Free Word download β’ Edit online β’ Save & share with Drive β’ Export to PDF
A Code of Conduct and Ethics Policy is a formal organizational document that defines the behavioral standards, ethical principles, and compliance obligations every employee, director, and representative of a company is expected to uphold. It translates the company's core values into specific, enforceable rules covering professional conduct, conflicts of interest, confidentiality, anti-harassment, gifts and entertainment, and the procedures for reporting and investigating violations. Unlike informal cultural guidelines, a written code creates a documented standard against which behavior can be measured, disciplinary decisions can be justified, and legal exposure can be managed.
Without a written code of conduct, your organization has no documented standard to point to when an employee dispute, harassment complaint, or ethics violation reaches HR or a courtroom. Courts and arbitrators treat an undocumented or undistributed policy as though it does not exist β leaving the employer exposed when the conduct at issue should have been clearly prohibited. Beyond legal protection, a well-distributed code reduces the frequency of incidents in the first place: employees who understand exactly what is expected of them, and know that violations are taken seriously, make better decisions at the margin. Investors, enterprise clients, and certification bodies β from SOC 2 auditors to ISO assessors β routinely request a code of conduct as baseline evidence of governance maturity. This template gives you a complete, customizable starting point you can adapt to your team size, industry, and jurisdiction in a single afternoon.
| If your situation is⦠| Use this template |
|---|---|
| Policy for a small team under 25 people with informal culture | Employee Code of Conduct (Simple) |
| Policy covering publicly traded company disclosure and insider trading rules | Corporate Governance Policy |
| Policy specifically governing supplier and vendor relationships | Supplier Code of Conduct |
| Policy focused exclusively on anti-bribery and anti-corruption compliance | Anti-Bribery and Corruption Policy |
| Policy for a nonprofit organization with volunteer and donor conduct rules | Nonprofit Code of Ethics |
| Policy document acknowledgment employees sign at onboarding | Employee Acknowledgment Form |
| Internal whistleblower reporting and investigation procedure | Whistleblower Policy |
Why it matters: Without a record that employees received and understood the policy, enforcement in a dispute or litigation is undermined β courts and arbitrators treat an unseen policy as unenforceable.
Fix: Require a signed acknowledgment before day one for new hires, and re-collect signatures every time the policy is materially updated.
Why it matters: Employees in different roles and markets apply vastly different interpretations of 'reasonable,' creating inconsistent behavior and potential compliance violations.
Fix: Insert a specific per-occasion dollar limit and a named approval authority for anything above it β a 15-minute conversation with your compliance officer sets the number for your context.
Why it matters: Employees who suspect their own manager of misconduct have no path to report β incidents go unaddressed and the company's legal exposure compounds over time.
Fix: Add at least two independent channels: HR and an ethics hotline or designated compliance officer who sits outside the direct management chain.
Why it matters: Laws change, your business grows into new jurisdictions, and incidents reveal gaps β a policy frozen in year one becomes inaccurate and potentially non-compliant.
Fix: Assign a named owner and calendar an annual review, plus a trigger-based review whenever a regulatory change, acquisition, or significant incident occurs.
Why it matters: A policy that says 'act with integrity at all times' gives employees no practical guidance and gives managers no standard against which to hold people accountable.
Fix: Translate each principle into at least one specific example β 'integrity means accurately recording your hours even when no one is checking' is actionable; 'integrity' alone is not.
Why it matters: Employees who assume their confidentiality obligation ends at resignation may share trade secrets, client data, or competitive information immediately after leaving.
Fix: Add explicit language stating that confidentiality obligations survive termination of employment for a defined period β typically two to five years β or indefinitely for trade secrets.
Replace [COMPANY NAME] throughout the template and define who is covered β employees, directors, contractors, and any third parties who represent the company.
π‘ List contractors and vendors explicitly if they have access to confidential data or customer relationships β the scope clause is the first thing an employment lawyer reviews.
Write two to three sentences for each core value that translate the abstract principle into a concrete daily behavior employees can recognize and self-assess against.
π‘ Pilot the values section with three frontline employees β if they cannot give you an example of each value in their role, rewrite until they can.
Name the role responsible for receiving disclosures (HR manager, compliance officer, or designated ethics officer) and specify the timeframe β typically within 10 business days of identifying a conflict.
π‘ Require annual re-disclosure, not just disclosure at the time of joining. Relationships and investments change.
Replace [AMOUNT] with a specific per-occasion threshold β common benchmarks are $25 for regulated industries and $100 for standard commercial businesses. Add an approval process for anything above the threshold.
π‘ Check whether your industry has a regulatory ceiling before setting your own. Pharmaceutical and financial services companies face strict federal limits that override internal policy.
Enter the contact details for HR, the ethics hotline URL or phone number, and any designated compliance officer. Confirm each channel works and is monitored before distributing the policy.
π‘ Anonymous reporting channels increase reporting rates significantly β consider a third-party hotline service if your team is under 100 people and internal anonymity is hard to guarantee.
Review the disciplinary steps and add any company-specific categories of gross misconduct (e.g., data breach, financial fraud, physical violence) that trigger immediate termination without prior warning.
π‘ Have your HR lead or employment counsel review this section β the language must align with your employment agreements and applicable labor law.
Attach a one-page acknowledgment form at Appendix A with employee name, date, and signature line. Build the signed-acknowledgment collection into your onboarding checklist and annual review cycle.
π‘ Store signed acknowledgments in each employee's HR file β digital signatures with a timestamp are acceptable and easier to retrieve than paper copies.
Enter a specific review date (e.g., 'This policy will be reviewed each January') and assign ownership to a named role β not just 'HR' β so the review actually happens.
π‘ Tie the review to a triggering event list: any regulatory change, a significant incident, or a material change in company structure should prompt an immediate off-cycle review.
A code of conduct and ethics policy is a formal document that defines the behavioral standards, ethical principles, and compliance obligations every person in an organization is expected to follow. It covers topics such as conflicts of interest, confidentiality, anti-harassment, gifts and entertainment, and the process for reporting violations. It functions as both an internal governance document and a legal safeguard in employment disputes and regulatory inquiries.
In the US, a formal code of conduct is not universally required by federal law, but publicly traded companies subject to Sarbanes-Oxley must have one. Many industry regulators β including FINRA, the SEC, and healthcare accreditation bodies β effectively mandate one through their standards. Even where it is not legally required, having a documented code significantly reduces employer liability in harassment, discrimination, and misconduct claims.
At minimum, all full-time and part-time employees. Best practice extends coverage to contractors, consultants, officers, directors, and any third party who acts as an agent of the company or has access to confidential information. The scope clause in the policy should list covered parties explicitly to avoid ambiguity.
An employee handbook covers the full range of HR policies β compensation, benefits, leave, performance management, and working conditions. A code of conduct focuses specifically on ethical behavior, professional standards, conflicts of interest, and compliance obligations. The code is typically a standalone document that is incorporated by reference into the handbook, and it is often signed separately to create a clear record of acknowledgment.
A full review annually is standard. Additionally, the policy should be reviewed immediately after any significant incident, regulatory change, acquisition, or material expansion into a new jurisdiction. Each revision should trigger a new round of employee acknowledgment signatures and, for material changes, a brief all-hands communication explaining what changed and why.
It should describe the investigation process, identify who conducts investigations, and list the range of potential outcomes from minor violations (written warning) to serious ones (termination, referral to law enforcement). Crucially, it should reserve the right to skip progressive steps for gross misconduct β locking the company into a fixed sequence of warnings before termination can create liability in serious cases.
Distributing the document is the floor, not the ceiling. Effective adoption requires: a signed acknowledgment at onboarding, annual refresher training with real-world scenarios, visible modeling of the values by leadership, accessible reporting channels, and consistent enforcement regardless of seniority. Research consistently shows that tone at the top β how senior leaders behave when no one is watching β is the strongest predictor of whether a code of conduct is followed.
Yes, and it cuts both ways. A well-drafted, consistently enforced code with signed acknowledgments strengthens the employer's position by demonstrating that the employee was on notice of the prohibited conduct. Conversely, an inconsistently enforced code, or one that was never formally distributed and acknowledged, can be used by the employee to argue that the policy was not a genuine workplace standard.
The terms are often used interchangeably, but a code of ethics typically focuses on the moral principles and values that guide decision-making, while a code of conduct translates those principles into specific, enforceable rules of behavior. Most effective policies combine both β articulating the underlying values and spelling out the specific conduct those values require.
An employee handbook is a comprehensive HR reference covering compensation, benefits, leave policies, and working conditions. A code of conduct focuses specifically on ethical behavior, compliance obligations, and conduct standards. The two documents complement each other β the code is typically a standalone document incorporated by reference into the handbook and signed separately.
A whistleblower policy is a dedicated document governing the process for reporting suspected misconduct β who receives reports, how investigations are conducted, and how reporters are protected from retaliation. A code of conduct covers conduct standards broadly and includes a summary reporting procedure. Organizations with a significant compliance function typically have both, with the code directing employees to the dedicated whistleblower policy for detailed reporting guidance.
An NDA is a bilateral or unilateral contract that creates a legally binding confidentiality obligation between specific parties, typically in the context of a transaction or partnership. A code of conduct's confidentiality section creates an internal policy-level obligation for all employees. NDAs provide stronger, contract-based enforcement; the code of conduct provides a consistent baseline for the entire workforce.
An HR policies and procedures manual covers the operational mechanics of people management β hiring, performance reviews, termination procedures, and benefits administration. A code of conduct governs how people behave, not how HR processes are administered. A mature organization uses the manual for process and the code for behavioral standards, keeping each document focused and manageable.
Insider trading prohibitions, MNPI handling, gifts and entertainment limits aligned with FINRA Rule 3220, and mandatory reporting to compliance officers.
HIPAA confidentiality obligations incorporated by reference, patient interaction standards, anti-kickback provisions, and mandatory incident reporting to compliance.
Data handling and privacy obligations (GDPR, CCPA), acceptable use of AI tools, IP ownership reminders, and open-source software licensing compliance.
Client confidentiality obligations that extend beyond standard employee confidentiality, fee-splitting and referral rules, and professional licensing compliance.
Customer interaction standards, cash handling integrity, anti-theft provisions, and social media conduct rules for customer-facing staff.
Safety compliance obligations, supplier relationship integrity, environmental conduct standards, and restrictions on accepting gifts from vendors.
| Path | Best for | Cost | Time |
|---|---|---|---|
| Use the template | Small businesses, startups, and growing teams establishing a conduct policy for the first time | Free | 2β4 hours to customize and distribute |
| Template + professional review | Companies in regulated industries, those undergoing SOC 2 or ISO certification, or organizations with operations in multiple jurisdictions | $500β$1,500 for an HR consultant or employment counsel review | 3β5 business days |
| Custom drafted | Publicly traded companies, financial services firms with FINRA/SEC obligations, or organizations responding to a compliance incident or regulatory inquiry | $2,000β$8,000+ for full counsel-drafted policy suite | 2β4 weeks |
This document is one of 3,000+ business & legal templates included in Business in a Box.
Access over 3,000+ business and legal templates for any business task, project or initiative.
Customize your ready-made business document template and save it in the cloud.
Share your files and folders with your team. Create a space of seamless collaboration.
"Fantastic value! I'm not sure how I'd do without it. It's worth its weight in gold and paid back for itself many times."
"I have been using Business in a Box for years. It has been the most useful source of templates I have encountered. I recommend it to anyone."
"It has been a life saver so many times I have lost count. Business in a Box has saved me so much time and as you know, time is money."
Stop downloading documents. Start operating with clarity. Business in a Box gives you the Business Operating System used by over 250,000 companies worldwide to structure, run, and grow their business.
Free Forever PlanΒ Β·Β No credit card required
