Free Word download β’ Edit online β’ Save & share with Drive β’ Export to PDF
A Code of Conduct is a formal policy document that defines the behavioral standards, ethical principles, and professional expectations an organization requires of every employee, contractor, and representative acting on its behalf. It translates company values into specific, observable rules β covering how people treat each other, how they handle confidential information, how they manage conflicts of interest, and what reporting and disciplinary mechanisms exist when standards are breached. Unlike a general culture statement, a code of conduct creates a documented baseline that can be consistently applied, enforced, and pointed to in any dispute or investigation.
Operating without a written code of conduct leaves your organization exposed on multiple fronts simultaneously. When a harassment complaint surfaces with no policy in place, the company has no standard to point to, no documented reporting process, and no grounds for disciplinary action β which dramatically increases legal liability and settlement risk. Without a conflicts-of-interest section, employees can act against the company's interests without technically violating any stated rule. Without a reporting mechanism, misconduct goes unreported until it escalates into a lawsuit, regulatory inquiry, or public incident. A clearly written, properly distributed code of conduct closes those gaps, demonstrates good-faith governance to investors and regulators, and gives HR the authority to act decisively when situations arise. This template gives you a complete, customizable foundation you can adapt and distribute in hours rather than weeks.
| If your situation is⦠| Use this template |
|---|---|
| Setting conduct standards for all employees company-wide | Employee Code of Conduct |
| Establishing ethics standards for board members and executives | Board Code of Ethics |
| Governing behavior of external vendors and suppliers | Supplier Code of Conduct |
| Setting standards for an open-source or online community | Community Code of Conduct |
| Documenting anti-harassment policy as a standalone document | Anti-Harassment Policy |
| Communicating company values and culture at a high level | Company Values Statement |
| Defining acceptable use of company technology and devices | IT Acceptable Use Policy |
Why it matters: Misconduct by a contractor who was never given or asked to sign the code still carries reputational and legal risk for the company. Courts and regulators rarely accept 'they weren't an employee' as a defense.
Fix: State in the scope section that the code applies to all individuals acting on the company's behalf, and require vendors and contractors to acknowledge it as a condition of engagement.
Why it matters: In a harassment or termination dispute, failure to produce a signed acknowledgment within hours can undermine your position β even if the employee did sign.
Fix: Store acknowledgment records digitally in your HRIS or document management system, indexed by employee name and date, with a completion-rate dashboard visible to HR.
Why it matters: Language promising three warnings before termination can legally bind the employer, making it impossible to terminate immediately after a serious incident like fraud or violence.
Fix: Use permissive language throughout: 'may include' and 'up to and including termination.' Reserve explicit zero-tolerance language for the specific violations that warrant it.
Why it matters: Abstract values like 'integrity' and 'respect' mean different things to different people. Without concrete examples, employees cannot reliably self-assess their own conduct.
Fix: Follow each value statement with one to two specific examples of what it requires β and what it prohibits β in day-to-day work situations.
Enter your company's legal name, specify every category of person the code covers β employees, contractors, interns, board members β and set a concrete effective date.
π‘ Broader scope coverage upfront prevents arguments about whether a contractor or temp worker was bound by the policy when an incident occurs.
Identify the values that genuinely reflect how your organization operates β not aspirational marketing language. For each value, write one sentence describing what it requires in practice.
π‘ Fewer, specific values employees can recall and apply are more effective than a long list no one remembers.
Add the protected characteristics required by your state, province, or country's employment law. Some jurisdictions require explicit inclusion of gender identity, pregnancy, or political affiliation.
π‘ Check for city-level ordinances β several municipalities add protected classes beyond state or federal requirements.
Name the person or department employees disclose conflicts to, the form they use, and what review process follows. A vague 'inform management' instruction produces inconsistent outcomes.
π‘ If your company has a compliance officer, route disclosures there rather than to direct managers β it removes pressure on the employee to disclose upward.
List at least two reporting channels β a named HR contact and an anonymous option such as a hotline or online form. Include the anti-retaliation guarantee in plain language.
π‘ Anonymous reporting tools significantly increase incident reporting rates; even a simple anonymous email alias is better than no alternative channel.
Outline a progressive discipline path for standard violations while explicitly reserving the right to skip steps for serious misconduct such as fraud, violence, or data theft.
π‘ Use the phrase 'up to and including termination' throughout β this preserves flexibility without sounding punitive for minor issues.
Include a Schedule A acknowledgment form that employees sign and date. Collect signed copies before or on the first day of employment and store them digitally alongside the personnel file.
π‘ Build acknowledgment collection into your onboarding software or HRIS so completion is tracked automatically and reminders fire for anyone who hasn't signed.
Set a calendar reminder to review the code each year. Update any sections where law, company policy, or workplace norms have changed, and recirculate the updated version with a new acknowledgment request.
π‘ Tie the annual review to a fixed month β January or the start of your fiscal year β so it happens consistently rather than when someone remembers.
A code of conduct is a formal policy document that defines the behavioral and ethical standards an organization requires of all employees and representatives. It covers how people treat each other, how they handle confidential information, how they report concerns, and what consequences apply when standards are violated. It creates a consistent baseline that protects both employees and the organization.
A formal code of conduct is not universally mandated by law for private employers, but several regulations and standards effectively require one. Publicly traded companies in the US must have a code of ethics under Sarbanes-Oxley. ISO certifications, government contracting requirements, and many industry regulators expect documented conduct standards. Even without a legal mandate, the absence of a code weakens your legal position significantly in harassment or discrimination claims.
A code of conduct focuses on specific, observable behaviors β what employees must and must not do in defined situations. A code of ethics focuses on the underlying values and principles that guide decision-making when no specific rule applies. In practice, most organizations use a single document that covers both, with the ethical principles section providing the rationale for the behavioral rules.
Every person who acts on behalf of the organization should sign an acknowledgment β full-time and part-time employees, contractors, interns, board members, and in some cases key vendors. Signature should be required before or on the first day of engagement, and again each time the code is materially updated. The signed acknowledgment is your evidence that the person was aware of the standards.
A practical code of conduct for a small to mid-size business runs 8β15 pages. Long enough to cover the key topics substantively; short enough that employees will actually read it. Detailed procedural policies β such as a full IT acceptable-use policy or a complete expense reimbursement procedure β belong in separate referenced documents, not embedded in the code itself.
Review the code at least once per year. Trigger an immediate review when employment law changes in your jurisdiction, when a significant workplace incident reveals a policy gap, when the company enters a new industry or jurisdiction, or when the organization grows past a threshold where informal cultural norms no longer suffice. Always notify employees and collect a new acknowledgment when material changes are made.
Yes β a well-structured template covers the standard sections every organization needs and eliminates the risk of accidentally omitting a critical topic. Customize the scope, values, reporting channels, and disciplinary procedures to match your actual operations. For most businesses with under 200 employees and straightforward operations, a completed template is entirely sufficient without outside legal review.
The organization should acknowledge receipt of the report within 24β48 hours, assign an investigator who has no conflict with the parties involved, interview the reporter and any witnesses, document findings, and take proportionate disciplinary action based on severity. The reporter should be informed of the outcome to the extent permitted by confidentiality. Retaliation against the reporter must be treated as a separate violation with its own consequences.
A code of conduct should not include highly detailed procedural rules that change frequently β such as specific expense limits, IT password requirements, or PTO accrual schedules. Embedding these creates amendment obligations every time they change. Instead, reference them as separate policies. The code should address principles and behavioral standards that remain stable over time.
An employee handbook is a comprehensive reference document covering all HR policies β benefits, leave, compensation, and procedures β in addition to conduct standards. A code of conduct focuses specifically on behavioral expectations and ethics. Many organizations include the code as a chapter within the handbook and distribute it separately for acknowledgment purposes.
An anti-harassment policy is a single-topic document dedicated to defining, prohibiting, and responding to workplace harassment and discrimination. A code of conduct covers harassment as one section among many. Organizations in high-risk environments or jurisdictions with specific harassment-policy mandates often maintain both β the code for overall standards and the standalone policy for detailed harassment procedures.
An NDA is a legally binding contract that creates enforceable confidentiality obligations between two named parties. A code of conduct's confidentiality section sets behavioral policy expectations for all employees but is generally not a standalone enforceable contract. For sensitive roles or vendor relationships, an NDA supplements rather than replaces the code's confidentiality provisions.
A disciplinary action policy is a standalone procedural document detailing the full investigation, documentation, and escalation steps for handling misconduct. A code of conduct summarizes disciplinary consequences at a high level and references the detailed policy. Large organizations typically maintain both; smaller ones embed sufficient procedure in the code itself.
Data handling obligations, open-source contribution rules, remote-work conduct standards, and AI ethics guidelines are often added as supplementary sections.
Insider trading prohibitions, gift and entertainment limits, personal account dealing restrictions, and regulator-mandated conduct certifications require dedicated sections.
HIPAA confidentiality obligations, patient interaction standards, and mandatory reporting of clinical misconduct must be explicitly addressed and integrated with compliance training.
Customer interaction standards, cash-handling procedures, social media policy covering customer complaints, and anti-theft provisions are particularly important given high staff turnover.
Board member conduct, donor relationship boundaries, grant fund usage restrictions, and volunteer conduct standards often require additional sections beyond the employee baseline.
Client confidentiality, billing integrity, professional licensing obligations, and conflict-of-interest disclosure for client relationships are central to conduct standards in this sector.
| Path | Best for | Cost | Time |
|---|---|---|---|
| Use the template | Small to mid-size businesses establishing conduct standards for the first time or formalizing informal norms | Free | 2β4 hours to customize and distribute |
| Template + professional review | Companies in regulated industries, those operating across multiple jurisdictions, or those that have experienced a recent workplace incident | $300β$800 for an HR consultant or employment lawyer review | 3β5 business days |
| Custom drafted | Publicly traded companies, organizations subject to SOX or FCA conduct requirements, or businesses with complex multi-country workforces | $1,500β$5,000+ | 2β4 weeks |
This document is one of 3,000+ business & legal templates included in Business in a Box.
Access over 3,000+ business and legal templates for any business task, project or initiative.
Customize your ready-made business document template and save it in the cloud.
Share your files and folders with your team. Create a space of seamless collaboration.
"Fantastic value! I'm not sure how I'd do without it. It's worth its weight in gold and paid back for itself many times."
"I have been using Business in a Box for years. It has been the most useful source of templates I have encountered. I recommend it to anyone."
"It has been a life saver so many times I have lost count. Business in a Box has saved me so much time and as you know, time is money."
Stop downloading documents. Start operating with clarity. Business in a Box gives you the Business Operating System used by over 250,000 companies worldwide to structure, run, and grow their business.
Free Forever PlanΒ Β·Β No credit card required
