use Policy Template","https://templates.business-in-a-box.com/imgs/400px/12622.png","https://templates.business-in-a-box.com/imgs/600px/12622.png","\u003Ch4>Acceptable Use Policy: Navigating the Boundaries of Company Resources\u003C/h4>\n\u003Cp>In the contemporary realm of business operations, the delineation of acceptable practices for utilizing company resources is paramount. An Acceptable Use Policy (AUP) serves as a navigational chart for employees, clearly defining the permissible boundaries while using company-owned systems, software, and networks. It is crafted to maintain the integrity of the company’s technological assets and to foster a responsible corporate environment.\u003C/p>\n\u003Cp>The AUP is a comprehensive set of rules that are established to ensure that all employees understand and agree to use company resources solely for professional purposes and in a manner that is ethical, lawful, and aligned with company values. It is not just a set of prohibitions, but also an educational guide that provides clarity and context for why certain uses of technology are deemed inappropriate or unauthorized within the company.\u003C/p>\n\u003Ch5>What is an Acceptable Use Policy Template?\u003C/h5>\n\u003Cp>An Acceptable Use Policy template serves as the scaffolding for building a tailored set of guidelines specific to the nature and needs of the organization. It often includes the acceptable and prohibited uses of the company’s IT infrastructure, email systems, internet connections, and other technological resources. This template is crucial for establishing a universal understanding among the workforce and ensuring compliance with legal and ethical standards.\u003C/p>\n\u003Ch5>Key Components of an Acceptable Use Policy\u003C/h5>\n\u003Cp>An effective AUP should encompass several key elements:\u003C/p>\n\u003Cul>\n\u003Cli>\u003Cstrong>Purpose and Scope\u003C/strong> - Explanation of the AUP’s objectives and the resources it covers.\u003C/li>\n\u003Cli>\u003Cstrong>Acceptable Use\u003C/strong> - Detailed description of what constitutes acceptable use of company resources.\u003C/li>\n\u003Cli>\u003Cstrong>Prohibited Use\u003C/strong> - Clear definitions of unacceptable and prohibited actions and behaviors.\u003C/li>\n\u003Cli>\u003Cstrong>System Security\u003C/strong> - Guidelines for maintaining the integrity and security of the company’s systems.\u003C/li>\n\u003Cli>\u003Cstrong>Violations and Sanctions\u003C/strong> - Outline of the consequences for violating the AUP, including potential disciplinary actions.\u003C/li>\n\u003Cli>\u003Cstrong>Acknowledgment of Understanding\u003C/strong> - A section where employees affirm that they have read, understand, and agree to adhere to the policy.\u003C/li>\n\u003C/ul>\n\u003Ch5>Supporting Documents for Implementing an Acceptable Use Policy\u003C/h5>\n\u003Cp>Instituting an AUP can be fortified by integrating related documents:\u003C/p>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https://www.business-in-a-box.com/template/employee-handbook-D712/\">Employee Handbook\u003C/a>\u003C/strong> - Provides a broader context for company policies and expectations.\u003C/li>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https://www.business-in-a-box.com/template/it-security-policy-D13722/\">IT Security Policy\u003C/a>\u003C/strong> - Offers detailed information on safeguarding data and technology.\u003C/li>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https://www.business-in-a-box.com/template/incident-response-plan-D13714/\">Incident Response Plan\u003C/a>\u003C/strong> - Outlines procedures for handling security breaches or policy violations.\u003C/li>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https://www.business-in-a-box.com/template/cyber-security-policy-D12867/\">Cybersecurity Policy\u003C/a>\u003C/strong> - Instructs on secure technology use, complementing the Acceptable Use Policy by detailing protective measures and behaviors.\u003C/li>\n\u003C/ul>\n\u003Ch5>Why Utilize a Comprehensive Template for an Acceptable Use Policy?\u003C/h5>\n\u003Cp>Opting to utilize a professionally crafted template for your AUP presents several advantages:\u003C/p>\n\u003Cul>\n\u003Cli>\u003Cstrong>Thorough Guidance\u003C/strong> - Assures that the policy encompasses all necessary areas of concern and reflects the latest best practices and legal requirements.\u003C/li>\n\u003Cli>\u003Cstrong>Customization\u003C/strong> - Facilitates adaptation to the specific needs and risks associated with the company’s operations.\u003C/li>\n\u003Cli>\u003Cstrong>Consistency\u003C/strong> - Promotes a standardized approach to policy implementation and enforcement.\u003C/li>\n\u003Cli>\u003Cstrong>Resource Optimization\u003C/strong> - Saves time and resources in policy development, allowing the company to focus on its core business activities.\u003C/li>\n\u003C/ul>\n\u003Cp>Embracing a well-structured Acceptable Use Policy is instrumental in guiding employee behavior regarding the use of company resources. It not only delineates clear expectations but also safeguards the organization against misuse and the potential fallout of such actions. By employing a robust AUP, businesses effectively communicate the seriousness with which they regard the security and proper use of their technological assets, underscoring a culture of responsibility and vigilance.\u003C/p>\n\u003Cp>Updated in April 2024\u003C/p>\n",[28,17,20],{"label":29,"url":30},"Templates","/templates/",[32,33,36],{"label":29,"url":30},{"label":34,"url":35},"Software & Technology","/templates/software-technology/",{"label":37,"url":38},"Cybersecurity Policies","/templates/cybersecurity-policies/",[40,44,48,52,56,60,64,68,72,76,80,84,88,104,117,134,149,161],{"label":41,"url":42,"thumb":43,"extension":10},"AI Acceptable Use Policy","/template/ai-acceptable-use-policy-D13900","https://templates.business-in-a-box.com/imgs/250px/13900.png",{"label":45,"url":46,"thumb":47,"extension":10},"IT Acceptable Use Policy","/template/it-acceptable-use-policy-D13720","https://templates.business-in-a-box.com/imgs/250px/13720.png",{"label":49,"url":50,"thumb":51,"extension":10},"Computer Use Policy","/template/computer-use-policy-D705","https://templates.business-in-a-box.com/imgs/250px/705.png",{"label":53,"url":54,"thumb":55,"extension":10},"Corporate Social Media Use Policy","/template/corporate-social-media-use-policy-D13636","https://templates.business-in-a-box.com/imgs/250px/13636.png",{"label":57,"url":58,"thumb":59,"extension":10},"Term Of Use","/template/term-of-use-D12706","https://templates.business-in-a-box.com/imgs/250px/12706.png",{"label":61,"url":62,"thumb":63,"extension":10},"Business Use Case","/template/business-use-case-D13509","https://templates.business-in-a-box.com/imgs/250px/13509.png",{"label":65,"url":66,"thumb":67,"extension":10},"Equipment Use Agreement","/template/equipment-use-agreement-D12844","https://templates.business-in-a-box.com/imgs/250px/12844.png",{"label":69,"url":70,"thumb":71,"extension":10},"License to Use Agreement","/template/license-to-use-agreement-D1149","https://templates.business-in-a-box.com/imgs/250px/1149.png",{"label":73,"url":74,"thumb":75,"extension":10},"Vehicle Use Agreement","/template/vehicle-use-agreement-D13798","https://templates.business-in-a-box.com/imgs/250px/13798.png",{"label":77,"url":78,"thumb":79,"extension":10},"AI Policy","/template/ai-policy-D13598","https://templates.business-in-a-box.com/imgs/250px/13598.png",{"label":81,"url":82,"thumb":83,"extension":10},"Application Policy","/template/application-policy-D13439","https://templates.business-in-a-box.com/imgs/250px/13439.png",{"label":85,"url":86,"thumb":87,"extension":10},"Attendance Policy","/template/attendance-policy-D12625","https://templates.business-in-a-box.com/imgs/250px/12625.png",{"description":89,"descriptionCustom":6,"label":90,"pages":91,"size":92,"extension":10,"preview":93,"thumb":94,"svgFrame":95,"seoMetadata":96,"parents":97,"keywords":102,"url":103},"Employee Handbook Understanding employment at [YOUR COMPANY NAME] Revised on [DATE] Prepared By: [YOUR NAME] [YOUR JOB TITLE] Phone 555.555.5555 Email info@yourbusiness.com www.yourbusiness.com Table of Content Table of Content 2 Welcome to [YOUR COMPANY NAME]! 5 1. Organization Description 6 1.1 Introductory Statement 6 1.2 Customer Relations 6 1.3 Products and Services Provided 7 1.4 Facilities and Location(s) 7 1.5 The History of [YOUR COMPANY NAME] 7 1.6 Management Philosophy 7 1.7 Goals 8 2. The Employment 9 2.1 Nature of Employment 9 2.2 Employee Relations 9 2.3 Equal Employment Opportunity 10 2.4 Diversity 10 2.5 Business Ethics and Conduct 12 2.6 Personal Relationships in the Workplace 13 2.7 Conflicts of Interest 13 2.8 Outside Employment 14 2.9 Non-Disclosure 15 2.10 Disability Accommodation 16 2.11 Job Posting and Employee Referrals 17 2.12 Whistleblower Policy 18 2.13 Accident and First Aid 20 3. Employment Status and Records 21 3.1 Employment Categories 21 3.2 Access to Personnel Files 22 3.3 Personnel Data Changes 23 3.4 Probation Period 23 3.5 Employment Applications 24 3.6 Performance Evaluation 24 3.7 Job Descriptions 25 3.8 Salary Administration 25 3.9 Professional Development 26 4. Employee Benefit Programs 27 4.1 Employee Benefits 27 4.2 Vacation Benefits 27 4.3 Military Service Leave 29 4.4 Religious Observance 29 4.5 Holidays 29 4.6 Workers Insurance 30 4.7 Sick Leave Benefits 31 4.8 Bereavement Leave 32 4.9 Relocation Benefits 33 4.10 Educational Assistance 33 4.11 Health Insurance 34 4.12 Life Insurance 35 4.13 Long Term Disability 35 4.14 Marriage, Maternity and Parental Leave 36 5. Timekeeping / Payroll 40 5.1 Timekeeping 40 5.2 Paydays 40 5.3 Employment Termination 41 5.4 Administrative Pay Corrections 42 6. Work Conditions and Hours 43 6.1 Work Schedules 43 6.2 Absences 43 6.3 Jury Duty 45 6.4 Use of Phone and Mail Systems 45 6.5 Smoking 46 6.6 Meal Periods 46 6.7 Overtime 46 6.8 Use of Equipment 47 6.9 Telecommuting 47 6.10 Emergency Closing 48 6.11 Business Travel Expenses 49 6.12 Visitors in the Workplace 51 6.13 Computer and Email Usage 51 6.14 Internet Usage 52 6.15 Workplace Monitoring 54 6.16 Workplace Violence Prevention 55 7. Employee Conduct & Disciplinary Action 57 7.1 Employee Conduct and Work Rules 57 7.2 Sexual and Other Unlawful Harassment 58 7.3 Attendance and Punctuality 60 7.4 Personal Appearance 60 7.5 Return of Property 61 7.6 Resignation and Retirement 61 7.7 Security Inspections 62 7.8 Progressive Discipline 62 7.9 Problem Resolution 64 7.10 Workplace Etiquette 65 7.11 Suggestion Program 67 Acknowledgement of Receipt 68 Welcome to [YOUR COMPANY NAME]! On behalf of your colleagues, we welcome you to [YOUR COMPANY NAME] and wish you every success here. At [YOUR COMPANY NAME], we believe that each employee contributes directly to the growth and success of the company, and we hope you will take pride in being a member of our team. This handbook was developed to describe some of the expectations of our employees and to outline the policies, programs, and benefits available to eligible employees. Employees should become familiar with the contents of the employee handbook as soon as possible, for it will answer many questions about employment with [YOUR COMPANY NAME]. We believe that professional relationships are easier when all employees are aware of the culture and values of the organization. This guide will help you to better understand our vision for the future of our business and the challenges that are ahead. We hope that your experience here will be challenging, enjoyable, and rewarding. Again, welcome! [PRESIDENT NAME] President & CEO 1. Organization Description 1.1 Introductory Statement This handbook is designed to acquaint you with [YOUR COMPANY NAME] and provide you with information about working conditions, employee benefits, and some of the policies affecting your employment. You should read, understand, and comply with all provisions of the handbook. It describes many of your responsibilities as an employee and outlines the programs developed by [YOUR COMPANY NAME] to benefit employees. One of our objectives is to provide a work environment that is conducive to both personal and professional growth. No employee handbook can anticipate every circumstance or question about policy. As [YOUR COMPANY NAME] continues to grow, the need may arise and [YOUR COMPANY NAME] reserves the right to revise, supplement, or rescind any policies or portion of the handbook from time to time as it deems appropriate, in its sole and absolute discretion. Employees will be notified of such changes to the handbook as they occur. 1.2 Customer Relations Customers are among our organization's most valuable assets. Every employee represents [YOUR COMPANY NAME] to our customers and the public. The way we do our jobs presents an image of our entire organization. Customers judge all of us by how they are treated with each employee contact. Therefore, one of our first business priorities is to assist any customer or potential customer. Nothing is more important than being courteous, friendly, helpful, and prompt in the attention you give to customers. [YOUR COMPANY NAME] will provide customer relations and services training to all employees with extensive customer contact. Customers who wish to lodge specific comments or complaints should be directed to the [TITLE AND NAME OF THE PERSON RESPONSIBLE] for appropriate action. Our personal contact with the public, our manners on the telephone, and the communications we send to customers are a reflection not only of ourselves, but also of the professionalism of [YOUR COMPANY NAME]. Positive customer relations not only enhance the public's perception or image of [YOUR COMPANY NAME], but also pay off in greater customer loyalty and increased sales and profit. 1.3 Products and Services Provided You will find more information about our products and services by reading the [YOUR COMPANY NAME] Corporate Brochures. 1.4 Facilities and Location(s) Head Office: [ADDRESS] [CITY], [STATE] [ZIP/POSTAL CODE] [COUNTRY] 1.5 The History of [YOUR COMPANY NAME] [DESCRIBE THE HISTORY OF YOUR COMPANY HERE] 1.6 Management Philosophy [YOUR COMPANY NAME] management philosophy is based on responsibility and mutual respect. Our wishes are to maintain a work environment that fosters on personal and professional growth for all employees. Maintaining such an environment is the responsibility of every staff person. Because of their role, managers and supervisors have the additional responsibility to lead in a manner which fosters an environment of respect for each person. People who come to [YOUR COMPANY NAME] want to work here because we have created an environment that encourages creativity and achievement. [YOUR COMPANY NAME] aims to become a leader in [DESCRIBE YOUR COMPANY'S FIELD OF EXPERTISE]. The mainstay of our strategy will be to offer a level of client focus that is superior to that offered by our competitors. To help achieve this objective, [YOUR COMPANY NAME] seeks to attract highly motivated individuals that want to work as a team and share in the commitment, responsibility, risk taking, and discipline required to achieve our vision. Part of attracting these special individuals will be to build a culture that promotes both uniqueness and a bias for action. While we will be realistic in setting goals and expectations, [YOUR COMPANY NAME] will also be aggressive in reaching its objectives. This success will in turn enable [YOUR COMPANY NAME] to give its employees above average compensation and innovative benefits or rewards, key elements in helping us maintain our leadership position in the worldwide marketplace. 1.7 Goals [DESCRIBE YOUR COMPANY'S GOALS HERE] 2. The Employment 2","Employee Handbook","34",280,"https://templates.business-in-a-box.com/imgs/1000px/employee-handbook-D712.png","https://templates.business-in-a-box.com/imgs/250px/712.png","https://templates.business-in-a-box.com/svgs/docviewerWebApp1.html?v6#712.xml",{"title":6,"description":6},[98,100],{"label":18,"url":99},"human-resources",{"label":21,"url":101},"company-policies","employee handbook","/template/employee-handbook-D712",{"description":105,"descriptionCustom":6,"label":106,"pages":107,"size":9,"extension":10,"preview":108,"thumb":109,"svgFrame":110,"seoMetadata":111,"parents":113,"keywords":112,"url":116},"REMOTE WORK AGREEMENT This Remote Work Agreement (the \"Agreement\") is effective [DATE], BETWEEN: [NAME OF THE EMPLOYER], (the \"Employer\" or \"Company\"), a Company organized and existing under the laws of the [State/Province] of [STATE/PROVINCE], with its head office located at: [COMPLETE ADDRESS] AND: [NAME OF THE EMPLOYEE], (the \"Employee\"), an individual with their main address located at: [COMPLETE ADDRESS] Collectively, the Employer and the Employee shall be referred to as the \"Parties.\" WHEREAS, the Company has made an offer to the Employee to work remotely in the capacity of [JOB TITLE] at the Company; NOW THEREFORE in consideration and as a condition of the Parties entering into this Agreement and other valuable considerations, the receipt and sufficiency of which consideration is acknowledged, the Parties agree as follows: APPOINTMENT The Company hereby offers the Employee appointment, and the Employee agrees to serve the Company to work remotely in the capacity of [JOB TITLE] as of [DATE] (the \"Effective Date\"). PROBATION PERIOD The Employee will be on a Probation Period for a period of [MONTHS/DAYS]. The Employee's confirmation as a permanent employee is subject to the Employee making a positive contribution to the Company and is further subject to meeting certain standards and qualifying criteria during the Probation Period. PLACE OF WORK The Employee shall perform their duties at the location of their choice. The Employee will report to the [SPECIFY THE DESIGNATION] on a needs basis in the following manner: [SPECIFY THE MANNER OF COMMUNICATION]. REMOTE WORK While working remotely, the Employee will remain accessible during the remote work. The Employee will check in with the supervisor to discuss status and open issues and be available for video/teleconferences, scheduled on an as-needed basis. The Employee will take rest and meal breaks while working remotely in full compliance with all applicable policies or collective bargaining agreements, and request supervisor approval to use vacation or sick leave. To ensure that the Employee's performance will not suffer in a remote work arrangement, the Employee is advised to choose a quiet and distraction-free working space, have an internet connection that is adequate for their job and dedicate their full attention to their job duties during working hours. Equipment. The Company will provide the Employee with equipment that is essential to their job duties, like laptops and headsets. The Employee will install VPN and company-required software when the Employee receives their equipment. The Employee must keep their equipment password protected, follow all data encryption, protection standards and settings, and refrain from downloading suspicious, unauthorized or illegal software. NOTICE PERIOD During the Probation Period, if the Employee's performance is found to be unsatisfactory or if it does not meet the prescribed criteria, the Employee's employment can be terminated by the Company with [NUMBER OF DAYS] day's notice or salary thereof. The Employee will be required to give [NUMBER OF MONTHS] months' notice or salary thereof in case the Employee decides to leave the Company. DUTIES The Employee shall perform all such duties as may be delegated by the Company and comply with all such directions as the Managing Director and/or his/her nominated deputies may from time to time assign or give to the Employee. [SPECIFY DUTIES] WORKING HOURS The total working hours will be [SPECIFY HOURS] hours on Mondays to Saturdays. It is expected that the Employee will be flexible with the working hours and work such additional hours as might be necessary to efficiently perform duties under this Agreement. The Company reserves the right to change the working days and the working hours. The Employee shall be entitled to leave and holidays as per the Leave Policy of the Company. In the event the Employee is absent from work and unable to perform duties satisfactorily by reason of any injury, illness or other reason acceptable to the Company, the Employee will be entitled to receive salary and other benefits for up to [NUMBER OF DAYS] consecutive working days during any such absence, within a period of 12 consecutive months. REMUNERATION The Employee's starting total monthly gross salary and during the Probation Period will be as per details in the annexure, hereinafter known as Exhibit A. Any bonus is subject to review in accordance with the Company's practice and policies from time to time, however, there shall be no obligation on the Company to increase the salary or award bonuses at any point of time, save and except at its sole discretion. The Company shall pay or refund or procure to be paid or refunded all reasonable travelling and other similar out of pocket expenses necessarily and incurred by the Employee wholly in the proper performance of duties, subject to production by the Employee of such evidence of the expenses as the Company may reasonably require. The Employee will be required to fill in the claims forms in which the Employee shall provide the correct information of the expenses incurred. CONFIDENTIALITY AND INTELLECTUAL PROPERTY If at any time during the Employee's employment under this Agreement, the Employee participates in the making or discovery of any Intellectual Property directly or indirectly relating to or capable of being used by the Company, full details of the Intellectual Property shall immediately be disclosed in writing by the Employee to the Company and the Intellectual Property shall be the absolute property of the Company. At the request and expense of the Company, the Employee shall give and supply all such information, data, drawings, and assistance as may be necessary or in the opinion of the Company desirable to enable the Company to exploit the Intellectual Property to the best advantage as decided by the Company. The Employee shall execute all documents and do all things which may, in the opinion of the Company, be necessary or desirable for obtaining copyright, design or other protection for the Intellectual Property and for vesting the same in the Company, as the Company may direct. As Confidential Information will from time to time become known to the Employee, the Company considers and the Employee agrees that the restraints set forth in this Agreement are necessary for the reasonable protection by the Company of its business or the business of the Group, the clients thereof or their respective affairs. The Employee shall not at any time, either during the continuance of or after the termination of Employment with the Company, use, disclose or communicate to any person whatsoever any Confidential Information which the Employee has or of which he may have become possessed during employment with the Company nor shall he supply the names or addresses of any clients, customers, vendors or agents of the Company or any company of the Group to any person except as authorised by the Company or as ordered by a court of competent jurisdiction. The Employee consents to the Company holding and processing, both electronically and manually, the data it collects relating to the Employee in the course of employment, for the purpose of the Company's administration and management of its employees, its business and to comply with applicable procedures, laws and regulations. ","Remote Work Agreement","8","https://templates.business-in-a-box.com/imgs/1000px/remote-work-agreement-D13282.png","https://templates.business-in-a-box.com/imgs/250px/13282.png","https://templates.business-in-a-box.com/svgs/docviewerWebApp1.html?v6#13282.xml",{"title":112,"description":6},"remote work agreement",[114,115],{"label":18,"url":99},{"label":21,"url":101},"/template/remote-work-agreement-D13282",{"description":118,"descriptionCustom":6,"label":119,"pages":120,"size":9,"extension":10,"preview":121,"thumb":122,"svgFrame":123,"seoMetadata":124,"parents":126,"keywords":125,"url":133},"NON-DISCLOSURE AGREEMENT (NDA) This Non-Disclosure Agreement (the \"Agreement\") is made and effective [DATE], BETWEEN: [YOUR COMPANY NAME] (the \"Disclosing Party\"), a corporation organized and existing under the laws of the [State/Province] of [STATE/PROVINCE], with its head office located at: [YOUR COMPLETE ADDRESS] AND: [RECEIVING PARTY NAME] (the \"Receiving Party\"), an individual with his main address located at OR a corporation organized and existing under the laws of the [State/Province] of [STATE/PROVINCE], with its head office located at: [COMPLETE ADDRESS] WHEREAS, Receiving Party has been or will be engaged in the performance of work on [DESCRIBE]; and in connection therewith will be given access to certain confidential and proprietary information; and WHEREAS, Receiving Party and Disclosing Party wish to evidence by this Agreement the manner in which said confidential and proprietary material will be treated. NOW, THEREFORE, it is agreed as follows: NON-DISCLOSURE OF CONFIDENTIAL INFORMATION Both Parties understand and agree that each Party may have access to the confidential information of the other party. For the purposes of this Agreement, \"Confidential Information\" means proprietary and confidential information about the Disclosing Party's (or it's suppliers') business or activities. Such information includes all business, financial, technical, and other information marked or designated by such Party as \"confidential\" or \"proprietary.\" Confidential Information also includes information which, by the nature of the circumstances surrounding the disclosure, ought in good faith to be treated as confidential. For the purposes of this Agreement, Confidential Information does not include: Information that is currently in the public domain or that enters the public domain after the signing of this Agreement. Information a Party lawfully receives from a third Party without restriction on disclosure and without breach of a non-disclosure obligation. Information that the Receiving Party knew prior to receiving any Confidential Information from the Disclosing Party. Information that the Receiving Party independently develops without reliance on any Confidential Information from the Disclosing Party. Each Party agrees that it will not disclose to any third Party or use any Confidential Information disclosed to it by the other Party except when expressly permitted in writing by the other Party. Each Party also agrees that it will take all reasonable measures to maintain the confidentiality of all Confidential Information of the other Party in its possession or control. TERM The term of this Agreement is [number] of [years/months] from the date of execution by both Parties. TITLE The Receiving Party agrees that all Confidential Information furnished by the Disclosing Party shall remain the sole property of the Disclosing Party. DISCLAIMER","Non Disclosure Agreement Nda","3","https://templates.business-in-a-box.com/imgs/1000px/non-disclosure-agreement-nda-D12692.png","https://templates.business-in-a-box.com/imgs/250px/12692.png","https://templates.business-in-a-box.com/svgs/docviewerWebApp1.html?v6#12692.xml",{"title":125,"description":6},"non disclosure agreement nda",[127,130],{"label":128,"url":129},"Legal Agreements","business-legal-agreements",{"label":131,"url":132},"Confidentiality Agreements","confidentiality-agreement","/template/non-disclosure-agreement-nda-D12692",{"description":135,"descriptionCustom":6,"label":136,"pages":137,"size":138,"extension":10,"preview":139,"thumb":140,"svgFrame":141,"seoMetadata":142,"parents":143,"keywords":147,"url":148},"INDEPENDENT CONTRACTOR AGREEMENT This Independent Contractor Agreement (\"Agreement\") is made and effective [Date], BETWEEN: [INDEPENDENT CONTRACTOR NAME] (the \"Independent Contractor\"), a company organized and existing under the laws of the [State/Province] of [STATE/PROVINCE], with its head office located at: [COMPLETE ADDRESS] AND: [YOUR COMPANY NAME] (the \"Company\"), a company organized and existing under the laws of the [State/Province] of [STATE/PROVINCE], with its head office located at: [YOUR COMPLETE ADDRESS] RECITALS Independent Contractor is engaged in providing [Describe] business services, its Employer Tax I.D. Number is [Insert], and its Business License Number is [insert]. Independent Contractor has complied with all Federal, State, and local laws regarding business permits, sales permits, licenses, reporting requirements, tax withholding requirements, and other legal requirements of any kind that may be required to carry out said business and the Scope of Work which is to be performed as an Independent Contractor pursuant to this Agreement. Independent Contractor is or remains open to conducting similar tasks or activities for clients other than the Company and holds themselves out to the public to be a separate business entity. Company desires to engage and contract for the services of the Independent Contractor to perform certain tasks as set forth below. Independent Contractor desires to enter into this Agreement and perform as an independent contractor for the company and is willing to do so on the terms and conditions set forth below. NOW, THEREFORE, in consideration of the above recitals and the mutual promises and conditions contained in this Agreement, the Parties agree as follows: TERMS This Agreement shall be effective commencing [Date], and shall continue until terminated at the completion of the Scope of Work which shall occur no later than [Date] or by either party as otherwise provided herein. STATUS OF INDEPENDENT CONTRACTOR This Agreement does not constitute a hiring by either party. It is the parties intentions that Independent Contractor shall have an independent contractor status and not be an employee for any purposes, including, but not limited to, [laws]. Independent Contractor shall retain sole and absolute discretion in the manner and means of carrying out their activities and responsibilities under this Agreement. This Agreement shall not be considered or construed to be a partnership or joint venture, and the Company shall not be liable for any obligations incurred by Independent Contractor unless specifically authorized in writing. Independent Contractor shall not act as an agent of the Company, ostensibly or otherwise, nor bind the Company in any manner, unless specifically authorized to do so in writing. TASKS, DUTIES, AND SCOPE OF WORK Independent Contractor agrees to devote as much time, attention, and energy as necessary to complete or achieve the following: [Describe]. The above to be referred to in this Agreement as the \"Scope of Work\". It is expected that the Scope of Work will completed by [Date]. Independent Contractor shall additionally perform any and all tasks and duties associated with the Scope of Work set forth above, including but not limited to, work being performed already or related change orders. Independent Contractor shall not be entitled to engage in any activities which are not expressly set forth by this Agreement. The books and records related to the Scope of Work set forth in this Agreement shall be maintained by the Independent Contractor at the Independent Contractor's principal place of business and open to inspection by Company during regular working hours. Documents to which Company will be entitled to inspect include, but are not limited to, any and all contract documents, change orders/purchase orders and work authorized by Independent Contractor or Company on existing or potential projects related to this Agreement. Independent Contractor shall be responsible to the management and directors of Company, but Independent Contractor will not be required to follow or establish a regular or daily work schedule. Supply all necessary equipment, materials and supplies. Independent Contractor will not rely on the equipment or offices of Company for completion of tasks and duties set forth pursuant to this Agreement. Any advice given Independent Contractors regarding the scope of work shall be considered a suggestion only, not an instruction. Company retains the right to inspect, stop, or alter the work of Independent Contractor to assure its conformity with this Agreement. ASSURANCE OF SERVICES Independent Contractor will assure that the following individuals (the \"Key Employees\") will be available to perform, and will perform, the Services hereunder until they are completed (identify by title and name as applicable): [Name of Key Employee, Title] [Name of Key Employee, Title] The Key Employees may be changed only with the prior written approval of the Company, which approval shall not be unreasonably withheld. COMPENSATION Independent Contractor shall be entitled to compensation for performing those tasks and duties related to the Scope of Work as follows: [Describe] Such compensation shall become due and payable to Independent Contractor in the following time, place, and manner: [Describe] NOTICE CONCERNING WITHHOLDING OF TAXES Independent Contractor recognizes and understands that it will receive a [specify tax] statement and related tax statements, and will be required to file corporate and/or individual tax returns and to pay taxes in accordance with all provisions of applicable Federal and State law. Independent Contractor hereby promises and agrees to indemnify the Company for any damages or expenses, including attorney's fees, and legal expenses, incurred by the Company as a result of independent contractor's failure to make such required payments. AGREEMENT TO WAIVE RIGHTS TO BENEFITS Independent Contractor hereby waives and foregoes the right to receive any benefits given by Company to its regular employees, including, but not limited to, health benefits, vacation and sick leave benefits, profit sharing plans, etc. This waiver is applicable to all non-salary benefits which might otherwise be found to accrue to the Independent Contractor by virtue of their services to Company, and is effective for the entire duration of Independent Contractor's agreement with Company. This waiver is effective independently of Independent Contractor's employment status as adjudged for taxation purposes or for any other purpose. Neither this Agreement, nor any duties or obligations under this Agreement may be assigned by either party without the consent of the other. TERMINATION This Agreement may be terminated prior to the completion or achievement of the Scope of Work by either party giving [number] days written notice. Such termination shall not prejudice any other remedy to which the terminating party may be entitled, either by law, in equity, or under this Agreement. NON-DISCLOSURE OF TRADE SECRETS, CUSTOMER LISTS AND OTHER PROPRIETARY INFORMATION Independent Contractor agrees not to disclose or communicate, in any manner, either during or after Independent Contractor's agreement with Company, information about Company, its operations, clientele, or any other information, that relate to the business of Company including, but not limited to, the names of its customers, its marketing strategies, operations, or any other information of any kind which would be deemed confidential, a trade secret, a customer list, or other form of proprietary information of Company. Independent Contractor acknowledges that the above information is material and confidential and that it affects the profitability of Company. ","Independent Contractor Agreement","6",62,"https://templates.business-in-a-box.com/imgs/1000px/independent-contractor-agreement-D160.png","https://templates.business-in-a-box.com/imgs/250px/160.png","https://templates.business-in-a-box.com/svgs/docviewerWebApp1.html?v6#160.xml",{"title":6,"description":6},[144],{"label":145,"url":146},"Consultant & Contractors","consulting-contractor-business","independent contractor agreement","/template/independent-contractor-agreement-D160",{"description":150,"descriptionCustom":6,"label":151,"pages":120,"size":9,"extension":10,"preview":152,"thumb":153,"svgFrame":154,"seoMetadata":155,"parents":157,"keywords":156,"url":160},"TECHNOLOGY POLICY INTENT The primary intent of this Policy is to increase protection of Technology Resources to assure the usability and availability of those resources to all users at [COMPANY NAME] (the \"Company\"). The Policy also addresses privacy and usage guidelines for those who access the Company's Technology Resources. SCOPE The Company recognizes the vital role technology plays in effecting Company business as well as the importance of protecting information in all forms. As more information is being used and shared in digital format by authorized users, the need for an increased effort to protect the information and the Technology Resources that support it, is felt by the Company, and hence this Policy. Since a limited amount of personal use of these facilities is permitted by the Company for users, including computers, printers, email, software and Internet access, therefore, it is essential that these facilities are used responsibly by users, as any abuse has the potential to disrupt Company business and interfere with the work and/or rights of other users. It is therefore expected of all users to exercise responsible and ethical behavior while using the Company's technology facilities. DEFINITION Information Technology. Information Technology Resources for the purposes of this Policy include but are not limited to the Company's owned or those used under license or contract, or those devices not owned by the Company but intentionally connected to the Company's owned Technology Resources such as computer hardware, printers, fax machines, voicemail, software, email and Internet and intranet access. User. Anyone who has access to Company's Technology Resources, including but not limited to, all employees, temporary employees, probationers, contractors, vendors, and suppliers. ACCESS CONTROL All the Company's computers that are either permanently or temporarily connected to the internal computer networks must have a password-based access control system. Regardless of the network connections, all computers handling confidential information must also employ appropriate password-based access control systems. All in-bound connections to the Company's computers from external networks must be protected with an approved password or ID access control system. Modems may only be used after receiving the written approval of the IT Head and must be turned off when not in use. All access control systems must utilize user-IDs, passwords, and privilege restrictions unique to each user. Users are prohibited from logging into any Company's system anonymously. To prevent unauthorized access, all vendor-supplied default passwords must be changed before use. Access to the server room is restricted with an RFID lock and only recognized IT staff or someone with due authorization from the IT Head is permitted to enter the room. Users shall not make copies of system configuration files (e.g., passwords) for their own, unauthorized personal use or to provide to other users for unauthorized uses.","Technology Policy","https://templates.business-in-a-box.com/imgs/1000px/technology-policy-D13285.png","https://templates.business-in-a-box.com/imgs/250px/13285.png","https://templates.business-in-a-box.com/svgs/docviewerWebApp1.html?v6#13285.xml",{"title":156,"description":6},"technology policy",[158,159],{"label":128,"url":129},{"label":128,"url":129},"/template/technology-policy-D13285",{"description":162,"descriptionCustom":6,"label":163,"pages":120,"size":9,"extension":10,"preview":164,"thumb":165,"svgFrame":166,"seoMetadata":167,"parents":169,"keywords":172,"url":173},"DATA BREACH RESPONSE & NOTIFICATION POLICY INTRODUCTION The Data Breach Response and Notification Policy of [COMPANY NAME] outlines the procedures and responsibilities for responding to data breaches and ensuring that affected individuals and regulatory authorities are promptly and accurately informed. This Policy is designed to minimize the impact of data breaches, protect sensitive information, and comply with applicable data protection laws and regulations. PURPOSE The purpose of this Policy is to: Establish a framework for detecting, assessing, and responding to data breaches. Define the process for notifying affected individuals, regulatory authorities, and other relevant parties. Ensure that data breaches are managed in a transparent, responsible, and compliant manner. DEFINITIONS Data Breach: The unauthorized access, acquisition, use, disclosure, or destruction of personal or sensitive information that compromises its security, confidentiality, or integrity. DATA BREACH RESPONSE TEAM [COMPANY NAME] will establish a Data Breach Response Team (DBRT) consisting of designated individuals responsible for managing data breaches. The DBRT may include representatives from IT, Legal, HR, and other relevant departments. DETECTION AND ASSESSMENT The DBRT will promptly investigate and assess suspected or confirmed data breaches to determine their scope, impact, and severity. The assessment will include identifying the type of data involved, the number of affected individuals, potential risks, and applicable data protection regulations. CONTAINMENT AND MITIGATION ","Data Breach Response and Notification Policy","https://templates.business-in-a-box.com/imgs/1000px/data-breach-response-and-notification-policy-D13650.png","https://templates.business-in-a-box.com/imgs/250px/13650.png","https://templates.business-in-a-box.com/svgs/docviewerWebApp1.html?v6#13650.xml",{"title":168,"description":6},"data breach response and notification policy",[170,171],{"label":18,"url":99},{"label":21,"url":101},"data breach response notification policy","/template/data-breach-response-and-notification-policy-D13650",true,{"seo":176,"reviewer":188,"quick_facts":192,"at_a_glance":195,"personas":199,"variants":224,"glossary":253,"sections":284,"how_to_fill":335,"common_mistakes":376,"faqs":401,"industries":429,"comparisons":454,"diy_vs_pro":467,"educational_modules":480,"related_template_ids_curated":483,"schema":493,"classification":494},{"meta_title":177,"meta_description":178,"primary_keyword":179,"secondary_keywords":180},"Acceptable Use Policy Template (Free Word)","Free Acceptable Use Policy template for businesses. Covers permitted use, prohibited conduct, security obligations, and enforcement. Used in 190+ countries. Free Word and PDF download.","acceptable use policy template",[181,182,183,184,185,186,187],"acceptable use policy template free","acceptable use policy template word","aup template","acceptable use policy example","internet acceptable use policy template","employee acceptable use policy","acceptable use policy download",{"name":189,"credential":190,"reviewed_date":191},"Bruno Goulet","CEO, Business in a Box","2026-05-02",{"difficulty":193,"legal_review_recommended":194,"signature_required":194},"medium",false,{"what_it_is":196,"when_you_need_it":197,"whats_inside":198},"An Acceptable Use Policy (AUP) is an operational document that defines the rules governing how employees, contractors, and authorized users may use an organization's IT systems, networks, devices, and data. This free Word download gives you a structured, editable starting point you can tailor to your organization's size and risk profile, then export as PDF for distribution or acknowledgment signing.\n","Use it when onboarding new employees or contractors who will access company systems, when deploying new technology infrastructure, or when an audit, cyber-insurance application, or compliance requirement demands a documented usage policy. It also provides the foundation for disciplinary action when a user misuses company resources.\n","Purpose and scope, definitions of covered systems and users, permitted and prohibited use rules, security and password obligations, monitoring and privacy notice, social media and communications guidelines, enforcement and consequences, and a user acknowledgment section.\n",[200,204,208,212,216,220],{"title":201,"use_case":202,"icon_asset_id":203},"IT managers","Establishing enforceable rules for employee device and network use","persona-it-manager",{"title":205,"use_case":206,"icon_asset_id":207},"HR managers","Incorporating usage rules into the onboarding process and employee handbook","persona-hr-manager",{"title":209,"use_case":210,"icon_asset_id":211},"Small business owners","Documenting technology rules without a dedicated IT or legal department","persona-small-business-owner",{"title":213,"use_case":214,"icon_asset_id":215},"Compliance officers","Meeting SOC 2, ISO 27001, or HIPAA documentation requirements","persona-compliance-officer",{"title":217,"use_case":218,"icon_asset_id":219},"Startup founders","Putting baseline IT governance in place before headcount scales","persona-startup-founder",{"title":221,"use_case":222,"icon_asset_id":223},"School and nonprofit administrators","Setting usage boundaries for shared networks, devices, and accounts","persona-nonprofit-exec",[225,229,233,237,241,245,249],{"situation":226,"recommended_template":227,"slug":228},"Policy covering employee use of company-owned devices and networks","Acceptable Use Policy (Employee)","acceptable-use-policy-D12622",{"situation":230,"recommended_template":231,"slug":232},"Policy for contractors and vendors accessing internal systems","Third-Party Access Policy","third-party-confidential-information-policy-D736",{"situation":234,"recommended_template":235,"slug":236},"Policy for end users of a SaaS platform or hosted service","Terms of Service","terms-of-service-agreement-D920",{"situation":238,"recommended_template":239,"slug":240},"Governing personal devices used for work (BYOD)","BYOD Policy","bring-your-own-device-policy-byod-D12626",{"situation":242,"recommended_template":243,"slug":244},"Setting rules for employee social media conduct","Social Media Policy","social-media-policy-D12688",{"situation":246,"recommended_template":247,"slug":248},"Protecting sensitive data accessed through company systems","Data Privacy Policy","data-privacy-policy-D13465",{"situation":250,"recommended_template":251,"slug":252},"Governing remote access to corporate network and VPN","Remote Work Policy","remote-work-agreement-D13282",[254,257,260,263,266,269,272,275,278,281],{"term":255,"definition":256},"Acceptable Use Policy (AUP)","A written set of rules specifying how an organization's IT systems, networks, and data may and may not be used by authorized individuals.",{"term":258,"definition":259},"Authorized User","Any employee, contractor, or third party who has been granted explicit permission to access the organization's IT systems or data.",{"term":261,"definition":262},"Company Systems","All hardware, software, networks, servers, cloud services, email accounts, and data storage owned, leased, or operated by the organization.",{"term":264,"definition":265},"Prohibited Conduct","A defined list of actions that authorized users are expressly forbidden from performing on company systems, such as installing unauthorized software or accessing illegal content.",{"term":267,"definition":268},"Monitoring","The organization's right to observe, log, and review activity on its systems and networks, including emails, browsing history, and file access.",{"term":270,"definition":271},"Data Classification","A system for labeling data by sensitivity level — typically public, internal, confidential, and restricted — to determine how it must be handled and protected.",{"term":273,"definition":274},"Incident","Any event that violates the AUP or poses a threat to the confidentiality, integrity, or availability of company systems or data.",{"term":276,"definition":277},"BYOD (Bring Your Own Device)","A policy arrangement allowing employees to use personal devices to access company systems, subject to specific security and usage conditions.",{"term":279,"definition":280},"Least Privilege","A security principle requiring that users are granted only the minimum level of system access necessary to perform their job duties.",{"term":282,"definition":283},"Social Engineering","A manipulation technique used by attackers to trick authorized users into revealing credentials or performing actions that compromise system security.",[285,290,295,300,305,310,315,320,325,330],{"name":286,"plain_english":287,"sample_language":288,"common_mistake":289},"Purpose and scope","States why the policy exists, which systems and data it covers, and which categories of users it applies to.","This Acceptable Use Policy applies to all employees, contractors, and authorized third parties of [COMPANY NAME] who access company-owned or company-managed systems, networks, devices, or data ('Company Systems'). The purpose of this Policy is to protect the security, integrity, and availability of Company Systems and to ensure lawful, ethical use.","Scoping the policy to 'employees only' — contractors and vendors who access your systems present the same risk exposure and must be explicitly included.",{"name":291,"plain_english":292,"sample_language":293,"common_mistake":294},"Definitions","Defines key terms — company systems, authorized user, confidential data, incident — so that every reader interprets the rules identically.","'Company Systems' means all hardware, software, networks, email platforms, cloud services, and data repositories owned, leased, or operated by [COMPANY NAME]. 'Authorized User' means any individual granted access by [IT DEPARTMENT / AUTHORIZED APPROVER].","Omitting a definitions section and relying on common understanding. Ambiguous terms like 'company devices' or 'business use' are interpreted differently by different users, making enforcement inconsistent.",{"name":296,"plain_english":297,"sample_language":298,"common_mistake":299},"Permitted use","Describes what employees and users are allowed to do on company systems — primarily business use, with any approved personal use clearly limited.","Authorized Users may use Company Systems for legitimate business purposes. Incidental personal use is permitted provided it does not interfere with job performance, consume excessive resources, or violate any provision of this Policy.","Banning all personal use without acknowledging that incidental use is inevitable. Absolute bans are widely disregarded and reduce the credibility of the entire policy.",{"name":301,"plain_english":302,"sample_language":303,"common_mistake":304},"Prohibited use","Lists specific actions that are expressly forbidden, including accessing illegal content, installing unauthorized software, sharing credentials, and circumventing security controls.","Authorized Users must not: (a) access, store, or transmit illegal, offensive, or discriminatory content; (b) install unauthorized software on Company Systems; (c) share login credentials with any other person; (d) attempt to bypass or disable security controls; or (e) use Company Systems for personal commercial activity.","Writing a vague catch-all like 'do not misuse company systems' without specific examples. Vague prohibitions are difficult to enforce and fail to put users on clear notice of what constitutes a violation.",{"name":306,"plain_english":307,"sample_language":308,"common_mistake":309},"Security and password obligations","Defines password standards, multi-factor authentication requirements, device locking rules, and the user's duty to report suspected incidents.","Users must maintain passwords of at least [12] characters combining upper and lower case letters, numbers, and symbols. Passwords must be changed every [90] days and must not be reused within [10] prior passwords. Users must enable multi-factor authentication on all accounts where available and must report any suspected compromise to [IT CONTACT] within [24] hours.","Setting password rules in the policy but failing to state the reporting obligation. Users who suspect a breach but don't know who to contact or how quickly to report cause far greater damage through delay.",{"name":311,"plain_english":312,"sample_language":313,"common_mistake":314},"Monitoring and privacy notice","Informs users that the organization has the right to monitor activity on its systems and that there is no expectation of privacy when using company resources.","[COMPANY NAME] reserves the right to monitor, access, review, and disclose any activity, communication, or data transmitted through or stored on Company Systems, without prior notice. Users have no expectation of privacy with respect to Company Systems, even when using them for incidental personal purposes.","Burying the monitoring notice in an appendix or omitting it entirely. In several jurisdictions, monitoring without prior notice can expose the organization to employee privacy claims even on company-owned systems.",{"name":316,"plain_english":317,"sample_language":318,"common_mistake":319},"Social media and external communications","Sets rules for what users may say about the company, clients, or colleagues on social media and in external communications conducted via company systems.","Users must not post confidential information, financial data, client details, or disparaging statements about [COMPANY NAME], its clients, or colleagues on any social media platform. Posts that identify the user as a [COMPANY NAME] employee must include a disclaimer that views expressed are personal.","Applying social media rules only to company accounts. The greater reputational and legal risk typically comes from employees posting on personal accounts in ways that reference their employer.",{"name":321,"plain_english":322,"sample_language":323,"common_mistake":324},"Data handling and classification","Requires users to handle data according to its classification level — restricting how confidential or regulated data is stored, shared, and transmitted.","Users must handle data in accordance with [COMPANY NAME]'s Data Classification Policy. Confidential data must not be stored on personal devices, transmitted via unencrypted channels, or shared with unauthorized parties. Regulated data (including [PII / PHI / PAYMENT CARD DATA]) is subject to additional handling requirements set out in Schedule [X].","Referencing a data classification system in the AUP without actually having one in place. Users cannot comply with classification rules that don't exist in a form they can access.",{"name":326,"plain_english":327,"sample_language":328,"common_mistake":329},"Enforcement and consequences","States that violations of the AUP may result in disciplinary action up to and including termination, and that criminal or civil referrals may follow where applicable.","Violations of this Policy may result in disciplinary action up to and including immediate termination of employment or engagement. Violations involving illegal activity, fraud, or theft may be referred to law enforcement or regulatory authorities. [COMPANY NAME] reserves the right to pursue civil remedies for damages arising from Policy violations.","Stating consequences vaguely as 'appropriate action.' Without specific language tying violations to the disciplinary policy, HR teams face pushback when attempting to terminate or sanction a user who claims the rules were unclear.",{"name":331,"plain_english":332,"sample_language":333,"common_mistake":334},"Acknowledgment and review","Requires users to sign or electronically confirm they have read and understood the policy, and states how often the policy will be reviewed and reissued.","By signing below [or clicking 'I Agree'], the Authorized User confirms they have read, understood, and agree to comply with this Acceptable Use Policy. This Policy will be reviewed at least annually and reissued to all Authorized Users upon material amendment. Last reviewed: [DATE].","Issuing the AUP without collecting signed acknowledgments. Without a record of receipt, the policy cannot reliably support disciplinary action or legal proceedings because the user can claim they never saw it.",[336,341,346,351,356,361,366,371],{"step":337,"title":338,"description":339,"tip":340},1,"Customize the scope and covered systems","Replace all instances of [COMPANY NAME] with your registered business name. Update the list of covered systems to reflect your actual infrastructure — include cloud platforms, mobile devices, VPN, and any third-party SaaS tools your users access.","If you use specific platforms (Microsoft 365, Google Workspace, Salesforce), name them explicitly in the scope. Ambiguity about what's covered is the most common enforcement gap.",{"step":342,"title":343,"description":344,"tip":345},2,"Set your password and authentication standards","Enter specific password length, complexity, and rotation requirements that match your current IT configuration. Enable the MFA requirement if you have it deployed, or set a target date for deployment.","Align password rules with your identity provider settings so the policy reflects actual system behavior — rules that conflict with what the system enforces create confusion.",{"step":347,"title":348,"description":349,"tip":350},3,"Define permitted and prohibited use for your context","Review the default prohibited-use list and add any industry-specific prohibitions — for example, healthcare organizations should add HIPAA-regulated data restrictions; financial services firms should add trading and client communication rules.","Limit the prohibited-use list to genuinely enforceable items. A list of 30 prohibitions that are never monitored or enforced trains users to ignore the whole policy.",{"step":352,"title":353,"description":354,"tip":355},4,"Insert your monitoring and privacy statement","Confirm your IT team's actual monitoring capabilities and update the monitoring section to reflect them accurately. Do not claim monitoring you cannot perform — overstating your capabilities creates legal and trust problems.","In jurisdictions with strong employee privacy laws (EU, UK, Canada), add a sentence confirming that monitoring is limited to business purposes and conducted in accordance with applicable law.",{"step":357,"title":358,"description":359,"tip":360},5,"Add data classification references","If your organization has a data classification policy, cross-reference it by name. If not, add a simple three-tier classification table (internal, confidential, restricted) directly in this section as a starting point.","Link the AUP to your incident response contacts so users know exactly who to call, not just that they need to report.",{"step":362,"title":363,"description":364,"tip":365},6,"Tailor the social media and communications section","Add any industry-specific communication prohibitions — regulated industries like finance or healthcare have strict rules about client communications and public statements. Include your specific social media disclaimer language.","Name the specific platforms you are most concerned about (LinkedIn, X/Twitter, Reddit) rather than using 'social media' as a catch-all — specificity improves compliance.",{"step":367,"title":368,"description":369,"tip":370},7,"Set the enforcement and disciplinary language","Cross-reference your HR disciplinary policy by name so the AUP and employee handbook are consistent. Confirm with HR that the consequence language aligns with your existing progressive discipline framework.","Include a sentence confirming that management is also subject to the policy — policies that appear to apply only to non-management staff undermine credibility.",{"step":372,"title":373,"description":374,"tip":375},8,"Collect acknowledgments and schedule an annual review","Distribute the finalized policy to all current users and collect signed or electronic acknowledgments before the effective date. Set a calendar reminder to review and re-issue the policy at least once per year.","Store acknowledgment records in your HR system alongside each user's start date so you can demonstrate compliance during audits or legal proceedings.",[377,381,385,389,393,397],{"mistake":378,"why_it_matters":379,"fix":380},"No signed acknowledgment from users","Without a record showing the user received and accepted the policy, it is difficult to sustain disciplinary action or legal claims — the user can simply deny ever seeing it.","Require every authorized user to sign or electronically acknowledge the AUP before being granted system access, and store the records in your HR system.",{"mistake":382,"why_it_matters":383,"fix":384},"Scoping the policy to employees only","Contractors, consultants, and vendors with system access pose the same security and compliance risk as employees but are excluded from enforcement if the policy doesn't explicitly cover them.","Update the scope section to include all authorized users — employees, contractors, vendors, and any other third party granted access to company systems.",{"mistake":386,"why_it_matters":387,"fix":388},"Vague prohibited-use language","Prohibitions like 'do not misuse company systems' are unenforceable because they give users no clear notice of what constitutes a violation — and HR teams no solid basis for discipline.","List specific prohibited actions with concrete examples, such as 'installing software not approved by IT' or 'transmitting confidential data via personal email accounts.'",{"mistake":390,"why_it_matters":391,"fix":392},"Omitting the monitoring and privacy notice","In several jurisdictions, monitoring employees without prior notice — even on company-owned systems — can expose the organization to privacy claims or render evidence obtained from monitoring inadmissible.","Include a clear, prominent monitoring notice stating that users have no expectation of privacy on company systems and that activity may be logged and reviewed at any time.",{"mistake":394,"why_it_matters":395,"fix":396},"Never reviewing or updating the policy","An AUP written before cloud adoption, remote work, or BYOD was common will have significant gaps. Outdated policies fail audits and leave new risk vectors completely unaddressed.","Schedule an annual review and assign a named owner (typically the IT manager or compliance officer) responsible for updating the policy and redistributing it to all users.",{"mistake":398,"why_it_matters":399,"fix":400},"Referencing policies or systems that do not exist","Citing a 'Data Classification Policy' or 'Incident Response Plan' that has never been written creates a compliance gap and undermines credibility if the AUP is ever scrutinized during an audit or legal proceeding.","Audit every cross-reference in the AUP before publication and either link to the existing document or remove the reference until the document exists.",[402,405,408,411,414,417,420,423,426],{"question":403,"answer":404},"What is an Acceptable Use Policy?","An Acceptable Use Policy (AUP) is a written document that sets rules governing how employees, contractors, and other authorized users may use an organization's IT systems, networks, devices, and data. It defines permitted and prohibited conduct, establishes security obligations, notifies users of monitoring, and states the consequences for violations. It is a foundational IT governance document for organizations of any size.\n",{"question":406,"answer":407},"Who needs an Acceptable Use Policy?","Any organization that provides employees, contractors, or third parties with access to its IT systems or data needs an AUP. This includes businesses of all sizes, schools, nonprofits, and government agencies. Organizations subject to compliance frameworks such as SOC 2, ISO 27001, HIPAA, or PCI DSS are typically required to have a documented AUP as part of their security control set.\n",{"question":409,"answer":410},"Is an Acceptable Use Policy legally binding?","An AUP is generally enforceable as a workplace policy when it is clearly written, distributed to all covered users, and accompanied by a signed or electronic acknowledgment. It is not a contract in the traditional sense, but it provides the documented basis for disciplinary action, termination, and in some cases civil or criminal referral when violations occur. Consider consulting an employment lawyer if you intend to rely on it in a termination proceeding in a heavily regulated jurisdiction.\n",{"question":412,"answer":413},"What is the difference between an Acceptable Use Policy and a Terms of Service?","An AUP governs internal users — employees and contractors — who access an organization's own IT systems. A Terms of Service (ToS) is an external-facing agreement between a business and its customers or end users governing use of the business's product or platform. The two documents serve different relationships and should not be substituted for one another.\n",{"question":415,"answer":416},"What should an Acceptable Use Policy include?","A complete AUP covers: purpose and scope, definitions of key terms, permitted use, prohibited use with specific examples, password and security obligations, monitoring and privacy notice, social media and external communications rules, data handling requirements, enforcement and disciplinary consequences, and a user acknowledgment section. Missing any of these creates enforcement gaps or compliance failures.\n",{"question":418,"answer":419},"How often should an Acceptable Use Policy be updated?","At minimum, review and update the AUP annually. Also update it whenever you introduce significant new technology (a new cloud platform, a BYOD program, a VPN), change your remote work arrangements, or face a new compliance requirement. After each update, redistribute the policy and collect fresh acknowledgments from all current users.\n",{"question":421,"answer":422},"Do employees have to sign the Acceptable Use Policy?","Yes — requiring a signed or electronic acknowledgment is strongly recommended. Without it, the organization cannot reliably demonstrate that a user was aware of the rules, which weakens the basis for disciplinary action and may limit legal remedies. Most organizations collect acknowledgment at onboarding and again after each material policy update.\n",{"question":424,"answer":425},"Can personal device use be covered by an Acceptable Use Policy?","Yes. Many AUPs include a BYOD (Bring Your Own Device) section or cross-reference a standalone BYOD policy. If employees use personal phones, laptops, or tablets to access company email, files, or systems, those activities should be governed by explicit rules — covering minimum security requirements, what data may be stored locally, and what happens to company data if the device is lost or the employee departs.\n",{"question":427,"answer":428},"Does an Acceptable Use Policy help with cyber insurance?","Yes. Most cyber insurance underwriters require applicants to demonstrate basic IT governance controls, and a documented, acknowledged AUP is typically one of the items on their checklist. An AUP that covers password requirements, monitoring, prohibited use, and incident reporting supports a stronger application and may reduce premium costs.\n",[430,434,438,442,446,450],{"industry":431,"icon_asset_id":432,"specifics":433},"Technology / SaaS","industry-saas","Source code repositories, cloud infrastructure access, API keys, and customer data handling require explicit rules beyond a generic AUP.",{"industry":435,"icon_asset_id":436,"specifics":437},"Healthcare","industry-healthtech","HIPAA requires covered entities to implement acceptable use controls for systems that store or transmit protected health information (PHI).",{"industry":439,"icon_asset_id":440,"specifics":441},"Financial Services","industry-fintech","SEC, FINRA, and PCI DSS frameworks mandate documented use policies covering trading systems, client data, and payment card environments.",{"industry":443,"icon_asset_id":444,"specifics":445},"Education","industry-education","Schools and universities must govern student and staff use of shared networks and devices, often with FERPA-compliant data handling obligations included.",{"industry":447,"icon_asset_id":448,"specifics":449},"Professional Services","industry-professional-services","Law firms, accountancies, and consultancies handle highly sensitive client data, making strict prohibitions on personal cloud storage and unauthorized sharing essential.",{"industry":451,"icon_asset_id":452,"specifics":453},"Manufacturing","industry-manufacturing","Operational technology (OT) and SCADA systems require separate or supplemental AUP sections, as misuse can affect physical production safety.",[455,459,462,465],{"vs":456,"vs_template_id":457,"summary":458},"IT Security Policy","D{IT_SECURITY_POLICY_ID}","An IT Security Policy defines the technical controls, configurations, and standards the organization implements to protect its systems — firewalls, encryption standards, patch management. An AUP governs user behavior on those systems. The two are complementary: the Security Policy governs what IT deploys; the AUP governs what users do. Both are needed for a complete security governance framework.",{"vs":247,"vs_template_id":460,"summary":461},"D{DATA_PRIVACY_POLICY_ID}","A Data Privacy Policy explains to customers and the public how the organization collects, uses, and protects personal data — it is typically an external-facing document. An AUP is internal-facing, governing how employees handle data. Organizations need both: the Privacy Policy satisfies GDPR, CCPA, and similar regulations; the AUP governs the employees responsible for honoring those commitments.",{"vs":90,"vs_template_id":463,"summary":464},"employee-handbook-D712","An Employee Handbook covers the full range of workplace policies — conduct, benefits, leave, performance. An AUP is a focused, standalone document covering IT and systems use specifically. Many organizations incorporate the AUP into the handbook by reference, but maintaining it as a separate document makes it easier to update when technology changes without triggering a full handbook revision.",{"vs":251,"vs_template_id":252,"summary":466},"A Remote Work Policy governs work arrangements — location, availability, equipment provision, and home office standards. An AUP governs system and data use regardless of where the user is located. Remote work increases the risk of policy gaps; organizations with distributed teams should have both documents in place and ensure the AUP explicitly addresses home network and personal device use.",{"use_template":468,"template_plus_review":472,"custom_drafted":476},{"best_for":469,"cost":470,"time":471},"Small to mid-sized businesses establishing baseline IT governance without a dedicated compliance team","Free","1–2 hours to customize and distribute",{"best_for":473,"cost":474,"time":475},"Organizations in regulated industries or those completing a SOC 2, ISO 27001, or cyber insurance application","$200–$800 for an IT consultant or compliance advisor review","2–5 business days",{"best_for":477,"cost":478,"time":479},"Enterprises with complex infrastructure, multi-jurisdiction operations, or industry-specific regulatory obligations such as HIPAA or PCI DSS","$1,500–$5,000+ for legal and IT security counsel","2–4 weeks",[481,482],"it-governance-basics-for-small-business","how-to-build-an-information-security-policy-set",[463,252,484,485,486,487,488,240,489,490,491,492],"non-disclosure-agreement-nda-D12692","independent-contractor-agreement-D160","technology-policy-D13285","data-breach-response-and-notification-policy-D13650","social-media-policy-D13220","cyber-security-policy-D12867","password-policy-D13563","incident-response-plan-D13714","employee-non-disclosure-agreement-D538",{"emit_how_to":174,"emit_defined_term":174},{"primary_folder":495,"secondary_folder":496,"document_type":497,"industry":498,"business_stage":499,"tags":500,"confidence":506},"software-technology","cybersecurity-policies","policy","general","all-stages",[501,502,503,504,505],"compliance","data-protection","acceptable-use-policy","it-policy","employee-conduct",0.95,"\u003Ch2>What is an Acceptable Use Policy?\u003C/h2>\n\u003Cp>An \u003Cstrong>Acceptable Use Policy (AUP)\u003C/strong> is an operational document that defines the rules governing how employees, contractors, and other authorized users may use an organization's IT systems, networks, devices, and data. It specifies what constitutes permitted use, lists prohibited conduct with concrete examples, establishes security and password obligations, notifies users that activity on company systems may be monitored, and states the disciplinary consequences for violations. Unlike a technical security policy that governs what IT deploys, an AUP governs what people do — making it the behavioral layer of any information security program. This free Word download is editable online and can be exported as PDF for distribution and signed acknowledgment collection.\u003C/p>\n\u003Ch2>Why You Need This Document\u003C/h2>\n\u003Cp>Without a documented Acceptable Use Policy, your organization has no enforceable basis for disciplining an employee who installs malware, leaks confidential data through a personal email account, or posts sensitive client information on social media. The absence of a policy doesn't prevent bad behavior — it just prevents you from acting on it decisively. Beyond internal discipline, an AUP is a concrete requirement for SOC 2 audits, ISO 27001 certification, HIPAA compliance, and most cyber insurance applications; missing it can block certification, increase premiums, or trigger findings during a regulatory review. For organizations deploying remote workers or BYOD arrangements, the risk is amplified further — users on home networks accessing company data need explicit rules about what they can store, share, and install. This template gives you a complete, structured starting point you can customize in under two hours, distribute to your entire workforce, and maintain as your technology environment evolves.\u003C/p>\n",1781185940387]