[{"data":1,"prerenderedAt":489},["ShallowReactive",2],{"document-ai-acceptable-use-policy-D13900":3},{"document":4,"label":23,"preview":11,"thumb":24,"description":5,"descriptionCustom":6,"apiDescription":5,"pages":8,"extension":10,"parents":25,"breadcrumb":29,"related":37,"customDescModule":171,"customdescription":6,"mdFm":172,"mdProseHtml":488},{"description":5,"descriptionCustom":6,"label":7,"pages":8,"size":9,"extension":10,"preview":11,"thumb":12,"svgFrame":13,"seoMetadata":14,"parents":16,"keywords":15},"AI ACCEPTABLE USE POLICY PURPOSE The purpose of this AI Acceptable Use Policy at [YOUR ORGANIZATION NAME] is to establish guidelines for the ethical, responsible, and lawful use of artificial intelligence (AI) technologies within the organization. This Policy aims to ensure that AI systems are used in a manner that aligns with our values, respects privacy and human rights, and complies with applicable laws and regulations. SCOPE This Policy applies to all employees, contractors, volunteers, and other personnel at [YOUR ORGANIZATION NAME] who use or interact with AI technologies, including but not limited to machine learning models, automated decision-making systems, natural language processing tools, and any other AI-powered applications or platforms. POLICY PRINCIPLES Ethical Use: AI technologies must be used in ways that respect human dignity, rights, and freedoms. The organization is committed to ensuring that AI is used ethically and does not perpetuate harm, bias, or discrimination. Transparency: The use of AI must be transparent to the extent possible, ensuring that individuals affected by AI systems understand how decisions are made and can request explanations when appropriate. Accountability: The organization will hold itself accountable for the decisions and actions taken by AI systems and will establish clear lines of responsibility for managing and overseeing AI technologies. Privacy and Security: AI systems must be designed and operated in a manner that protects the privacy and security of personal and sensitive data. Data used in AI systems should be anonymized or encrypted wherever feasible. Compliance: All use of AI must comply with relevant laws, regulations, and standards, including those related to data protection, discrimination, and intellectual property. ACCEPTABLE USE Authorized Use: AI technologies may only be used for purposes that are consistent with the organization's mission and values. Unauthorized use of AI systems is prohibited. Data Integrity: Employees must ensure that the data used to train or operate AI systems is accurate, relevant, and free from bias. Data should be regularly reviewed and updated to maintain its integrity. Human Oversight: AI systems should be designed to complement human decision-making, not replace it. Critical decisions, particularly those affecting individuals' rights or well-being, should involve human oversight. Bias Mitigation: Employees must take proactive steps to identify, assess, and mitigate bias in AI systems. This includes regularly testing AI models for fairness and accuracy. Feedback and Improvement: Users of AI technologies are encouraged to provide feedback on their performance and report any issues or concerns. Continual improvement processes should be in place to refine and enhance AI systems over time. PROHIBITED USE ",null,"AI Acceptable Use Policy","3",513,"doc","https://templates.business-in-a-box.com/imgs/1000px/ai-acceptable-use-policy-D13900.png","https://templates.business-in-a-box.com/imgs/250px/13900.png","https://templates.business-in-a-box.com/svgs/docviewerWebApp1.html?v6#13900.xml",{"title":15,"description":6},"ai acceptable use policy",[17,20],{"label":18,"url":19},"Business Plan Kit","/templates/business-plan-kit/",{"label":21,"url":22},"Board of Directors","/templates/board-of-directors/","AI Acceptable Use Policy Template","https://templates.business-in-a-box.com/imgs/400px/13900.png",[26,17,20],{"label":27,"url":28},"Templates","/templates/",[30,31,34],{"label":27,"url":28},{"label":32,"url":33},"Software & Technology","/templates/software-technology/",{"label":35,"url":36},"Cybersecurity Policies","/templates/cybersecurity-policies/",[38,42,46,50,54,58,62,66,70,74,78,82,86,103,119,133,145,158],{"label":39,"url":40,"thumb":41,"extension":10},"Acceptable Use Policy","/template/acceptable-use-policy-D12622","https://templates.business-in-a-box.com/imgs/250px/12622.png",{"label":43,"url":44,"thumb":45,"extension":10},"IT Acceptable Use Policy","/template/it-acceptable-use-policy-D13720","https://templates.business-in-a-box.com/imgs/250px/13720.png",{"label":47,"url":48,"thumb":49,"extension":10},"AI Policy","/template/ai-policy-D13598","https://templates.business-in-a-box.com/imgs/250px/13598.png",{"label":51,"url":52,"thumb":53,"extension":10},"How To Use AI For Business","/template/how-to-use-ai-for-business-D13352","https://templates.business-in-a-box.com/imgs/250px/13352.png",{"label":55,"url":56,"thumb":57,"extension":10},"Computer Use Policy","/template/computer-use-policy-D705","https://templates.business-in-a-box.com/imgs/250px/705.png",{"label":59,"url":60,"thumb":61,"extension":10},"Corporate Social Media Use Policy","/template/corporate-social-media-use-policy-D13636","https://templates.business-in-a-box.com/imgs/250px/13636.png",{"label":63,"url":64,"thumb":65,"extension":10},"Term Of Use","/template/term-of-use-D12706","https://templates.business-in-a-box.com/imgs/250px/12706.png",{"label":67,"url":68,"thumb":69,"extension":10},"AI Side Hustle Handbook","/template/ai-side-hustle-handbook-D13870","https://templates.business-in-a-box.com/imgs/250px/13870.png",{"label":71,"url":72,"thumb":73,"extension":10},"Business Use Case","/template/business-use-case-D13509","https://templates.business-in-a-box.com/imgs/250px/13509.png",{"label":75,"url":76,"thumb":77,"extension":10},"Equipment Use Agreement","/template/equipment-use-agreement-D12844","https://templates.business-in-a-box.com/imgs/250px/12844.png",{"label":79,"url":80,"thumb":81,"extension":10},"License to Use Agreement","/template/license-to-use-agreement-D1149","https://templates.business-in-a-box.com/imgs/250px/1149.png",{"label":83,"url":84,"thumb":85,"extension":10},"Vehicle Use Agreement","/template/vehicle-use-agreement-D13798","https://templates.business-in-a-box.com/imgs/250px/13798.png",{"description":87,"descriptionCustom":6,"label":88,"pages":89,"size":9,"extension":10,"preview":90,"thumb":91,"svgFrame":92,"seoMetadata":93,"parents":95,"keywords":94,"url":102},"REMOTE WORK AGREEMENT This Remote Work Agreement (the \"Agreement\") is effective [DATE], BETWEEN: [NAME OF THE EMPLOYER], (the \"Employer\" or \"Company\"), a Company organized and existing under the laws of the [State/Province] of [STATE/PROVINCE], with its head office located at: [COMPLETE ADDRESS] AND: [NAME OF THE EMPLOYEE], (the \"Employee\"), an individual with their main address located at: [COMPLETE ADDRESS] Collectively, the Employer and the Employee shall be referred to as the \"Parties.\" WHEREAS, the Company has made an offer to the Employee to work remotely in the capacity of [JOB TITLE] at the Company; NOW THEREFORE in consideration and as a condition of the Parties entering into this Agreement and other valuable considerations, the receipt and sufficiency of which consideration is acknowledged, the Parties agree as follows: APPOINTMENT The Company hereby offers the Employee appointment, and the Employee agrees to serve the Company to work remotely in the capacity of [JOB TITLE] as of [DATE] (the \"Effective Date\"). PROBATION PERIOD The Employee will be on a Probation Period for a period of [MONTHS/DAYS]. The Employee's confirmation as a permanent employee is subject to the Employee making a positive contribution to the Company and is further subject to meeting certain standards and qualifying criteria during the Probation Period. PLACE OF WORK The Employee shall perform their duties at the location of their choice. The Employee will report to the [SPECIFY THE DESIGNATION] on a needs basis in the following manner: [SPECIFY THE MANNER OF COMMUNICATION]. REMOTE WORK While working remotely, the Employee will remain accessible during the remote work. The Employee will check in with the supervisor to discuss status and open issues and be available for video/teleconferences, scheduled on an as-needed basis. The Employee will take rest and meal breaks while working remotely in full compliance with all applicable policies or collective bargaining agreements, and request supervisor approval to use vacation or sick leave. To ensure that the Employee's performance will not suffer in a remote work arrangement, the Employee is advised to choose a quiet and distraction-free working space, have an internet connection that is adequate for their job and dedicate their full attention to their job duties during working hours. Equipment. The Company will provide the Employee with equipment that is essential to their job duties, like laptops and headsets. The Employee will install VPN and company-required software when the Employee receives their equipment. The Employee must keep their equipment password protected, follow all data encryption, protection standards and settings, and refrain from downloading suspicious, unauthorized or illegal software. NOTICE PERIOD During the Probation Period, if the Employee's performance is found to be unsatisfactory or if it does not meet the prescribed criteria, the Employee's employment can be terminated by the Company with [NUMBER OF DAYS] day's notice or salary thereof. The Employee will be required to give [NUMBER OF MONTHS] months' notice or salary thereof in case the Employee decides to leave the Company. DUTIES The Employee shall perform all such duties as may be delegated by the Company and comply with all such directions as the Managing Director and/or his/her nominated deputies may from time to time assign or give to the Employee. [SPECIFY DUTIES] WORKING HOURS The total working hours will be [SPECIFY HOURS] hours on Mondays to Saturdays. It is expected that the Employee will be flexible with the working hours and work such additional hours as might be necessary to efficiently perform duties under this Agreement. The Company reserves the right to change the working days and the working hours. The Employee shall be entitled to leave and holidays as per the Leave Policy of the Company. In the event the Employee is absent from work and unable to perform duties satisfactorily by reason of any injury, illness or other reason acceptable to the Company, the Employee will be entitled to receive salary and other benefits for up to [NUMBER OF DAYS] consecutive working days during any such absence, within a period of 12 consecutive months. REMUNERATION The Employee's starting total monthly gross salary and during the Probation Period will be as per details in the annexure, hereinafter known as Exhibit A. Any bonus is subject to review in accordance with the Company's practice and policies from time to time, however, there shall be no obligation on the Company to increase the salary or award bonuses at any point of time, save and except at its sole discretion. The Company shall pay or refund or procure to be paid or refunded all reasonable travelling and other similar out of pocket expenses necessarily and incurred by the Employee wholly in the proper performance of duties, subject to production by the Employee of such evidence of the expenses as the Company may reasonably require. The Employee will be required to fill in the claims forms in which the Employee shall provide the correct information of the expenses incurred. CONFIDENTIALITY AND INTELLECTUAL PROPERTY If at any time during the Employee's employment under this Agreement, the Employee participates in the making or discovery of any Intellectual Property directly or indirectly relating to or capable of being used by the Company, full details of the Intellectual Property shall immediately be disclosed in writing by the Employee to the Company and the Intellectual Property shall be the absolute property of the Company. At the request and expense of the Company, the Employee shall give and supply all such information, data, drawings, and assistance as may be necessary or in the opinion of the Company desirable to enable the Company to exploit the Intellectual Property to the best advantage as decided by the Company. The Employee shall execute all documents and do all things which may, in the opinion of the Company, be necessary or desirable for obtaining copyright, design or other protection for the Intellectual Property and for vesting the same in the Company, as the Company may direct. As Confidential Information will from time to time become known to the Employee, the Company considers and the Employee agrees that the restraints set forth in this Agreement are necessary for the reasonable protection by the Company of its business or the business of the Group, the clients thereof or their respective affairs. The Employee shall not at any time, either during the continuance of or after the termination of Employment with the Company, use, disclose or communicate to any person whatsoever any Confidential Information which the Employee has or of which he may have become possessed during employment with the Company nor shall he supply the names or addresses of any clients, customers, vendors or agents of the Company or any company of the Group to any person except as authorised by the Company or as ordered by a court of competent jurisdiction. The Employee consents to the Company holding and processing, both electronically and manually, the data it collects relating to the Employee in the course of employment, for the purpose of the Company's administration and management of its employees, its business and to comply with applicable procedures, laws and regulations. ","Remote Work Agreement","8","https://templates.business-in-a-box.com/imgs/1000px/remote-work-agreement-D13282.png","https://templates.business-in-a-box.com/imgs/250px/13282.png","https://templates.business-in-a-box.com/svgs/docviewerWebApp1.html?v6#13282.xml",{"title":94,"description":6},"remote work agreement",[96,99],{"label":97,"url":98},"Human Resources","human-resources",{"label":100,"url":101},"Company Policies","company-policies","/template/remote-work-agreement-D13282",{"description":104,"descriptionCustom":6,"label":105,"pages":8,"size":9,"extension":10,"preview":106,"thumb":107,"svgFrame":108,"seoMetadata":109,"parents":111,"keywords":110,"url":118},"NON-DISCLOSURE AGREEMENT (NDA) This Non-Disclosure Agreement (the \"Agreement\") is made and effective [DATE], BETWEEN: [YOUR COMPANY NAME] (the \"Disclosing Party\"), a corporation organized and existing under the laws of the [State/Province] of [STATE/PROVINCE], with its head office located at: [YOUR COMPLETE ADDRESS] AND: [RECEIVING PARTY NAME] (the \"Receiving Party\"), an individual with his main address located at OR a corporation organized and existing under the laws of the [State/Province] of [STATE/PROVINCE], with its head office located at: [COMPLETE ADDRESS] WHEREAS, Receiving Party has been or will be engaged in the performance of work on [DESCRIBE]; and in connection therewith will be given access to certain confidential and proprietary information; and WHEREAS, Receiving Party and Disclosing Party wish to evidence by this Agreement the manner in which said confidential and proprietary material will be treated. NOW, THEREFORE, it is agreed as follows: NON-DISCLOSURE OF CONFIDENTIAL INFORMATION Both Parties understand and agree that each Party may have access to the confidential information of the other party. For the purposes of this Agreement, \"Confidential Information\" means proprietary and confidential information about the Disclosing Party's (or it's suppliers') business or activities. Such information includes all business, financial, technical, and other information marked or designated by such Party as \"confidential\" or \"proprietary.\" Confidential Information also includes information which, by the nature of the circumstances surrounding the disclosure, ought in good faith to be treated as confidential. For the purposes of this Agreement, Confidential Information does not include: Information that is currently in the public domain or that enters the public domain after the signing of this Agreement. Information a Party lawfully receives from a third Party without restriction on disclosure and without breach of a non-disclosure obligation. Information that the Receiving Party knew prior to receiving any Confidential Information from the Disclosing Party. Information that the Receiving Party independently develops without reliance on any Confidential Information from the Disclosing Party. Each Party agrees that it will not disclose to any third Party or use any Confidential Information disclosed to it by the other Party except when expressly permitted in writing by the other Party. Each Party also agrees that it will take all reasonable measures to maintain the confidentiality of all Confidential Information of the other Party in its possession or control. TERM The term of this Agreement is [number] of [years/months] from the date of execution by both Parties. TITLE The Receiving Party agrees that all Confidential Information furnished by the Disclosing Party shall remain the sole property of the Disclosing Party. DISCLAIMER","Non Disclosure Agreement Nda","https://templates.business-in-a-box.com/imgs/1000px/non-disclosure-agreement-nda-D12692.png","https://templates.business-in-a-box.com/imgs/250px/12692.png","https://templates.business-in-a-box.com/svgs/docviewerWebApp1.html?v6#12692.xml",{"title":110,"description":6},"non disclosure agreement nda",[112,115],{"label":113,"url":114},"Legal Agreements","business-legal-agreements",{"label":116,"url":117},"Confidentiality Agreements","confidentiality-agreement","/template/non-disclosure-agreement-nda-D12692",{"description":120,"descriptionCustom":6,"label":121,"pages":122,"size":123,"extension":10,"preview":124,"thumb":125,"svgFrame":126,"seoMetadata":127,"parents":128,"keywords":131,"url":132},"Employee Handbook Understanding employment at [YOUR COMPANY NAME] Revised on [DATE] Prepared By: [YOUR NAME] [YOUR JOB TITLE] Phone 555.555.5555 Email info@yourbusiness.com www.yourbusiness.com Table of Content Table of Content 2 Welcome to [YOUR COMPANY NAME]! 5 1. Organization Description 6 1.1 Introductory Statement 6 1.2 Customer Relations 6 1.3 Products and Services Provided 7 1.4 Facilities and Location(s) 7 1.5 The History of [YOUR COMPANY NAME] 7 1.6 Management Philosophy 7 1.7 Goals 8 2. The Employment 9 2.1 Nature of Employment 9 2.2 Employee Relations 9 2.3 Equal Employment Opportunity 10 2.4 Diversity 10 2.5 Business Ethics and Conduct 12 2.6 Personal Relationships in the Workplace 13 2.7 Conflicts of Interest 13 2.8 Outside Employment 14 2.9 Non-Disclosure 15 2.10 Disability Accommodation 16 2.11 Job Posting and Employee Referrals 17 2.12 Whistleblower Policy 18 2.13 Accident and First Aid 20 3. Employment Status and Records 21 3.1 Employment Categories 21 3.2 Access to Personnel Files 22 3.3 Personnel Data Changes 23 3.4 Probation Period 23 3.5 Employment Applications 24 3.6 Performance Evaluation 24 3.7 Job Descriptions 25 3.8 Salary Administration 25 3.9 Professional Development 26 4. Employee Benefit Programs 27 4.1 Employee Benefits 27 4.2 Vacation Benefits 27 4.3 Military Service Leave 29 4.4 Religious Observance 29 4.5 Holidays 29 4.6 Workers Insurance 30 4.7 Sick Leave Benefits 31 4.8 Bereavement Leave 32 4.9 Relocation Benefits 33 4.10 Educational Assistance 33 4.11 Health Insurance 34 4.12 Life Insurance 35 4.13 Long Term Disability 35 4.14 Marriage, Maternity and Parental Leave 36 5. Timekeeping / Payroll 40 5.1 Timekeeping 40 5.2 Paydays 40 5.3 Employment Termination 41 5.4 Administrative Pay Corrections 42 6. Work Conditions and Hours 43 6.1 Work Schedules 43 6.2 Absences 43 6.3 Jury Duty 45 6.4 Use of Phone and Mail Systems 45 6.5 Smoking 46 6.6 Meal Periods 46 6.7 Overtime 46 6.8 Use of Equipment 47 6.9 Telecommuting 47 6.10 Emergency Closing 48 6.11 Business Travel Expenses 49 6.12 Visitors in the Workplace 51 6.13 Computer and Email Usage 51 6.14 Internet Usage 52 6.15 Workplace Monitoring 54 6.16 Workplace Violence Prevention 55 7. Employee Conduct & Disciplinary Action 57 7.1 Employee Conduct and Work Rules 57 7.2 Sexual and Other Unlawful Harassment 58 7.3 Attendance and Punctuality 60 7.4 Personal Appearance 60 7.5 Return of Property 61 7.6 Resignation and Retirement 61 7.7 Security Inspections 62 7.8 Progressive Discipline 62 7.9 Problem Resolution 64 7.10 Workplace Etiquette 65 7.11 Suggestion Program 67 Acknowledgement of Receipt 68 Welcome to [YOUR COMPANY NAME]! On behalf of your colleagues, we welcome you to [YOUR COMPANY NAME] and wish you every success here. At [YOUR COMPANY NAME], we believe that each employee contributes directly to the growth and success of the company, and we hope you will take pride in being a member of our team. This handbook was developed to describe some of the expectations of our employees and to outline the policies, programs, and benefits available to eligible employees. Employees should become familiar with the contents of the employee handbook as soon as possible, for it will answer many questions about employment with [YOUR COMPANY NAME]. We believe that professional relationships are easier when all employees are aware of the culture and values of the organization. This guide will help you to better understand our vision for the future of our business and the challenges that are ahead. We hope that your experience here will be challenging, enjoyable, and rewarding. Again, welcome! [PRESIDENT NAME] President & CEO 1. Organization Description 1.1 Introductory Statement This handbook is designed to acquaint you with [YOUR COMPANY NAME] and provide you with information about working conditions, employee benefits, and some of the policies affecting your employment. You should read, understand, and comply with all provisions of the handbook. It describes many of your responsibilities as an employee and outlines the programs developed by [YOUR COMPANY NAME] to benefit employees. One of our objectives is to provide a work environment that is conducive to both personal and professional growth. No employee handbook can anticipate every circumstance or question about policy. As [YOUR COMPANY NAME] continues to grow, the need may arise and [YOUR COMPANY NAME] reserves the right to revise, supplement, or rescind any policies or portion of the handbook from time to time as it deems appropriate, in its sole and absolute discretion. Employees will be notified of such changes to the handbook as they occur. 1.2 Customer Relations Customers are among our organization's most valuable assets. Every employee represents [YOUR COMPANY NAME] to our customers and the public. The way we do our jobs presents an image of our entire organization. Customers judge all of us by how they are treated with each employee contact. Therefore, one of our first business priorities is to assist any customer or potential customer. Nothing is more important than being courteous, friendly, helpful, and prompt in the attention you give to customers. [YOUR COMPANY NAME] will provide customer relations and services training to all employees with extensive customer contact. Customers who wish to lodge specific comments or complaints should be directed to the [TITLE AND NAME OF THE PERSON RESPONSIBLE] for appropriate action. Our personal contact with the public, our manners on the telephone, and the communications we send to customers are a reflection not only of ourselves, but also of the professionalism of [YOUR COMPANY NAME]. Positive customer relations not only enhance the public's perception or image of [YOUR COMPANY NAME], but also pay off in greater customer loyalty and increased sales and profit. 1.3 Products and Services Provided You will find more information about our products and services by reading the [YOUR COMPANY NAME] Corporate Brochures. 1.4 Facilities and Location(s) Head Office: [ADDRESS] [CITY], [STATE] [ZIP/POSTAL CODE] [COUNTRY] 1.5 The History of [YOUR COMPANY NAME] [DESCRIBE THE HISTORY OF YOUR COMPANY HERE] 1.6 Management Philosophy [YOUR COMPANY NAME] management philosophy is based on responsibility and mutual respect. Our wishes are to maintain a work environment that fosters on personal and professional growth for all employees. Maintaining such an environment is the responsibility of every staff person. Because of their role, managers and supervisors have the additional responsibility to lead in a manner which fosters an environment of respect for each person. People who come to [YOUR COMPANY NAME] want to work here because we have created an environment that encourages creativity and achievement. [YOUR COMPANY NAME] aims to become a leader in [DESCRIBE YOUR COMPANY'S FIELD OF EXPERTISE]. The mainstay of our strategy will be to offer a level of client focus that is superior to that offered by our competitors. To help achieve this objective, [YOUR COMPANY NAME] seeks to attract highly motivated individuals that want to work as a team and share in the commitment, responsibility, risk taking, and discipline required to achieve our vision. Part of attracting these special individuals will be to build a culture that promotes both uniqueness and a bias for action. While we will be realistic in setting goals and expectations, [YOUR COMPANY NAME] will also be aggressive in reaching its objectives. This success will in turn enable [YOUR COMPANY NAME] to give its employees above average compensation and innovative benefits or rewards, key elements in helping us maintain our leadership position in the worldwide marketplace. 1.7 Goals [DESCRIBE YOUR COMPANY'S GOALS HERE] 2. The Employment 2","Employee Handbook","34",280,"https://templates.business-in-a-box.com/imgs/1000px/employee-handbook-D712.png","https://templates.business-in-a-box.com/imgs/250px/712.png","https://templates.business-in-a-box.com/svgs/docviewerWebApp1.html?v6#712.xml",{"title":6,"description":6},[129,130],{"label":97,"url":98},{"label":100,"url":101},"employee handbook","/template/employee-handbook-D712",{"description":134,"descriptionCustom":6,"label":135,"pages":8,"size":9,"extension":10,"preview":136,"thumb":137,"svgFrame":138,"seoMetadata":139,"parents":141,"keywords":140,"url":144},"TECHNOLOGY POLICY INTENT The primary intent of this Policy is to increase protection of Technology Resources to assure the usability and availability of those resources to all users at [COMPANY NAME] (the \"Company\"). The Policy also addresses privacy and usage guidelines for those who access the Company's Technology Resources. SCOPE The Company recognizes the vital role technology plays in effecting Company business as well as the importance of protecting information in all forms. As more information is being used and shared in digital format by authorized users, the need for an increased effort to protect the information and the Technology Resources that support it, is felt by the Company, and hence this Policy. Since a limited amount of personal use of these facilities is permitted by the Company for users, including computers, printers, email, software and Internet access, therefore, it is essential that these facilities are used responsibly by users, as any abuse has the potential to disrupt Company business and interfere with the work and/or rights of other users. It is therefore expected of all users to exercise responsible and ethical behavior while using the Company's technology facilities. DEFINITION Information Technology. Information Technology Resources for the purposes of this Policy include but are not limited to the Company's owned or those used under license or contract, or those devices not owned by the Company but intentionally connected to the Company's owned Technology Resources such as computer hardware, printers, fax machines, voicemail, software, email and Internet and intranet access. User. Anyone who has access to Company's Technology Resources, including but not limited to, all employees, temporary employees, probationers, contractors, vendors, and suppliers. ACCESS CONTROL All the Company's computers that are either permanently or temporarily connected to the internal computer networks must have a password-based access control system. Regardless of the network connections, all computers handling confidential information must also employ appropriate password-based access control systems. All in-bound connections to the Company's computers from external networks must be protected with an approved password or ID access control system. Modems may only be used after receiving the written approval of the IT Head and must be turned off when not in use. All access control systems must utilize user-IDs, passwords, and privilege restrictions unique to each user. Users are prohibited from logging into any Company's system anonymously. To prevent unauthorized access, all vendor-supplied default passwords must be changed before use. Access to the server room is restricted with an RFID lock and only recognized IT staff or someone with due authorization from the IT Head is permitted to enter the room. Users shall not make copies of system configuration files (e.g., passwords) for their own, unauthorized personal use or to provide to other users for unauthorized uses.","Technology Policy","https://templates.business-in-a-box.com/imgs/1000px/technology-policy-D13285.png","https://templates.business-in-a-box.com/imgs/250px/13285.png","https://templates.business-in-a-box.com/svgs/docviewerWebApp1.html?v6#13285.xml",{"title":140,"description":6},"technology policy",[142,143],{"label":113,"url":114},{"label":113,"url":114},"/template/technology-policy-D13285",{"description":146,"descriptionCustom":6,"label":147,"pages":8,"size":9,"extension":10,"preview":148,"thumb":149,"svgFrame":150,"seoMetadata":151,"parents":153,"keywords":156,"url":157},"DATA BREACH RESPONSE & NOTIFICATION POLICY INTRODUCTION The Data Breach Response and Notification Policy of [COMPANY NAME] outlines the procedures and responsibilities for responding to data breaches and ensuring that affected individuals and regulatory authorities are promptly and accurately informed. This Policy is designed to minimize the impact of data breaches, protect sensitive information, and comply with applicable data protection laws and regulations. PURPOSE The purpose of this Policy is to: Establish a framework for detecting, assessing, and responding to data breaches. Define the process for notifying affected individuals, regulatory authorities, and other relevant parties. Ensure that data breaches are managed in a transparent, responsible, and compliant manner. DEFINITIONS Data Breach: The unauthorized access, acquisition, use, disclosure, or destruction of personal or sensitive information that compromises its security, confidentiality, or integrity. DATA BREACH RESPONSE TEAM [COMPANY NAME] will establish a Data Breach Response Team (DBRT) consisting of designated individuals responsible for managing data breaches. The DBRT may include representatives from IT, Legal, HR, and other relevant departments. DETECTION AND ASSESSMENT The DBRT will promptly investigate and assess suspected or confirmed data breaches to determine their scope, impact, and severity. The assessment will include identifying the type of data involved, the number of affected individuals, potential risks, and applicable data protection regulations. CONTAINMENT AND MITIGATION ","Data Breach Response and Notification Policy","https://templates.business-in-a-box.com/imgs/1000px/data-breach-response-and-notification-policy-D13650.png","https://templates.business-in-a-box.com/imgs/250px/13650.png","https://templates.business-in-a-box.com/svgs/docviewerWebApp1.html?v6#13650.xml",{"title":152,"description":6},"data breach response and notification policy",[154,155],{"label":97,"url":98},{"label":100,"url":101},"data breach response notification policy","/template/data-breach-response-and-notification-policy-D13650",{"description":159,"descriptionCustom":6,"label":160,"pages":161,"size":9,"extension":10,"preview":162,"thumb":163,"svgFrame":164,"seoMetadata":165,"parents":167,"keywords":166,"url":170},"SOCIAL MEDIA POLICY PURPOSE [COMPANY NAME] recognizes that technology provides unique opportunities to build our business, listen, learn and engage with consumers, stakeholders and employees through the use of a wide variety of Social Media. However, how we use social media and what we say also has the potential to affect [COMPANY NAME]'s reputation and/or expose the Company (and each of us) to business or legal risk. Whilst we recognize the benefits which may be gained from appropriate use of social media, it is also important to be aware that it poses significant risks to our business. These risks include disclosure of confidential information and intellectual property, damage to our reputation and the risk of legal claims. Therefore, every employee has a personal responsibility to be familiar with and comply with [COMPANY NAME]'s overall Social Media Policy. This policy is designed to reflect our purpose, values and principles, our business conduct manual, and legal requirements. Because we use social media in a variety of ways, there are more specific expectations that may apply to your activities. SCOPE This policy covers all forms of social media, including Facebook, Instagram, LinkedIn, Twitter, Google+ Wikipedia, other social networking sites, and other internet postings, including blogs. It applies to the use of social media for both business and personal purposes, during working hours and in your own time to the extent that it may affect the business of the company. The policy applies both when the social media is accessed using our information systems and also when access using equipment or software belonging to employees or others. It also covers all employees and also others including consultants, contractors, and casual and agency staff. Breach of this policy may result in disciplinary action up to and including dismissal. Any misuse of social media should be reported to [SPECIFY]. Questions regarding the content or application of this policy should be directed to [SPECIFY]]. POLICY STATEMENT Although many users may consider their personal comments posted on social media or discussions on social networking sites to be private, these communications are frequently available to a larger audience than the author may realize. As a result, any online communication that directly or indirectly refers to [COMPANY NAME], our products and services, team members or other work-related issues, has the potential to damage [COMPANY NAME]'s reputation or interests. When participating in social media in a personal capacity, employees must: Not disclose [COMPANY NAME]'s confidential information, proprietary or sensitive information. Information is considered confidential when it is not readily available to the public. The majority of information used throughout [COMPANY NAME] is confidential. If you are in doubt about whether information is confidential, refer to the [COMPANY NAME] [EMPLOYEE HANDBOOK/CODE OF CONDUCT] and/or ask your manager before disclosing any information. Not use the [COMPANY NAME] logo or company branding on any social media platform without prior approval from [SPECIFY]; Not communicate anything that might damage [COMPANY NAME]'s reputation, brand image, commercial interests, or the confidence of our customers; Not represent or communicate on behalf of [COMPANY NAME] in the public domain without prior approval from [SPECIFY]; Not post any material that would directly or indirectly defame, harass, discriminate against or bully any [COMPANY NAME] team member, supplier or customer; Ensure, when identifying themselves (or when they may be identified) as a [COMPANY NAME] team member, that their social media communications are lawful and Comply with [COMPANY NAME]'s policies and procedures RESPONSIBLE USE OF SOCIA MEDIA Employee must not use social media in a way that might breach any of our policies, any express or implied contractual obligations, legislation, or regulatory requirements. In particular, use of social media must comply with: The Anti-Bullying and Sexual Harassment Policies Rules of relevant regulatory bodies; Contractual confidentiality requirements;","Social Media Policy","4","https://templates.business-in-a-box.com/imgs/1000px/social-media-policy-D12688.png","https://templates.business-in-a-box.com/imgs/250px/12688.png","https://templates.business-in-a-box.com/svgs/docviewerWebApp1.html?v6#12688.xml",{"title":166,"description":6},"social media policy",[168,169],{"label":97,"url":98},{"label":100,"url":101},"/template/social-media-policy-D12688",false,{"seo":173,"reviewer":185,"legal_disclaimer":171,"quick_facts":189,"at_a_glance":191,"personas":195,"variants":220,"glossary":246,"sections":280,"how_to_fill":326,"common_mistakes":362,"faqs":379,"industries":407,"comparisons":432,"diy_vs_pro":446,"educational_modules":459,"related_template_ids_curated":462,"schema":473,"classification":475},{"meta_title":174,"meta_description":175,"primary_keyword":176,"secondary_keywords":177},"AI Acceptable Use Policy Template | Free Word Download","Free AI acceptable use policy template for businesses. Defines approved AI tools, data handling rules, prohibited uses, and employee accountability.","ai acceptable use policy template",[178,179,180,181,182,183,184],"artificial intelligence acceptable use policy","ai policy template for business","ai use policy template word","ai acceptable use policy free download","employee ai usage policy","generative ai policy template","workplace ai policy",{"name":186,"credential":187,"reviewed_date":188},"Bruno Goulet","CEO, Business in a Box","2026-05-02",{"difficulty":190,"legal_review_recommended":171,"signature_required":171},"medium",{"what_it_is":192,"when_you_need_it":193,"whats_inside":194},"An AI Acceptable Use Policy is an internal governance document that defines which AI tools employees may use, under what conditions, and what behaviors are strictly prohibited. This free Word download gives you a structured, editable starting point covering approved tools, data classification rules, prohibited use cases, accountability, and enforcement — ready to adapt to your organization's size and risk profile.\n","Use it when employees are already using AI tools on company systems or when you want to get ahead of ungoverned adoption before it creates data, legal, or reputational exposure. It is also required by several enterprise vendor contracts and cyber insurance providers.\n","Purpose and scope, approved and prohibited AI tools, data handling and confidentiality rules, output review requirements, accountability and oversight roles, training obligations, and a compliance and enforcement section with a documented acknowledgment for employee sign-off.\n",[196,200,204,208,212,216],{"title":197,"use_case":198,"icon_asset_id":199},"HR and people operations managers","Setting clear employee expectations for AI tool use before issues arise","persona-hr-manager",{"title":201,"use_case":202,"icon_asset_id":203},"IT and security managers","Governing which AI platforms connect to company data and systems","persona-it-manager",{"title":205,"use_case":206,"icon_asset_id":207},"Small business owners","Establishing a baseline AI governance policy without a dedicated legal team","persona-small-business-owner",{"title":209,"use_case":210,"icon_asset_id":211},"Compliance and legal officers","Reducing liability from unauthorized AI use involving confidential or regulated data","persona-compliance-officer",{"title":213,"use_case":214,"icon_asset_id":215},"Operations directors","Standardizing AI tool adoption across departments to ensure consistent quality and risk controls","persona-operations-director",{"title":217,"use_case":218,"icon_asset_id":219},"Startup founders","Putting AI governance in place before onboarding the first non-technical employees","persona-startup-founder",[221,224,228,232,235,239,243],{"situation":222,"recommended_template":7,"slug":223},"Governing general employee use of consumer and enterprise AI tools","ai-acceptable-use-policy-D13900",{"situation":225,"recommended_template":226,"slug":227},"Managing how developers and engineers build AI into products","AI Development Policy","ai-policy-D13598",{"situation":229,"recommended_template":230,"slug":231},"Controlling how employees handle and share data with third-party systems","Data Handling and Classification Policy","data-classification-policy-D13828",{"situation":233,"recommended_template":43,"slug":234},"Setting rules for all technology tools, not just AI","it-acceptable-use-policy-D13720",{"situation":236,"recommended_template":237,"slug":238},"Addressing confidentiality obligations for remote and hybrid employees","Remote Work Policy","remote-work-agreement-D13282",{"situation":240,"recommended_template":241,"slug":242},"Establishing broad employee conduct standards including digital tools","Employee Code of Conduct","code-of-conduct-D13318",{"situation":244,"recommended_template":160,"slug":245},"Covering social media and online content creation using AI","social-media-policy-D12688",[247,250,253,256,259,262,265,268,271,274,277],{"term":248,"definition":249},"Generative AI","AI systems that produce text, images, code, audio, or other content in response to a user prompt — including tools like ChatGPT, Copilot, and Gemini.",{"term":251,"definition":252},"Large Language Model (LLM)","A type of AI model trained on large text datasets that can generate, summarize, translate, and analyze language at scale.",{"term":254,"definition":255},"Prompt","The input — text, image, or data — that a user submits to an AI tool to generate a response or output.",{"term":257,"definition":258},"Data classification","A framework that labels data by sensitivity level — typically public, internal, confidential, and restricted — to determine how it may be handled and shared.",{"term":260,"definition":261},"AI hallucination","When an AI model generates factually incorrect, fabricated, or nonsensical output presented as if it were accurate — a known limitation of current LLMs.",{"term":263,"definition":264},"Shadow AI","The use of AI tools by employees without IT knowledge or approval, creating ungoverned data and security exposure.",{"term":266,"definition":267},"Output review","The process of a human employee verifying AI-generated content for accuracy, bias, and appropriateness before it is used or published.",{"term":269,"definition":270},"Approved tool list","An IT-vetted register of AI platforms employees are permitted to use for work purposes, with defined conditions of use for each.",{"term":272,"definition":273},"Intellectual property (IP) contamination","The risk that AI-generated content incorporates third-party copyrighted material in ways that expose the organization to infringement claims.",{"term":275,"definition":276},"Zero-data-retention","A contractual setting available with some enterprise AI platforms that prevents the vendor from storing or training on submitted data.",{"term":278,"definition":279},"AI governance","The policies, roles, processes, and controls an organization uses to manage the responsible adoption and use of AI tools.",[281,286,291,296,301,306,311,316,321],{"name":282,"plain_english":283,"sample_language":284,"common_mistake":285},"Purpose and scope","States why the policy exists, which employees and contractors it applies to, and which AI tools and use cases fall within its boundaries.","This policy governs the use of artificial intelligence tools by all employees, contractors, and third parties acting on behalf of [COMPANY NAME]. It applies to any AI tool used to perform work-related tasks, whether accessed on company or personal devices.","Limiting scope to company-owned devices only. Employees routinely use personal phones and laptops for work — excluding personal devices creates an enforcement gap that defeats the policy.",{"name":287,"plain_english":288,"sample_language":289,"common_mistake":290},"Definitions","Establishes clear, agreed meanings for key terms — AI tool, generative AI, confidential data, approved tool, output — so the rest of the policy is unambiguous.","'AI Tool' means any software application or service that uses machine learning or generative AI to produce, analyze, summarize, or transform content, including but not limited to [LIST OF TOOLS]. 'Confidential Data' has the meaning assigned in the Company's Data Classification Policy.","Defining terms so broadly that the policy inadvertently covers spell-checkers and search autocomplete. Scope definitions should focus on tools that process or generate substantive business content.",{"name":292,"plain_english":293,"sample_language":294,"common_mistake":295},"Approved AI tools","Lists the specific AI platforms employees are permitted to use for work, including any conditions — enterprise licensing, zero-data-retention settings, or departmental restrictions.","Employees may use the following AI tools for work purposes: [TOOL NAME] (licensed version, enterprise plan with data retention disabled), [TOOL NAME] (approved for [DEPARTMENT] use only). Use of any AI tool not on this list requires prior written approval from [IT/COMPLIANCE CONTACT].","Publishing a static approved list with no review cycle. AI tools change their data handling terms frequently — an unreviewed list can quietly become outdated within 90 days.",{"name":297,"plain_english":298,"sample_language":299,"common_mistake":300},"Prohibited uses","Explicitly lists what employees must never do with AI tools — including submitting confidential data to unapproved platforms, generating discriminatory content, fabricating citations, and bypassing access controls.","Employees are prohibited from: (a) entering [COMPANY NAME] confidential information, client data, or personally identifiable information into any AI tool not on the approved list; (b) using AI to generate content that misrepresents facts, fabricates sources, or impersonates individuals; (c) using AI output in regulated filings without human review and attestation.","Listing vague prohibitions like 'do not misuse AI.' Effective prohibited-use clauses name specific behaviors and their consequences so employees have no ambiguity about what crosses the line.",{"name":302,"plain_english":303,"sample_language":304,"common_mistake":305},"Data handling and confidentiality","Defines which data classifications may be submitted to AI tools, which are off-limits, and what to do when you are unsure of a data classification.","Employees may submit data classified as Public or Internal to approved AI tools. Data classified as Confidential or Restricted — including client records, financial data, source code, and PII — must not be entered into any AI tool without explicit written approval from [DATA OWNER / IT SECURITY].","Assuming employees know how to classify data without training. This section is only enforceable if it references a data classification framework that employees have actually been trained on.",{"name":307,"plain_english":308,"sample_language":309,"common_mistake":310},"Output review and accountability","Requires employees to verify AI-generated content for accuracy, bias, and compliance before use, and confirms that the employee — not the AI — is accountable for the output.","All AI-generated content used for business purposes must be reviewed and verified by the employee before submission or publication. The employee who submits or publishes AI-assisted content is fully accountable for its accuracy, appropriateness, and compliance with applicable policies and laws.","Omitting this section entirely. Without an explicit output-review requirement, employees can claim the AI told them to — shifting accountability away from the person who submitted the content.",{"name":312,"plain_english":313,"sample_language":314,"common_mistake":315},"Intellectual property and copyright","Addresses IP ownership of AI-generated work product, the risk of third-party copyright in AI outputs, and the prohibition on using AI to reproduce proprietary content without a license.","Employees must not submit third-party copyrighted material to AI tools without a valid license. AI-generated content produced using company-approved tools in the course of employment is considered work product of [COMPANY NAME], subject to legal review where IP ownership is material to the business outcome.","Treating AI-generated content as automatically owned by the company without any caveats. Current copyright law in most jurisdictions does not extend protection to purely AI-generated works — this section should acknowledge the legal uncertainty.",{"name":317,"plain_english":318,"sample_language":319,"common_mistake":320},"Training and awareness","Sets out the minimum training requirements for employees before using approved AI tools, including how often refresher training is required.","All employees must complete the Company's AI Acceptable Use training module before using any approved AI tool for work purposes. Training must be refreshed annually or when a material change to this policy is made. Completion records will be maintained by [HR / COMPLIANCE].","Mandating training without tracking completion. A policy that requires training but has no completion records provides no protection in an audit or regulatory inquiry.",{"name":322,"plain_english":323,"sample_language":324,"common_mistake":325},"Compliance, enforcement, and review","Describes how violations are handled, who is responsible for policy enforcement, and how often the policy is reviewed and updated.","Violations of this policy may result in disciplinary action up to and including termination, consistent with the Company's disciplinary procedures. This policy will be reviewed at minimum annually and updated to reflect changes in AI technology, applicable law, and company risk tolerance. Policy owner: [ROLE / DEPARTMENT].","Setting a review cycle of 'annually' without a named owner. Without an accountable person tied to the review date, the policy becomes stale and unenforceable within 12–18 months.",[327,332,337,342,347,352,357],{"step":328,"title":329,"description":330,"tip":331},1,"Define your scope and covered personnel","Identify whether the policy applies to full-time employees only, or also to contractors, freelancers, and third-party vendors. Specify whether it covers personal devices used for work.","Err toward broad scope — it is easier to carve out exceptions later than to close gaps after an incident.",{"step":333,"title":334,"description":335,"tip":336},2,"Audit current AI tool usage across the organization","Survey department heads to identify every AI tool currently in use, sanctioned or not. This audit becomes the starting point for your approved tool list and informs the prohibited-use section.","Most companies discover 3–5x more AI tools in use than IT is aware of — this is the shadow AI problem the policy is designed to solve.",{"step":338,"title":339,"description":340,"tip":341},3,"Build and publish your approved tool list","For each approved tool, document the licensing tier (free vs. enterprise), data retention settings, and any department or use-case restrictions. Attach the list as a schedule to the policy.","Enterprise plans with zero-data-retention enabled are significantly safer for confidential work — confirm this setting is active before listing a tool as approved.",{"step":343,"title":344,"description":345,"tip":346},4,"Map prohibited uses to your data classification framework","Align the prohibited-use section with your existing data classification tiers. If you do not have a classification framework, use a simple three-tier model: public, internal, and confidential.","Naming specific data types — client records, source code, payroll data, PII — is more effective than abstract categories.",{"step":348,"title":349,"description":350,"tip":351},5,"Draft the output review requirement with named accountability","State clearly that the submitting employee is accountable for AI-generated content. Specify any high-risk output categories — regulatory filings, client-facing documents, medical or legal advice — that require a second reviewer.","For regulated industries, name the specific role responsible for second-level review rather than leaving it to manager discretion.",{"step":353,"title":354,"description":355,"tip":356},6,"Set training requirements and assign a policy owner","Choose the delivery format for AI use training (e-learning module, live session, or video), set the completion deadline, and assign a named role as policy owner responsible for annual review.","Tie training completion to onboarding for new hires — this is far easier than chasing completion from existing staff retroactively.",{"step":358,"title":359,"description":360,"tip":361},7,"Distribute for employee acknowledgment","Send the finalized policy to all covered personnel with a written acknowledgment form or a digital signature request. Store acknowledgment records alongside the employee file.","Use a time-stamped digital acknowledgment rather than email confirmation — it is much easier to demonstrate compliance in an audit or dispute.",[363,367,371,375],{"mistake":364,"why_it_matters":365,"fix":366},"Scoping the policy to company devices only","Employees access AI tools on personal phones and home laptops constantly. Excluding personal devices means the policy doesn't govern the majority of actual AI use.","Extend scope to any device used to perform work-related tasks, with a carve-out for purely personal use unconnected to company work.",{"mistake":368,"why_it_matters":369,"fix":370},"Publishing a static approved tool list with no review date","AI vendors update data handling terms, introduce new features, and change ownership frequently — a 12-month-old approved list may contain tools that no longer meet your security requirements.","Assign a named owner to review the approved tool list at least quarterly and update the policy schedule when tools are added or removed.",{"mistake":372,"why_it_matters":373,"fix":374},"Omitting an output review and accountability clause","Without it, employees treat AI output as inherently authoritative, skipping verification steps that would catch hallucinations, bias, and confidential data leakage.","Include an explicit clause confirming the submitting employee is accountable for all AI-assisted content, regardless of which tool produced it.",{"mistake":376,"why_it_matters":377,"fix":378},"Using vague prohibited-use language","Phrases like 'do not misuse AI tools' give employees no actionable guidance and provide no basis for disciplinary action when a violation occurs.","List specific prohibited behaviors — entering client PII into unapproved tools, generating content that impersonates individuals, fabricating citations in client deliverables — with explicit consequences.",[380,383,386,389,392,395,398,401,404],{"question":381,"answer":382},"What is an AI acceptable use policy?","An AI acceptable use policy is an internal governance document that defines which AI tools employees may use for work, under what conditions, and what uses are prohibited. It covers approved platforms, data handling rules, output review requirements, IP considerations, and enforcement procedures. It is typically part of a broader IT or information security policy framework.\n",{"question":384,"answer":385},"Why do businesses need an AI acceptable use policy?","Without a formal policy, employees adopt AI tools independently — submitting confidential data to unapproved platforms, publishing unverified AI-generated content, and creating legal and reputational exposure the organization is unaware of. A documented policy creates a governance baseline, supports cyber insurance requirements, and gives HR a defensible basis for addressing violations.\n",{"question":387,"answer":388},"What should an AI acceptable use policy include?","At minimum: purpose and scope, definitions of key terms, an approved tool list with conditions of use, a prohibited-use section with specific examples, data handling and classification rules, an output review and accountability clause, IP and copyright guidance, training requirements, and a compliance and enforcement section with a named policy owner and review cycle.\n",{"question":390,"answer":391},"How often should an AI acceptable use policy be updated?","At minimum annually, but given the pace of AI development, a quarterly review of the approved tool list is more practical. The full policy should also be reviewed whenever a significant new AI regulation takes effect, a major vendor changes their data handling terms, or the organization adopts a new AI platform with material data exposure.\n",{"question":393,"answer":394},"Can employees use free consumer AI tools like ChatGPT for work?","That depends on your policy. Free consumer tiers of most AI tools use submitted data to train their models by default — this creates data leakage risk for any confidential content. Most corporate policies restrict free consumer tiers and require enterprise plans with zero-data-retention enabled for any work involving internal or confidential data. Some organizations ban free tiers entirely for work purposes.\n",{"question":396,"answer":397},"Who is responsible for content produced by an AI tool?","The employee who submits the prompt and uses the output is responsible — not the AI and not the vendor. AI tools are instruments, not authors. An AI acceptable use policy should state this explicitly and require employees to review, verify, and attest to the accuracy of any AI-assisted content before it is submitted or published.\n",{"question":399,"answer":400},"Does an AI acceptable use policy need to be signed by employees?","A formal signature is not legally required in most jurisdictions for a workplace policy to be enforceable, but obtaining a written or digital acknowledgment is strongly recommended. Acknowledgment records allow HR to demonstrate that an employee was aware of the policy when investigating a violation, and they support disciplinary decisions if challenged.\n",{"question":402,"answer":403},"How does an AI acceptable use policy relate to data privacy law?","Submitting personal data — employee records, customer PII, health data — to an AI tool without a proper data processing agreement can violate GDPR, CCPA, HIPAA, and similar regulations. An AI acceptable use policy should align with your data privacy framework by prohibiting the entry of regulated data categories into unapproved tools and requiring vendor data processing agreements before any regulated data is processed by an external AI platform.\n",{"question":405,"answer":406},"What is shadow AI, and how does this policy address it?","Shadow AI refers to the use of AI tools by employees without IT knowledge or approval — the AI equivalent of shadow IT. An acceptable use policy addresses it by defining a clear approved tool list, requiring employees to seek approval before using unlisted tools, and establishing enforcement consequences for unauthorized use. Regular IT audits of browser extensions and SaaS subscriptions also help surface shadow AI adoption.\n",[408,412,416,420,424,428],{"industry":409,"icon_asset_id":410,"specifics":411},"Financial services","industry-fintech","Strict controls on submitting client financial data and trading information to external AI tools, aligned with SEC, FINRA, and GDPR data handling obligations.",{"industry":413,"icon_asset_id":414,"specifics":415},"Healthcare","industry-healthtech","Prohibition on entering PHI into any AI tool not covered by a signed HIPAA Business Associate Agreement, with mandatory output review for any clinical or administrative AI use.",{"industry":417,"icon_asset_id":418,"specifics":419},"Legal and professional services","industry-professional-services","Confidentiality obligations under professional conduct rules require explicit restrictions on submitting client matter details to public AI platforms, with approved tools limited to those with contractual confidentiality protections.",{"industry":421,"icon_asset_id":422,"specifics":423},"Education","industry-education","Policies must address student data privacy under FERPA and COPPA, prohibit AI use in assessment contexts that violate academic integrity rules, and govern staff use of AI in curriculum development.",{"industry":425,"icon_asset_id":426,"specifics":427},"Technology / SaaS","industry-saas","Source code and proprietary algorithm inputs to public AI tools create IP contamination risk — policies typically prohibit submitting unpublished code to tools with model-training data retention enabled.",{"industry":429,"icon_asset_id":430,"specifics":431},"Manufacturing","industry-manufacturing","Trade secret and process IP protection requires restricting AI access to design files, formulations, and production specifications, with approved tools limited to on-premise or private cloud deployments.",[433,436,440,443],{"vs":43,"vs_template_id":434,"summary":435},"D{IT_AUP_ID}","An IT acceptable use policy governs all technology tools and systems — email, internet, devices, and software broadly. An AI acceptable use policy is a focused supplement that addresses the specific risks of AI tools: data submission to external models, AI hallucinations, IP contamination, and output accountability. Most organizations need both, with the AI policy either standalone or as an addendum to the IT policy.",{"vs":437,"vs_template_id":438,"summary":439},"Data Handling and Privacy Policy","D{DATA_PRIVACY_ID}","A data handling policy defines how all personal and confidential data is collected, stored, and shared across the business. An AI acceptable use policy applies those data classification rules specifically to AI tool interactions. The two documents should cross-reference each other — the AI policy tells employees which data they may submit to AI tools; the data policy defines what those classification tiers mean.",{"vs":241,"vs_template_id":441,"summary":442},"D{CODE_OF_CONDUCT_ID}","A code of conduct sets broad behavioral standards for employees across all work activities — ethics, conflicts of interest, and professional conduct. An AI acceptable use policy is a technical governance document focused on a specific category of tools. The code of conduct may reference the AI policy for AI-related conduct expectations, but cannot substitute for the operational specificity the AI policy provides.",{"vs":226,"vs_template_id":444,"summary":445},"D{AI_DEV_POLICY_ID}","An AI development policy governs how engineers and product teams build AI into products and services — covering model selection, training data, bias testing, and deployment standards. An AI acceptable use policy governs how all employees use existing AI tools in their daily work. Organizations building AI products typically need both: the use policy for all staff and the development policy for technical teams.",{"use_template":447,"template_plus_review":451,"custom_drafted":455},{"best_for":448,"cost":449,"time":450},"Small and mid-sized businesses establishing a baseline AI governance policy for the first time","Free","2–4 hours to customize and distribute",{"best_for":452,"cost":453,"time":454},"Organizations in regulated industries, or those processing significant volumes of personal or client data with AI tools","$300–$800 for a legal or compliance advisor review","3–5 business days",{"best_for":456,"cost":457,"time":458},"Enterprises with complex AI deployments, multi-jurisdiction data obligations, or cyber insurance requirements mandating specific policy language","$1,500–$5,000+","2–4 weeks",[460,461],"ai-governance-basics-for-business","data-classification-for-non-technical-teams",[238,463,464,465,466,245,467,468,469,470,471,472],"non-disclosure-agreement-nda-D12692","employee-handbook-D712","technology-policy-D13285","data-breach-response-and-notification-policy-D13650","cyber-security-policy-D12867","intellectual-property-infringement-reporting-policy-D13717","data-privacy-policy-D13465","bring-your-own-device-policy-byod-D12626","vendor-management-policy-D12802","risk-management-plan-D13391",{"emit_how_to":474,"emit_defined_term":474},true,{"primary_folder":476,"secondary_folder":477,"document_type":478,"industry":479,"business_stage":480,"tags":481,"confidence":487},"software-technology","cybersecurity-policies","policy","general","all-stages",[482,483,484,485,486],"data-protection","compliance","ai-policy","acceptable-use-policy","employee-guidelines",0.92,"\u003Ch2>What is an AI Acceptable Use Policy?\u003C/h2>\n\u003Cp>An \u003Cstrong>AI Acceptable Use Policy\u003C/strong> is an internal governance document that defines which artificial intelligence tools employees are permitted to use for work, what data they may submit to those tools, and what behaviors are prohibited. It covers approved platforms, data handling rules, output review and accountability requirements, intellectual property considerations, and enforcement procedures. As generative AI tools become standard in day-to-day workflows, this policy functions as the operational rulebook that keeps adoption from outpacing the organization's risk controls — replacing informal norms with documented, enforceable standards.\u003C/p>\n\u003Ch2>Why You Need This Document\u003C/h2>\n\u003Cp>Every day without an AI acceptable use policy, employees are making independent decisions about which AI tools to use and what data to submit — including client records, source code, financial data, and personal information. Those decisions create data leakage, IP contamination, and regulatory exposure that the organization often does not discover until after the damage is done. Cyber insurers are increasingly requiring documented AI governance as a condition of coverage, and enterprise clients routinely audit vendor AI policies before signing contracts. Without this document, you have no defensible basis for disciplinary action when a violation occurs, no compliance record to present to auditors, and no consistent standard to train employees against. This template gives you a structured, immediately usable policy you can adapt to your organization in a matter of hours — closing the governance gap before it becomes a liability.\u003C/p>\n",1779808952428]