Free to read β’ Save or share with one click
A company policy is a formal written document that defines a specific rule, standard, or expectation governing employee behavior or operational practice within an organization. Each policy covers one topic β attendance, data security, expense reimbursement, workplace conduct β and establishes what is required or prohibited, who is responsible, and what happens when the rule is not followed. Unlike an informal guideline or a verbal instruction, a written policy creates a consistent, auditable standard that applies equally to every covered employee regardless of which manager they report to.
This template provides a guided framework for writing individual company policies from scratch, with a structured format that covers every section a policy needs to be both clear and enforceable.
Operating without written policies exposes your business in three specific ways. First, inconsistent enforcement β when managers handle the same situation differently because there is no written rule β creates discrimination claims and destroys employee trust. Second, undocumented standards are nearly impossible to defend in an employment tribunal or HR audit; what one manager remembers agreeing to and what actually happened are two different things without a written record. Third, as headcount grows past ten or fifteen employees, informal norms break down because new hires have no way to learn them reliably.
A well-structured policy eliminates all three problems. It gives managers a consistent framework to apply, gives employees a clear statement of expectations before violations occur, and gives the business a documented record that demonstrates fair and equal treatment. This template removes the blank-page problem β you fill in the specifics for your organization, and every policy you produce follows the same defensible structure.
| If your situation is⦠| Use this template |
|---|---|
| Documenting all workplace policies in a single reference document | Employee Handbook |
| Setting rules around employee attendance and time off | Attendance Policy |
| Defining acceptable use of company technology and devices | IT Acceptable Use Policy |
| Addressing harassment, discrimination, and workplace conduct | Code of Conduct |
| Establishing a step-by-step operational procedure for a specific task | Standard Operating Procedure (SOP) |
| Outlining remote work expectations and eligibility | Remote Work Policy |
| Communicating disciplinary steps for policy violations | Progressive Discipline Policy |
Why it matters: Permissive language like 'should' makes a rule unenforceable. When an employee violates a 'should' and is disciplined, the ambiguity becomes a liability in a dispute or tribunal.
Fix: Audit every rule in the policy statement section and replace 'should,' 'may,' and 'is encouraged to' with 'must' or 'must not' for anything that is genuinely required.
Why it matters: Organizations increasingly rely on contractors, interns, and agency staff. Vague scope creates enforcement gaps and legal exposure when a non-employee violates a policy.
Fix: List every employment category your organization uses and explicitly state whether the policy applies to each, with any conditions.
Why it matters: When a policy dispute arises, you must be able to prove which version was in force on the date of the alleged violation. Undated policies are nearly impossible to defend in employment proceedings.
Fix: Include a header block on every policy with document ID, version number, effective date, and a revision history table at the end.
Why it matters: HR cannot monitor day-to-day behavior in every team. Policies that exclude line managers from enforcement roles are inconsistently applied and breed resentment when HR is perceived as the only authority.
Fix: Define specific, named duties for employees, line managers, and HR separately in the roles and responsibilities section.
Why it matters: A policy that employees cannot prove they received is difficult to enforce. Without acknowledgment records, an employee can credibly claim they were never informed of the rule.
Fix: Require signed or digital acknowledgment from every affected employee before the effective date, and store acknowledgments in each employee's HR file.
Why it matters: Every real-world situation has edge cases. Policies with zero flexibility get quietly ignored by managers who create informal workarounds β destroying consistent enforcement across the organization.
Fix: Add an exceptions section naming who can approve deviations, what documentation is required, and how long an exception remains valid.
Before writing, define the specific problem, compliance requirement, or behavioral gap the policy is meant to solve. Talk to the relevant managers or department heads to confirm the need is real and widespread enough to warrant a formal policy.
π‘ If you cannot write a one-sentence problem statement, the policy scope is too broad β narrow it before you start drafting.
Assign a clear, descriptive title and a unique document ID using your organization's naming convention (e.g., HR-001). Record the policy owner, version number, and the intended effective date.
π‘ Use a centralized policy register to track all document IDs β duplicate numbering is the most common policy library administration error.
State in two to four sentences why this policy exists and what risk or goal it addresses. Avoid HR or legal jargon β the purpose statement sets the tone for the whole document.
π‘ Read the purpose statement aloud. If a new employee would not immediately understand why this policy matters, rewrite it.
Specify which employment types, departments, locations, and job functions the policy covers. Explicitly state any exclusions β contractors, interns, or specific sites β to prevent ambiguity at enforcement.
π‘ Cross-check your scope statement against your current headcount categories to ensure no group is inadvertently omitted or included.
Write the actual rules in direct, actionable language. Use 'must' for required actions and 'must not' for prohibited ones. Avoid 'should,' 'may,' and 'is encouraged to' β these do not create enforceable obligations.
π‘ Each rule should pass the test: 'Can a manager apply this consistently without using personal judgment?' If not, the rule is too vague.
Where the policy requires employees or managers to follow a specific process β filing a request, escalating a complaint, or logging an incident β write it as a numbered list, not prose.
π‘ Include time limits for each step (e.g., 'respond within 5 business days') so the process is auditable.
Name specific roles β not individuals β for each responsibility. In the compliance section, reference your progressive discipline framework rather than listing standalone consequences.
π‘ Avoid naming specific people in policies; when that person leaves, the policy becomes inaccurate without a formal update.
Enter the annual review date, complete the revision history table, and save as PDF for distribution. Route the policy for employee acknowledgment before the effective date β digital acknowledgment through your HRIS is ideal for record-keeping.
π‘ Store signed acknowledgments for at least as long as the employee's tenure plus three years, to cover the typical statute of limitations for employment claims.
A company policy is a formal written document that defines a specific rule, standard, or expectation employees must follow in the workplace. It establishes what behavior is required or prohibited, who is responsible for compliance, and what consequences apply when the rule is broken. Policies differ from procedures in that they state the what and why; procedures state the how.
A complete company policy should include a title and identification block, a purpose statement, scope and applicability, definitions of key terms, the core policy rules, step-by-step procedures where applicable, roles and responsibilities, compliance and enforcement consequences, an exceptions process, and a review schedule with revision history. Omitting any of these sections creates gaps that complicate enforcement.
Use short sentences, active voice, and direct imperatives. Replace 'should' with 'must' for required actions and 'must not' for prohibited ones. Define any term a new employee might not know. Write procedures as numbered steps rather than prose. Test the draft by asking someone unfamiliar with the topic to explain it back to you β if they hesitate, the language needs simplifying.
Most standalone policies run one to four pages. Policies that require detailed multi-step procedures β such as a data breach response or a workplace investigation process β may run six to eight pages. Anything longer usually means the policy is trying to cover too many topics and should be split into two documents. Employee handbooks, which compile multiple policies, are a separate document type.
An annual review is the standard minimum. Policies should also be reviewed immediately after any relevant change in employment legislation, after a significant workplace incident that revealed a gap, or when the business undergoes a structural change such as an acquisition or major expansion. Each review should be logged in the revision history table with the date, reviewer, and a summary of any changes made.
Employees do not legally need to sign every individual policy, but obtaining a signed or digital acknowledgment creates a record that they received and understood the policy. This acknowledgment is critical for enforceability during disputes or disciplinary proceedings. At minimum, employees should acknowledge the employee handbook, which incorporates all policies by reference. For high-stakes policies β such as data security or anti-harassment β individual acknowledgments are recommended.
A policy states the rule and the reason: what employees must or must not do, and why. A procedure is the operational how-to: the specific, sequential steps used to implement or comply with the policy. Most complete policy documents include both β the policy statement section establishes the rule, and the procedures section explains how to follow it.
A company policy is a single, standalone document covering one specific topic β such as attendance, data security, or expense reimbursement. An employee handbook is a compiled reference document that consolidates all or most company policies into a single resource for employees. Writing individual policies first is the correct approach; the handbook is assembled from those individual documents.
Policy ownership typically sits with HR for people-related policies and with the relevant department head for operational or technical policies β for example, IT owns the acceptable-use policy and Finance owns the expense reimbursement policy. HR coordinates consistency, formatting, and the acknowledgment process across all policies, but the subject-matter expert in the relevant function should draft and own the content.
An employee handbook is a compiled reference document that consolidates all company policies into a single resource distributed to every new hire. A company policy is a standalone document covering one specific topic. The correct sequence is to write individual policies first, then assemble them into the handbook. Using a handbook template before writing individual policies results in vague, surface-level coverage of each topic.
A policy states the rule and the reason β what employees must or must not do and why. An SOP provides the granular step-by-step instructions for executing a specific task. Both documents often coexist: the policy establishes the standard, and the SOP tells workers exactly how to meet it. For operational tasks where sequence matters, an SOP is essential even when a policy already exists.
A code of conduct sets the overarching ethical framework and behavioral values expected across the organization. A company policy is narrower and more operational β it governs a specific behavior or practice with defined procedures and enforcement consequences. A code of conduct is typically aspirational in tone; a company policy is directive and enforceable.
A remote work agreement is a bilateral document signed by employer and employee that governs the terms of an individual's specific remote work arrangement. A remote work policy is a company-wide rule stating who is eligible for remote work and under what conditions. The policy defines the rules; the agreement applies those rules to a specific employee situation.
Data security, acceptable use, remote work, and AI usage policies are particularly high-stakes given the sensitivity of customer and product data.
HIPAA-aligned privacy and data-handling policies are legally mandated; incident response and patient-communication policies must meet regulatory standards.
Conflict of interest, insider trading, and client data policies must align with SEC, FINRA, or FCA requirements depending on jurisdiction.
High staff turnover makes simple, clearly written scheduling, conduct, and customer-interaction policies essential for consistent on-the-floor behavior.
Health and safety policies are legally mandated and must be written at a reading level accessible to all floor workers, with visual aids where possible.
Confidentiality, conflict of interest, and client data policies are critical; billing and expense policies must be precise enough to support client audit requests.
| Path | Best for | Cost | Time |
|---|---|---|---|
| Use the template | SMBs and HR teams drafting standard workplace policies such as attendance, expense reimbursement, or social media use | Free | 1β3 hours per policy |
| Template + professional review | Policies touching legally sensitive areas β harassment, data privacy, or disciplinary procedures β where a one-hour legal review reduces risk | $150β$400 for an employment lawyer review | 2β5 days |
| Custom drafted | Regulated industries (healthcare, financial services) or multinational employers where policies must comply with specific statutory requirements | $500β$2,500+ per policy | 1β3 weeks |
This document is one of 3,000+ business & legal templates included in Business in a Box.
Access over 3,000+ business and legal templates for any business task, project or initiative.
Customize your ready-made business document template and save it in the cloud.
Share your files and folders with your team. Create a space of seamless collaboration.
"Fantastic value! I'm not sure how I'd do without it. It's worth its weight in gold and paid back for itself many times."
"I have been using Business in a Box for years. It has been the most useful source of templates I have encountered. I recommend it to anyone."
"It has been a life saver so many times I have lost count. Business in a Box has saved me so much time and as you know, time is money."
Stop downloading documents. Start operating with clarity. Business in a Box gives you the Business Operating System used by over 250,000 companies worldwide to structure, run, and grow their business.
Free Forever PlanΒ Β·Β No credit card required
