[{"data":1,"prerenderedAt":504},["ShallowReactive",2],{"document-it-acceptable-use-policy-D13720":3},{"document":4,"label":23,"preview":11,"thumb":24,"thumb600":25,"description":5,"descriptionCustom":6,"apiDescription":5,"pages":8,"extension":10,"parents":26,"breadcrumb":30,"related":38,"customDescModule":175,"customdescription":6,"mdFm":176,"mdProseHtml":503},{"description":5,"descriptionCustom":6,"label":7,"pages":8,"size":9,"extension":10,"preview":11,"thumb":12,"svgFrame":13,"seoMetadata":14,"parents":16,"keywords":15},"INFORMATION TECHNOLOGY (IT) ACCEPTABLE USE POLICY PURPOSE The purpose of this Information Technology Acceptable Use Policy is to define the guidelines and expectations for the appropriate and responsible use of [COMPANY NAME]'s information technology resources. This Policy aims to ensure the security, integrity, and availability of company data and systems while promoting ethical and lawful use. SCOPE This Policy applies to all employees, contractors, vendors, visitors, and authorized users who access [COMPANY NAME]'s information technology resources. It encompasses the use of computer systems, networks, software, internet access, and all related technology assets. POLICY STATEMENTS Authorized Use Information technology resources provided by [COMPANY NAME] are to be used solely for business-related purposes. Personal use is permitted within reasonable limits, provided it does not interfere with work duties or violate this Policy. Security and Passwords Users are responsible for maintaining the security of their accounts, passwords, and access credentials. Passwords should be strong, confidential, and not shared with others. Access Control Users are granted access to company systems and data based on their job responsibilities. Unauthorized access or attempts to gain unauthorized access are strictly prohibited. Data Protection Users must take precautions to protect sensitive company data from loss, theft, or unauthorized disclosure. Data should be stored and transmitted securely, following company policies and applicable regulations. Software and Licensing Only authorized software with valid licenses may be installed and used on company-owned devices. Unauthorized copying, distribution, or use of copyrighted software is prohibited. Internet Usage Internet access is provided for business purposes",null,"IT Acceptable Use Policy","3",513,"doc","https://templates.business-in-a-box.com/imgs/1000px/it-acceptable-use-policy-D13720.png","https://templates.business-in-a-box.com/imgs/250px/13720.png","https://templates.business-in-a-box.com/svgs/docviewerWebApp1.html?v6#13720.xml",{"title":15,"description":6},"it acceptable use policy",[17,20],{"label":18,"url":19},"Human Resources","/templates/human-resources/",{"label":21,"url":22},"Company Policies","/templates/company-policies/","IT Acceptable Use Policy Template","https://templates.business-in-a-box.com/imgs/400px/13720.png","https://templates.business-in-a-box.com/imgs/600px/13720.png",[27,17,20],{"label":28,"url":29},"Templates","/templates/",[31,32,35],{"label":28,"url":29},{"label":33,"url":34},"Software & Technology","/templates/software-technology/",{"label":36,"url":37},"Cybersecurity Policies","/templates/cybersecurity-policies/",[39,43,47,51,55,59,63,67,71,75,79,83,87,105,119,132,145,159],{"label":40,"url":41,"thumb":42,"extension":10},"Acceptable Use Policy","/template/acceptable-use-policy-D12622","https://templates.business-in-a-box.com/imgs/250px/12622.png",{"label":44,"url":45,"thumb":46,"extension":10},"AI Acceptable Use Policy","/template/ai-acceptable-use-policy-D13900","https://templates.business-in-a-box.com/imgs/250px/13900.png",{"label":48,"url":49,"thumb":50,"extension":10},"IT Security Policy","/template/it-security-policy-D13722","https://templates.business-in-a-box.com/imgs/250px/13722.png",{"label":52,"url":53,"thumb":54,"extension":10},"Computer Use Policy","/template/computer-use-policy-D705","https://templates.business-in-a-box.com/imgs/250px/705.png",{"label":56,"url":57,"thumb":58,"extension":10},"IT Governance and Compliance Policy","/template/it-governance-and-compliance-policy-D13721","https://templates.business-in-a-box.com/imgs/250px/13721.png",{"label":60,"url":61,"thumb":62,"extension":10},"Corporate Social Media Use Policy","/template/corporate-social-media-use-policy-D13636","https://templates.business-in-a-box.com/imgs/250px/13636.png",{"label":64,"url":65,"thumb":66,"extension":10},"It Equipment Email And Internet Usage Policy","/template/it-equipment-email-and-internet-usage-policy-D12640","https://templates.business-in-a-box.com/imgs/250px/12640.png",{"label":68,"url":69,"thumb":70,"extension":10},"Technology Policy","/template/technology-policy-D13285","https://templates.business-in-a-box.com/imgs/250px/13285.png",{"label":72,"url":73,"thumb":74,"extension":10},"Cyber Security Policy","/template/cyber-security-policy-D12867","https://templates.business-in-a-box.com/imgs/250px/12867.png",{"label":76,"url":77,"thumb":78,"extension":10},"Workplace Technology Upgrade and Replacement Policy","/template/workplace-technology-upgrade-and-replacement-policy-D13866","https://templates.business-in-a-box.com/imgs/250px/13866.png",{"label":80,"url":81,"thumb":82,"extension":10},"Anti-Spam Policy","/template/anti-spam-policy-D827","https://templates.business-in-a-box.com/imgs/250px/827.png",{"label":84,"url":85,"thumb":86,"extension":10},"GDPR Privacy Policy","/template/gdpr-privacy-policy-D12541","https://templates.business-in-a-box.com/imgs/250px/12541.png",{"description":88,"descriptionCustom":6,"label":89,"pages":90,"size":9,"extension":10,"preview":91,"thumb":92,"svgFrame":93,"seoMetadata":94,"parents":96,"keywords":103,"url":104},"CODE OF CONDUCT As an employee, it is important that you know what personal conduct is expected of you while on the job. In most instances, your own good judgment will tell you what the right thing to do is. In addition to complying with Company policies and job specific requirements, you are also expected to obey the rules and regulations of [COMPANY] and this Code of Conduct (\"Code\" or \"Policy\"). If your performance does not meet position requirements, you may be subject to disciplinary action, up to and including immediate termination, with or without notice, and with or without cause at any time. PURPOSE Our Employee Code of Conduct Company Policy outlines our expectations regarding employees' behavior towards their colleagues, supervisors, and the overall organization. We promote freedom of expression and open communication. But we expect all employees to follow our Code of Conduct. They should avoid offending, participating in serious disputes, and disrupting our workplace. We also expect them to foster a well-organized, respectful, and collaborative environment. SCOPE This Policy applies to all our employees, regardless of employment agreement or rank. VIOLATIONS WHICH ARE CONSIDERED AGAINST THE CODE OF CONDUCT While discipline for standard violations will follow a progressive disciplinary procedure, the Company reserves the right to implement discipline in accordance with the grievousness of the violation. Violations of these or any other Company policies may subject you to disciplinary action, up to and including immediate termination: Theft, fraud, embezzlement, or other proven acts of dishonesty. Any harassment of another employee (verbal, physical, or visual), including sexual harassment such as offensive gestures, unwelcome advances, jokes, touching, or comments of a sexual nature made to or about another employee, vendor or customer. Obtaining employment or promotion on the basis of false or misleading information. Soliciting or accepting gifts (money, services, or merchandise) in connection with Company business. Reporting for work under the influence of alcohol or any illegal substances; or possession, sale or distribution of alcohol or illegal substances while on Company premises or abusing such items while representing the Company or conducting Company business. Engaging in unauthorized employment elsewhere while on paid benefits related to illness, or while on an extended absence. Assisting anyone who you know or suspect to be involved in committing any crime or engaging in any conduct which rises to the level of a crime. Falsifying Company documents or records, including misuse of timekeeping records, or falsely inputting payment data. Insubordination, meaning refusing to follow legitimate instructions of a superior directly related to performance of one's job. Disrupting the work environment. Excessive absenteeism or unacceptable patterns of absenteeism. Repeatedly failing to use a timeclock as directed. Job abandonment, meaning the failure to report to work without properly notifying one's immediate supervisor, or leaving a job assignment prior to completion of your responsibilities. Conduct that is likely to cause another employee, customer or vendor of the Company embarrassment, loss of dignity, feelings of intimidation, or loss of opportunity, including all forms of discrimination and harassment. Unauthorized use of Company or customer supplies, information, equipment, funds, or computer codes/passwords. Knowingly mishandling a customer's or potential customer's account. This includes improper discriminatory practices. Refusing to repay documented overpayment of any compensation. Possessing firearms or weapons while on Company premises or carrying them while on Company business; or threatening the personal safety of fellow employees, customers, or vendors. Committing any act, on or off the Company's premises, which threatens or is potentially threatening to the reputation of the Company or any of its employees, customers, or vendors. Repeatedly failing to meet job responsibilities, job budget or quality requirements. COMPANY'S EXPECTATIONS [COMPANY] expects you to: be present at work as required. maintain agreed standards of performance. comply with health and safety policies and procedures. comply with all lawful and reasonable instructions. maintain set standards of integrity, conduct, and concern for the public interest. demonstrate commitment to [COMPANY]'s vision, values, and goals. be active in your self-development. We expect you to: comply with all reasonable instructions and work as directed by your manager. be familiar with, and consistently apply, the Acts and Regulations that directly affect your work. be familiar with, and consistently apply, the requirements of [COMPANY]'s operational manual, as well as wider [COMPANY] policies and procedures that affect your work, for example, policies for managing human resources. be consistent and fair in requiring compliance with statutory obligations. adhere to your delegations, not exploiting or abusing any power or authority accorded to you because of your role. Authority includes statutory, delegated and administrative authorities. not give any false information or make any false declaration. obtain permission from your manager before entering into any contract or agreement. not create any liability for [COMPANY] beyond your authorization. consistently follow workplace procedures for documenting decisions for action, and the reasons for taking those decisions. show reasonable care for [COMPANY] property, resources, and funds and neither use nor approve them to be used for anything other than authorized purposes. contribute to a safe workplace by knowing and carrying out your responsibilities (as an employee or as a manager) under health and safety legislation. contact your manager within 30 minutes of your normal/rostered starting time, or in accordance with local instructions, if you are unable to work because of sickness, or an emergency. maintain the standard of dress and general appearance required in your workplace. EMPLOYEE'S EXPECTATIONS [COMPANY] has an obligation to behave in a fair and reasonable manner towards employees by acting in compliance with its legal commitments","Code Of Conduct","6","https://templates.business-in-a-box.com/imgs/1000px/code-of-conduct-D13318.png","https://templates.business-in-a-box.com/imgs/250px/13318.png","https://templates.business-in-a-box.com/svgs/docviewerWebApp1.html?v6#13318.xml",{"title":95,"description":6},"code of conduct",[97,100],{"label":98,"url":99},"Business Plan Kit","business-plan-kit",{"label":101,"url":102},"Management","business-management","code conduct","/template/code-of-conduct-D13318",{"description":106,"descriptionCustom":6,"label":107,"pages":8,"size":9,"extension":10,"preview":108,"thumb":109,"svgFrame":110,"seoMetadata":111,"parents":113,"keywords":112,"url":118},"DATA PRIVACY POLICY INTRODUCTION [COMPANY NAME] is committed to protecting the privacy and confidentiality of personal data collected or processed during its business operations. This Data Privacy Policy outlines the principles and practices that govern the collection, use, and disclosure of personal data by the Company. SCOPE This Policy applies to all employees, contractors, vendors, and third parties who collect, use, or process personal data on behalf of the Company. It also applies to all personal data collected from customers, clients, partners, and other individuals. PERSONAL INFORMATION COLLECTION We may collect personal information, such as name, address, email, phone number, and job title, from customers, employees, and stakeholders. We collect personal information through various channels, such as our website, email, phone, and in-person interactions. We may also collect personal information from third-party sources, such as service providers and business partners. USE OF PERSONAL INFORMATION The Company will only use personal data for the purposes for which it was collected or as otherwise permitted by applicable laws and regulations. Personal data may be used for, but not limited to, the following purposes: Providing products or services requested by individuals; Communicating with individuals about products, services, or other business-related matters; Conducting market research, analytics, and improving business operations; Managing and administering employee or contractor relationships; Complying with legal or regulatory requirements; Protecting the rights and interests of the Company or its customers. DISCLOSURE The Company may share personal data with third parties for legitimate business purposes, including but not limited to, service providers, vendors, contractors, and business partners. Personal data may also be disclosed to comply with legal or regulatory requirements, or in response to lawful requests from public authorities. The Company will take appropriate measures to ensure that third parties receiving personal data are bound by confidentiality obligations and provide adequate protection to the personal data. DATA RETENTION","Data Privacy Policy","https://templates.business-in-a-box.com/imgs/1000px/data-privacy-policy-D13465.png","https://templates.business-in-a-box.com/imgs/250px/13465.png","https://templates.business-in-a-box.com/svgs/docviewerWebApp1.html?v6#13465.xml",{"title":112,"description":6},"data privacy policy",[114,116],{"label":18,"url":115},"human-resources",{"label":21,"url":117},"company-policies","/template/data-privacy-policy-D13465",{"description":120,"descriptionCustom":6,"label":121,"pages":122,"size":9,"extension":10,"preview":123,"thumb":124,"svgFrame":125,"seoMetadata":126,"parents":128,"keywords":127,"url":131},"REMOTE WORK AGREEMENT This Remote Work Agreement (the \"Agreement\") is effective [DATE], BETWEEN: [NAME OF THE EMPLOYER], (the \"Employer\" or \"Company\"), a Company organized and existing under the laws of the [State/Province] of [STATE/PROVINCE], with its head office located at: [COMPLETE ADDRESS] AND: [NAME OF THE EMPLOYEE], (the \"Employee\"), an individual with their main address located at: [COMPLETE ADDRESS] Collectively, the Employer and the Employee shall be referred to as the \"Parties.\" WHEREAS, the Company has made an offer to the Employee to work remotely in the capacity of [JOB TITLE] at the Company; NOW THEREFORE in consideration and as a condition of the Parties entering into this Agreement and other valuable considerations, the receipt and sufficiency of which consideration is acknowledged, the Parties agree as follows: APPOINTMENT The Company hereby offers the Employee appointment, and the Employee agrees to serve the Company to work remotely in the capacity of [JOB TITLE] as of [DATE] (the \"Effective Date\"). PROBATION PERIOD The Employee will be on a Probation Period for a period of [MONTHS/DAYS]. The Employee's confirmation as a permanent employee is subject to the Employee making a positive contribution to the Company and is further subject to meeting certain standards and qualifying criteria during the Probation Period. PLACE OF WORK The Employee shall perform their duties at the location of their choice. The Employee will report to the [SPECIFY THE DESIGNATION] on a needs basis in the following manner: [SPECIFY THE MANNER OF COMMUNICATION]. REMOTE WORK While working remotely, the Employee will remain accessible during the remote work. The Employee will check in with the supervisor to discuss status and open issues and be available for video/teleconferences, scheduled on an as-needed basis. The Employee will take rest and meal breaks while working remotely in full compliance with all applicable policies or collective bargaining agreements, and request supervisor approval to use vacation or sick leave. To ensure that the Employee's performance will not suffer in a remote work arrangement, the Employee is advised to choose a quiet and distraction-free working space, have an internet connection that is adequate for their job and dedicate their full attention to their job duties during working hours. Equipment. The Company will provide the Employee with equipment that is essential to their job duties, like laptops and headsets. The Employee will install VPN and company-required software when the Employee receives their equipment. The Employee must keep their equipment password protected, follow all data encryption, protection standards and settings, and refrain from downloading suspicious, unauthorized or illegal software. NOTICE PERIOD During the Probation Period, if the Employee's performance is found to be unsatisfactory or if it does not meet the prescribed criteria, the Employee's employment can be terminated by the Company with [NUMBER OF DAYS] day's notice or salary thereof. The Employee will be required to give [NUMBER OF MONTHS] months' notice or salary thereof in case the Employee decides to leave the Company. DUTIES The Employee shall perform all such duties as may be delegated by the Company and comply with all such directions as the Managing Director and/or his/her nominated deputies may from time to time assign or give to the Employee. [SPECIFY DUTIES] WORKING HOURS The total working hours will be [SPECIFY HOURS] hours on Mondays to Saturdays. It is expected that the Employee will be flexible with the working hours and work such additional hours as might be necessary to efficiently perform duties under this Agreement. The Company reserves the right to change the working days and the working hours. The Employee shall be entitled to leave and holidays as per the Leave Policy of the Company. In the event the Employee is absent from work and unable to perform duties satisfactorily by reason of any injury, illness or other reason acceptable to the Company, the Employee will be entitled to receive salary and other benefits for up to [NUMBER OF DAYS] consecutive working days during any such absence, within a period of 12 consecutive months. REMUNERATION The Employee's starting total monthly gross salary and during the Probation Period will be as per details in the annexure, hereinafter known as Exhibit A. Any bonus is subject to review in accordance with the Company's practice and policies from time to time, however, there shall be no obligation on the Company to increase the salary or award bonuses at any point of time, save and except at its sole discretion. The Company shall pay or refund or procure to be paid or refunded all reasonable travelling and other similar out of pocket expenses necessarily and incurred by the Employee wholly in the proper performance of duties, subject to production by the Employee of such evidence of the expenses as the Company may reasonably require. The Employee will be required to fill in the claims forms in which the Employee shall provide the correct information of the expenses incurred. CONFIDENTIALITY AND INTELLECTUAL PROPERTY If at any time during the Employee's employment under this Agreement, the Employee participates in the making or discovery of any Intellectual Property directly or indirectly relating to or capable of being used by the Company, full details of the Intellectual Property shall immediately be disclosed in writing by the Employee to the Company and the Intellectual Property shall be the absolute property of the Company. At the request and expense of the Company, the Employee shall give and supply all such information, data, drawings, and assistance as may be necessary or in the opinion of the Company desirable to enable the Company to exploit the Intellectual Property to the best advantage as decided by the Company. The Employee shall execute all documents and do all things which may, in the opinion of the Company, be necessary or desirable for obtaining copyright, design or other protection for the Intellectual Property and for vesting the same in the Company, as the Company may direct. As Confidential Information will from time to time become known to the Employee, the Company considers and the Employee agrees that the restraints set forth in this Agreement are necessary for the reasonable protection by the Company of its business or the business of the Group, the clients thereof or their respective affairs. The Employee shall not at any time, either during the continuance of or after the termination of Employment with the Company, use, disclose or communicate to any person whatsoever any Confidential Information which the Employee has or of which he may have become possessed during employment with the Company nor shall he supply the names or addresses of any clients, customers, vendors or agents of the Company or any company of the Group to any person except as authorised by the Company or as ordered by a court of competent jurisdiction. The Employee consents to the Company holding and processing, both electronically and manually, the data it collects relating to the Employee in the course of employment, for the purpose of the Company's administration and management of its employees, its business and to comply with applicable procedures, laws and regulations. ","Remote Work Agreement","8","https://templates.business-in-a-box.com/imgs/1000px/remote-work-agreement-D13282.png","https://templates.business-in-a-box.com/imgs/250px/13282.png","https://templates.business-in-a-box.com/svgs/docviewerWebApp1.html?v6#13282.xml",{"title":127,"description":6},"remote work agreement",[129,130],{"label":18,"url":115},{"label":21,"url":117},"/template/remote-work-agreement-D13282",{"description":133,"descriptionCustom":6,"label":134,"pages":135,"size":9,"extension":10,"preview":136,"thumb":137,"svgFrame":138,"seoMetadata":139,"parents":141,"keywords":140,"url":144},"SOCIAL MEDIA POLICY PURPOSE [COMPANY NAME] recognizes that technology provides unique opportunities to build our business, listen, learn and engage with consumers, stakeholders and employees through the use of a wide variety of Social Media. However, how we use social media and what we say also has the potential to affect [COMPANY NAME]'s reputation and/or expose the Company (and each of us) to business or legal risk. Whilst we recognize the benefits which may be gained from appropriate use of social media, it is also important to be aware that it poses significant risks to our business. These risks include disclosure of confidential information and intellectual property, damage to our reputation and the risk of legal claims. Therefore, every employee has a personal responsibility to be familiar with and comply with [COMPANY NAME]'s overall Social Media Policy. This policy is designed to reflect our purpose, values and principles, our business conduct manual, and legal requirements. Because we use social media in a variety of ways, there are more specific expectations that may apply to your activities. SCOPE This policy covers all forms of social media, including Facebook, Instagram, LinkedIn, Twitter, Google+ Wikipedia, other social networking sites, and other internet postings, including blogs. It applies to the use of social media for both business and personal purposes, during working hours and in your own time to the extent that it may affect the business of the company. The policy applies both when the social media is accessed using our information systems and also when access using equipment or software belonging to employees or others. It also covers all employees and also others including consultants, contractors, and casual and agency staff. Breach of this policy may result in disciplinary action up to and including dismissal. Any misuse of social media should be reported to [SPECIFY]. Questions regarding the content or application of this policy should be directed to [SPECIFY]]. POLICY STATEMENT Although many users may consider their personal comments posted on social media or discussions on social networking sites to be private, these communications are frequently available to a larger audience than the author may realize. As a result, any online communication that directly or indirectly refers to [COMPANY NAME], our products and services, team members or other work-related issues, has the potential to damage [COMPANY NAME]'s reputation or interests. When participating in social media in a personal capacity, employees must: Not disclose [COMPANY NAME]'s confidential information, proprietary or sensitive information. Information is considered confidential when it is not readily available to the public. The majority of information used throughout [COMPANY NAME] is confidential. If you are in doubt about whether information is confidential, refer to the [COMPANY NAME] [EMPLOYEE HANDBOOK/CODE OF CONDUCT] and/or ask your manager before disclosing any information. Not use the [COMPANY NAME] logo or company branding on any social media platform without prior approval from [SPECIFY]; Not communicate anything that might damage [COMPANY NAME]'s reputation, brand image, commercial interests, or the confidence of our customers; Not represent or communicate on behalf of [COMPANY NAME] in the public domain without prior approval from [SPECIFY]; Not post any material that would directly or indirectly defame, harass, discriminate against or bully any [COMPANY NAME] team member, supplier or customer; Ensure, when identifying themselves (or when they may be identified) as a [COMPANY NAME] team member, that their social media communications are lawful and Comply with [COMPANY NAME]'s policies and procedures RESPONSIBLE USE OF SOCIA MEDIA Employee must not use social media in a way that might breach any of our policies, any express or implied contractual obligations, legislation, or regulatory requirements. In particular, use of social media must comply with: The Anti-Bullying and Sexual Harassment Policies Rules of relevant regulatory bodies; Contractual confidentiality requirements;","Social Media Policy","4","https://templates.business-in-a-box.com/imgs/1000px/social-media-policy-D12688.png","https://templates.business-in-a-box.com/imgs/250px/12688.png","https://templates.business-in-a-box.com/svgs/docviewerWebApp1.html?v6#12688.xml",{"title":140,"description":6},"social media policy",[142,143],{"label":18,"url":115},{"label":21,"url":117},"/template/social-media-policy-D12688",{"description":146,"descriptionCustom":6,"label":147,"pages":148,"size":149,"extension":10,"preview":150,"thumb":151,"svgFrame":152,"seoMetadata":153,"parents":154,"keywords":157,"url":158},"Employee Handbook Understanding employment at [YOUR COMPANY NAME] Revised on [DATE] Prepared By: [YOUR NAME] [YOUR JOB TITLE] Phone 555.555.5555 Email info@yourbusiness.com www.yourbusiness.com Table of Content Table of Content 2 Welcome to [YOUR COMPANY NAME]! 5 1. Organization Description 6 1.1 Introductory Statement 6 1.2 Customer Relations 6 1.3 Products and Services Provided 7 1.4 Facilities and Location(s) 7 1.5 The History of [YOUR COMPANY NAME] 7 1.6 Management Philosophy 7 1.7 Goals 8 2. The Employment 9 2.1 Nature of Employment 9 2.2 Employee Relations 9 2.3 Equal Employment Opportunity 10 2.4 Diversity 10 2.5 Business Ethics and Conduct 12 2.6 Personal Relationships in the Workplace 13 2.7 Conflicts of Interest 13 2.8 Outside Employment 14 2.9 Non-Disclosure 15 2.10 Disability Accommodation 16 2.11 Job Posting and Employee Referrals 17 2.12 Whistleblower Policy 18 2.13 Accident and First Aid 20 3. Employment Status and Records 21 3.1 Employment Categories 21 3.2 Access to Personnel Files 22 3.3 Personnel Data Changes 23 3.4 Probation Period 23 3.5 Employment Applications 24 3.6 Performance Evaluation 24 3.7 Job Descriptions 25 3.8 Salary Administration 25 3.9 Professional Development 26 4. Employee Benefit Programs 27 4.1 Employee Benefits 27 4.2 Vacation Benefits 27 4.3 Military Service Leave 29 4.4 Religious Observance 29 4.5 Holidays 29 4.6 Workers Insurance 30 4.7 Sick Leave Benefits 31 4.8 Bereavement Leave 32 4.9 Relocation Benefits 33 4.10 Educational Assistance 33 4.11 Health Insurance 34 4.12 Life Insurance 35 4.13 Long Term Disability 35 4.14 Marriage, Maternity and Parental Leave 36 5. Timekeeping / Payroll 40 5.1 Timekeeping 40 5.2 Paydays 40 5.3 Employment Termination 41 5.4 Administrative Pay Corrections 42 6. Work Conditions and Hours 43 6.1 Work Schedules 43 6.2 Absences 43 6.3 Jury Duty 45 6.4 Use of Phone and Mail Systems 45 6.5 Smoking 46 6.6 Meal Periods 46 6.7 Overtime 46 6.8 Use of Equipment 47 6.9 Telecommuting 47 6.10 Emergency Closing 48 6.11 Business Travel Expenses 49 6.12 Visitors in the Workplace 51 6.13 Computer and Email Usage 51 6.14 Internet Usage 52 6.15 Workplace Monitoring 54 6.16 Workplace Violence Prevention 55 7. Employee Conduct & Disciplinary Action 57 7.1 Employee Conduct and Work Rules 57 7.2 Sexual and Other Unlawful Harassment 58 7.3 Attendance and Punctuality 60 7.4 Personal Appearance 60 7.5 Return of Property 61 7.6 Resignation and Retirement 61 7.7 Security Inspections 62 7.8 Progressive Discipline 62 7.9 Problem Resolution 64 7.10 Workplace Etiquette 65 7.11 Suggestion Program 67 Acknowledgement of Receipt 68 Welcome to [YOUR COMPANY NAME]! On behalf of your colleagues, we welcome you to [YOUR COMPANY NAME] and wish you every success here. At [YOUR COMPANY NAME], we believe that each employee contributes directly to the growth and success of the company, and we hope you will take pride in being a member of our team. This handbook was developed to describe some of the expectations of our employees and to outline the policies, programs, and benefits available to eligible employees. Employees should become familiar with the contents of the employee handbook as soon as possible, for it will answer many questions about employment with [YOUR COMPANY NAME]. We believe that professional relationships are easier when all employees are aware of the culture and values of the organization. This guide will help you to better understand our vision for the future of our business and the challenges that are ahead. We hope that your experience here will be challenging, enjoyable, and rewarding. Again, welcome! [PRESIDENT NAME] President & CEO 1. Organization Description 1.1 Introductory Statement This handbook is designed to acquaint you with [YOUR COMPANY NAME] and provide you with information about working conditions, employee benefits, and some of the policies affecting your employment. You should read, understand, and comply with all provisions of the handbook. It describes many of your responsibilities as an employee and outlines the programs developed by [YOUR COMPANY NAME] to benefit employees. One of our objectives is to provide a work environment that is conducive to both personal and professional growth. No employee handbook can anticipate every circumstance or question about policy. As [YOUR COMPANY NAME] continues to grow, the need may arise and [YOUR COMPANY NAME] reserves the right to revise, supplement, or rescind any policies or portion of the handbook from time to time as it deems appropriate, in its sole and absolute discretion. Employees will be notified of such changes to the handbook as they occur. 1.2 Customer Relations Customers are among our organization's most valuable assets. Every employee represents [YOUR COMPANY NAME] to our customers and the public. The way we do our jobs presents an image of our entire organization. Customers judge all of us by how they are treated with each employee contact. Therefore, one of our first business priorities is to assist any customer or potential customer. Nothing is more important than being courteous, friendly, helpful, and prompt in the attention you give to customers. [YOUR COMPANY NAME] will provide customer relations and services training to all employees with extensive customer contact. Customers who wish to lodge specific comments or complaints should be directed to the [TITLE AND NAME OF THE PERSON RESPONSIBLE] for appropriate action. Our personal contact with the public, our manners on the telephone, and the communications we send to customers are a reflection not only of ourselves, but also of the professionalism of [YOUR COMPANY NAME]. Positive customer relations not only enhance the public's perception or image of [YOUR COMPANY NAME], but also pay off in greater customer loyalty and increased sales and profit. 1.3 Products and Services Provided You will find more information about our products and services by reading the [YOUR COMPANY NAME] Corporate Brochures. 1.4 Facilities and Location(s) Head Office: [ADDRESS] [CITY], [STATE] [ZIP/POSTAL CODE] [COUNTRY] 1.5 The History of [YOUR COMPANY NAME] [DESCRIBE THE HISTORY OF YOUR COMPANY HERE] 1.6 Management Philosophy [YOUR COMPANY NAME] management philosophy is based on responsibility and mutual respect. Our wishes are to maintain a work environment that fosters on personal and professional growth for all employees. Maintaining such an environment is the responsibility of every staff person. Because of their role, managers and supervisors have the additional responsibility to lead in a manner which fosters an environment of respect for each person. People who come to [YOUR COMPANY NAME] want to work here because we have created an environment that encourages creativity and achievement. [YOUR COMPANY NAME] aims to become a leader in [DESCRIBE YOUR COMPANY'S FIELD OF EXPERTISE]. The mainstay of our strategy will be to offer a level of client focus that is superior to that offered by our competitors. To help achieve this objective, [YOUR COMPANY NAME] seeks to attract highly motivated individuals that want to work as a team and share in the commitment, responsibility, risk taking, and discipline required to achieve our vision. Part of attracting these special individuals will be to build a culture that promotes both uniqueness and a bias for action. While we will be realistic in setting goals and expectations, [YOUR COMPANY NAME] will also be aggressive in reaching its objectives. This success will in turn enable [YOUR COMPANY NAME] to give its employees above average compensation and innovative benefits or rewards, key elements in helping us maintain our leadership position in the worldwide marketplace. 1.7 Goals [DESCRIBE YOUR COMPANY'S GOALS HERE] 2. The Employment 2","Employee Handbook","34",280,"https://templates.business-in-a-box.com/imgs/1000px/employee-handbook-D712.png","https://templates.business-in-a-box.com/imgs/250px/712.png","https://templates.business-in-a-box.com/svgs/docviewerWebApp1.html?v6#712.xml",{"title":6,"description":6},[155,156],{"label":18,"url":115},{"label":21,"url":117},"employee handbook","/template/employee-handbook-D712",{"description":160,"descriptionCustom":6,"label":161,"pages":8,"size":9,"extension":10,"preview":162,"thumb":163,"svgFrame":164,"seoMetadata":165,"parents":167,"keywords":166,"url":174},"NON-DISCLOSURE AGREEMENT (NDA) This Non-Disclosure Agreement (the \"Agreement\") is made and effective [DATE], BETWEEN: [YOUR COMPANY NAME] (the \"Disclosing Party\"), a corporation organized and existing under the laws of the [State/Province] of [STATE/PROVINCE], with its head office located at: [YOUR COMPLETE ADDRESS] AND: [RECEIVING PARTY NAME] (the \"Receiving Party\"), an individual with his main address located at OR a corporation organized and existing under the laws of the [State/Province] of [STATE/PROVINCE], with its head office located at: [COMPLETE ADDRESS] WHEREAS, Receiving Party has been or will be engaged in the performance of work on [DESCRIBE]; and in connection therewith will be given access to certain confidential and proprietary information; and WHEREAS, Receiving Party and Disclosing Party wish to evidence by this Agreement the manner in which said confidential and proprietary material will be treated. NOW, THEREFORE, it is agreed as follows: NON-DISCLOSURE OF CONFIDENTIAL INFORMATION Both Parties understand and agree that each Party may have access to the confidential information of the other party. For the purposes of this Agreement, \"Confidential Information\" means proprietary and confidential information about the Disclosing Party's (or it's suppliers') business or activities. Such information includes all business, financial, technical, and other information marked or designated by such Party as \"confidential\" or \"proprietary.\" Confidential Information also includes information which, by the nature of the circumstances surrounding the disclosure, ought in good faith to be treated as confidential. For the purposes of this Agreement, Confidential Information does not include: Information that is currently in the public domain or that enters the public domain after the signing of this Agreement. Information a Party lawfully receives from a third Party without restriction on disclosure and without breach of a non-disclosure obligation. Information that the Receiving Party knew prior to receiving any Confidential Information from the Disclosing Party. Information that the Receiving Party independently develops without reliance on any Confidential Information from the Disclosing Party. Each Party agrees that it will not disclose to any third Party or use any Confidential Information disclosed to it by the other Party except when expressly permitted in writing by the other Party. Each Party also agrees that it will take all reasonable measures to maintain the confidentiality of all Confidential Information of the other Party in its possession or control. TERM The term of this Agreement is [number] of [years/months] from the date of execution by both Parties. TITLE The Receiving Party agrees that all Confidential Information furnished by the Disclosing Party shall remain the sole property of the Disclosing Party. DISCLAIMER","Non Disclosure Agreement Nda","https://templates.business-in-a-box.com/imgs/1000px/non-disclosure-agreement-nda-D12692.png","https://templates.business-in-a-box.com/imgs/250px/12692.png","https://templates.business-in-a-box.com/svgs/docviewerWebApp1.html?v6#12692.xml",{"title":166,"description":6},"non disclosure agreement nda",[168,171],{"label":169,"url":170},"Legal Agreements","business-legal-agreements",{"label":172,"url":173},"Confidentiality Agreements","confidentiality-agreement","/template/non-disclosure-agreement-nda-D12692",false,{"seo":177,"reviewer":188,"quick_facts":192,"at_a_glance":194,"personas":198,"variants":223,"glossary":251,"sections":282,"how_to_fill":333,"common_mistakes":374,"faqs":399,"industries":427,"comparisons":452,"diy_vs_pro":464,"educational_modules":477,"related_template_ids_curated":480,"schema":488,"classification":490},{"meta_title":178,"meta_description":179,"primary_keyword":180,"secondary_keywords":181},"IT Acceptable Use Policy Template (Free Word)","Free IT acceptable use policy template for businesses. Covers device use, internet access, data handling, and security rules. Used in 190+ countries. Free Word and PDF download.","it acceptable use policy template",[182,183,184,185,186,187],"it acceptable use policy example","acceptable use policy for employees","it policy template word","internet use policy template","acceptable use policy free download","employee it policy template",{"name":189,"credential":190,"reviewed_date":191},"Bruno Goulet","CEO, Business in a Box","2026-05-02",{"difficulty":193,"legal_review_recommended":175,"signature_required":175},"medium",{"what_it_is":195,"when_you_need_it":196,"whats_inside":197},"An IT Acceptable Use Policy (AUP) is an operational document that defines how employees, contractors, and third parties may use a company's technology assets — computers, networks, software, mobile devices, and internet access. This free Word download gives you a structured, editable template you can tailor to your organization and distribute to staff during onboarding or policy updates, then export as PDF for acknowledgment and record-keeping.\n","Use it when onboarding new employees, after a security incident, when introducing new technology systems, or when your organization needs to meet compliance requirements such as SOC 2, ISO 27001, or HIPAA that mandate documented acceptable use controls.\n","Purpose and scope, authorized and prohibited uses of IT systems, internet and email use guidelines, personal device and remote access rules, data classification and handling requirements, monitoring and enforcement procedures, and violation consequences.\n",[199,203,207,211,215,219],{"title":200,"use_case":201,"icon_asset_id":202},"IT managers and system administrators","Establishing formal rules governing how staff use company networks and devices","persona-it-manager",{"title":204,"use_case":205,"icon_asset_id":206},"HR managers","Including an AUP acknowledgment in new-hire onboarding documentation","persona-hr-manager",{"title":208,"use_case":209,"icon_asset_id":210},"Small business owners","Setting clear IT usage expectations without a dedicated legal or IT department","persona-small-business-owner",{"title":212,"use_case":213,"icon_asset_id":214},"Compliance and risk officers","Satisfying SOC 2, ISO 27001, or HIPAA audit requirements for documented policies","persona-compliance-officer",{"title":216,"use_case":217,"icon_asset_id":218},"Operations directors","Standardizing technology use rules across departments and remote teams","persona-operations-director",{"title":220,"use_case":221,"icon_asset_id":222},"MSPs and IT consultants","Delivering a ready-to-implement policy to client organizations as part of an IT engagement","persona-it-consultant",[224,228,232,236,239,243,247],{"situation":225,"recommended_template":226,"slug":227},"Policy for a company allowing personal devices to access corporate systems","BYOD (Bring Your Own Device) Policy","bring-your-own-device-policy-byod-D12626",{"situation":229,"recommended_template":230,"slug":231},"Policy governing remote and hybrid workforce access to company resources","Remote Work Policy","remote-work-agreement-D13282",{"situation":233,"recommended_template":234,"slug":235},"Policy covering how sensitive business data is classified and handled","Data Classification Policy","data-classification-policy-D13828",{"situation":237,"recommended_template":134,"slug":238},"Policy setting rules for employee social media conduct","social-media-policy-D12688",{"situation":240,"recommended_template":241,"slug":242},"Policy covering how the company responds to a cybersecurity breach","Incident Response Plan","incident-response-plan-D13714",{"situation":244,"recommended_template":245,"slug":246},"Policy governing use and access to passwords and credentials","Password Management Policy","password-policy-D13563",{"situation":248,"recommended_template":249,"slug":250},"General employee code of conduct covering broader workplace behavior","Employee Code of Conduct","code-of-conduct-D13318",[252,255,258,261,264,267,270,273,276,279],{"term":253,"definition":254},"Acceptable Use Policy (AUP)","A written policy defining the permitted and prohibited ways users may interact with an organization's IT systems and data.",{"term":256,"definition":257},"IT Assets","All technology resources owned or managed by the organization, including hardware, software, networks, servers, and cloud services.",{"term":259,"definition":260},"Authorized User","Any employee, contractor, or third party who has been granted formal permission to access the organization's IT systems.",{"term":262,"definition":263},"BYOD (Bring Your Own Device)","A practice allowing employees to use personal smartphones, laptops, or tablets to access company systems and data.",{"term":265,"definition":266},"Data Classification","A framework that assigns sensitivity levels — such as public, internal, confidential, and restricted — to organizational data based on the risk of unauthorized disclosure.",{"term":268,"definition":269},"Endpoint","Any device that connects to the corporate network, including laptops, desktops, mobile phones, tablets, and printers.",{"term":271,"definition":272},"Monitoring","The practice of logging, reviewing, or auditing user activity on company-owned IT systems to detect policy violations or security threats.",{"term":274,"definition":275},"VPN (Virtual Private Network)","An encrypted tunnel that allows remote users to securely access a company's internal network over the public internet.",{"term":277,"definition":278},"Phishing","A social engineering attack in which a malicious actor impersonates a trusted entity via email or message to steal credentials or install malware.",{"term":280,"definition":281},"Least Privilege","A security principle stating that users should be granted only the minimum level of system access necessary to perform their job function.",[283,288,293,298,303,308,313,318,323,328],{"name":284,"plain_english":285,"sample_language":286,"common_mistake":287},"Purpose and scope","States why the policy exists, which systems and data it covers, and who it applies to — employees, contractors, vendors, and any other authorized users.","This IT Acceptable Use Policy applies to all [COMPANY NAME] employees, contractors, consultants, and third parties who access company-owned or company-managed IT systems, networks, or data. Its purpose is to protect the confidentiality, integrity, and availability of [COMPANY NAME]'s information assets.","Scoping the policy only to full-time employees. Contractors and vendors with network access pose the same risk and must be explicitly covered.",{"name":289,"plain_english":290,"sample_language":291,"common_mistake":292},"Authorized use of IT systems","Defines what employees are permitted to do with company technology — what systems they may access, for what purposes, and under what conditions.","Company IT systems are provided for business use. Incidental personal use is permitted provided it does not interfere with job duties, consume significant bandwidth or storage, or violate any other section of this policy.","Banning all personal use categorically. An absolute prohibition is rarely enforced and undermines the credibility of the entire policy.",{"name":294,"plain_english":295,"sample_language":296,"common_mistake":297},"Prohibited activities","Lists specific actions that are never permitted on company systems, such as installing unauthorized software, accessing illegal content, or attempting to circumvent security controls.","The following activities are strictly prohibited on [COMPANY NAME] IT systems: installing unlicensed or unapproved software; accessing, downloading, or distributing illegal, obscene, or harassing content; attempting to bypass firewall, antivirus, or authentication controls; and using company resources to conduct personal business for profit.","Using a vague catch-all like 'inappropriate use' without specific examples. Vague prohibitions are difficult to enforce and may not hold up in a disciplinary proceeding.",{"name":299,"plain_english":300,"sample_language":301,"common_mistake":302},"Internet and email use","Sets rules for web browsing and email — personal webmail, social media access during work hours, acceptable email content, and rules against forwarding confidential data to personal accounts.","Employees shall not forward confidential company data to personal email accounts. Accessing social media on company devices is permitted during non-working hours unless the employee's role requires social media access as a business function.","Failing to address personal webmail forwarding. Employees who routinely forward files to Gmail or Outlook.com create data leakage channels that bypass corporate security controls entirely.",{"name":304,"plain_english":305,"sample_language":306,"common_mistake":307},"Device and endpoint security","Requires employees to keep devices patched and locked, prohibits connecting unapproved devices to the network, and sets rules for laptop security in public spaces.","All company-issued devices must have an approved endpoint protection solution installed and kept up to date. Employees must lock their screens when leaving a device unattended and must not connect personal USB storage devices to company hardware without prior IT approval.","Not addressing public Wi-Fi use. Employees who connect to company systems over unsecured airport or café Wi-Fi without a VPN are a leading vector for credential theft.",{"name":309,"plain_english":310,"sample_language":311,"common_mistake":312},"Remote access and VPN","Specifies how employees must connect to company systems when working outside the office — VPN requirements, multi-factor authentication, and home network security expectations.","All remote access to [COMPANY NAME] internal systems must be made through the company-approved VPN. Multi-factor authentication (MFA) is required for all remote logins. Employees are responsible for ensuring their home network router firmware is current and that the default router password has been changed.","Mandating VPN use without providing the VPN tool or clear setup instructions. Employees who cannot access the VPN easily will connect without it.",{"name":314,"plain_english":315,"sample_language":316,"common_mistake":317},"Data handling and classification","Explains how employees must store, transmit, and dispose of data based on its sensitivity classification — which data can be in the cloud, what requires encryption, and how to dispose of physical media.","Confidential data must be stored only in [COMPANY NAME]-approved cloud storage systems and must be encrypted in transit and at rest. Physical media containing restricted data must be destroyed using a cross-cut shredder or returned to IT for secure disposal.","Referencing a data classification scheme that does not actually exist in the organization. Policies that cite undefined categories create confusion and expose the company during audits.",{"name":319,"plain_english":320,"sample_language":321,"common_mistake":322},"Monitoring and privacy","Informs employees that company-owned systems and networks are subject to monitoring, explains the scope of monitoring, and clarifies that employees have a reduced expectation of privacy on company equipment.","[COMPANY NAME] reserves the right to monitor, log, and audit all activity on company-owned or company-managed IT systems, including email, internet activity, and file transfers. Employees should have no expectation of privacy when using company IT resources.","Omitting the monitoring notice and relying on it only at the point of investigation. In some jurisdictions, monitoring without prior notice creates legal exposure — the policy is your notice of record.",{"name":324,"plain_english":325,"sample_language":326,"common_mistake":327},"Violations and enforcement","States the consequences for violating the policy — from verbal warning to termination — and confirms that violations may be referred to law enforcement if applicable.","Violations of this policy may result in disciplinary action up to and including termination of employment, revocation of system access, and — where violations constitute criminal activity — referral to appropriate law enforcement authorities.","Using absolute language like 'will result in immediate termination' for all violations. This removes managerial discretion and can expose the company to wrongful termination claims for minor first offenses.",{"name":329,"plain_english":330,"sample_language":331,"common_mistake":332},"Acknowledgment and review","Requires employees to sign or digitally acknowledge the policy and establishes a review cycle to keep the document current as technology and threats evolve.","All authorized users must sign or digitally acknowledge this policy prior to being granted access to [COMPANY NAME] IT systems. This policy will be reviewed annually or following any material change to the company's technology environment or applicable regulatory requirements.","Issuing the policy without collecting acknowledgments. Without a signed record, the company cannot demonstrate that an employee was aware of the rules — which is the first defense in any disciplinary action.",[334,339,344,349,354,359,364,369],{"step":335,"title":336,"description":337,"tip":338},1,"Define the scope and authorized user population","Identify every category of person who accesses your IT systems — full-time employees, part-time staff, contractors, vendors, and interns. List the specific systems and networks covered, including cloud services.","If your company uses a named cloud platform (Microsoft 365, Google Workspace, AWS), list it explicitly. Vague references to 'cloud systems' create gaps in coverage.",{"step":340,"title":341,"description":342,"tip":343},2,"Inventory the IT assets the policy governs","List the asset categories in scope: company-owned laptops, mobile devices, servers, on-premise networks, VPN, and SaaS platforms. This inventory anchors every section of the policy.","Work with your IT team to pull the actual device and software inventory before drafting. Policies written without this step routinely miss whole categories of endpoints.",{"step":345,"title":346,"description":347,"tip":348},3,"Draft the prohibited activities list with specific examples","Go beyond 'inappropriate use' and list concrete prohibited actions: installing unapproved software, using personal cloud storage for company files, accessing competitor systems, and attempting to escalate system privileges.","Review your last 12 months of IT support tickets and security incidents. The most common real-world violations in your organization should be explicitly named.",{"step":350,"title":351,"description":352,"tip":353},4,"Set internet, email, and social media rules","Decide your actual position on personal use during work hours — a blanket ban is rarely enforced. Define clear limits: no personal webmail forwarding of company data, no social media posting about clients, no accessing personal streaming services on company networks.","Calibrate your rules to your culture. A startup with a casual environment needs different language than a regulated financial services firm.",{"step":355,"title":356,"description":357,"tip":358},5,"Write the remote access and device security requirements","Specify VPN requirements, MFA enrollment deadlines, screen-lock timeout settings (10 minutes is a common standard), and rules for working in public spaces.","Include the IT helpdesk contact details directly in this section so employees know who to call when they cannot connect remotely.",{"step":360,"title":361,"description":362,"tip":363},6,"Add the monitoring and privacy notice","State clearly that company systems are subject to monitoring and that employees have no expectation of privacy on company equipment. Reference this section in the acknowledgment employees sign.","If your company operates in the EU or California, review GDPR and CCPA requirements before finalizing the monitoring language — employee monitoring has additional notice requirements in these jurisdictions.",{"step":365,"title":366,"description":367,"tip":368},7,"Define consequences with proportional tiers","Establish a tiered disciplinary response: verbal warning for minor first offenses, written warning for repeat violations, suspension or termination for serious breaches, and law enforcement referral for criminal activity.","Align this section with your employee handbook's disciplinary procedure so there are no contradictions between documents.",{"step":370,"title":371,"description":372,"tip":373},8,"Distribute, collect acknowledgments, and set a review date","Publish the policy to all covered users, collect signed or digital acknowledgments before granting access, and calendar an annual review date in the document itself.","Store acknowledgment records in your HRIS or document management system — not in a shared folder. You need to retrieve individual acknowledgments quickly if a violation occurs.",[375,379,383,387,391,395],{"mistake":376,"why_it_matters":377,"fix":378},"Excluding contractors and vendors from scope","Third-party users with network access create the same data leakage and breach risk as employees. Limiting the policy to staff leaves a documented gap that auditors and insurers will flag.","Explicitly name every user category in the scope section and require acknowledgment from all of them before granting system access.",{"mistake":380,"why_it_matters":381,"fix":382},"Vague prohibited use language","Terms like 'inappropriate use' or 'excessive personal use' cannot be consistently enforced and rarely hold up in disciplinary proceedings when the employee argues the rule was unclear.","List specific prohibited behaviors with concrete examples. Replace 'inappropriate content' with 'pornographic, violent, or hate-based material' and define the examples your legal team has approved.",{"mistake":384,"why_it_matters":385,"fix":386},"No employee acknowledgment process","Without a signed acknowledgment on file, you cannot demonstrate the employee knew the rules — which is the foundational requirement in any disciplinary or legal proceeding stemming from a policy violation.","Require all covered users to sign or digitally acknowledge the policy before receiving system credentials, and store those records in a searchable system.",{"mistake":388,"why_it_matters":389,"fix":390},"Never updating the policy after initial publication","A policy written in 2020 will not address cloud collaboration tools, AI assistants, or the remote work security practices that have become standard since then — creating unaddressed risk and audit findings.","Set a mandatory annual review date inside the document itself, assign a named policy owner responsible for the review, and log each revision with a version number and date.",{"mistake":392,"why_it_matters":393,"fix":394},"Monitoring employees without prior notice in the policy","In the EU under GDPR and in several US states, monitoring employees' electronic activity without prior notice and a documented lawful basis can expose the company to regulatory fines and employee claims.","Include an explicit monitoring notice in the policy, collect acknowledgments as proof of notice, and confirm the lawful basis for monitoring with a legal or privacy advisor before deployment.",{"mistake":396,"why_it_matters":397,"fix":398},"Using absolute termination language for all violations","A clause stating that any violation 'will result in immediate termination' removes the discretion managers need for minor or ambiguous first offenses, and can create wrongful termination exposure.","Replace absolute language with tiered consequences — 'may result in disciplinary action up to and including termination' — and align the tiers with your employee handbook.",[400,403,406,409,412,415,418,421,424],{"question":401,"answer":402},"What is an IT acceptable use policy?","An IT acceptable use policy is a formal document that defines how employees and other authorized users may use a company's technology assets — including computers, networks, email, internet access, mobile devices, and cloud services. It sets clear boundaries between permitted and prohibited activities, establishes monitoring practices, and specifies the consequences for violations. Most organizations require employees to sign or acknowledge the policy before receiving system access.\n",{"question":404,"answer":405},"Why do businesses need an IT acceptable use policy?","Without a written policy, there is no documented standard against which employee behavior can be measured or enforced. An AUP also satisfies explicit requirements in security frameworks such as SOC 2, ISO 27001, HIPAA, and PCI-DSS, all of which require documented controls over user access and system use. Cyber insurance underwriters increasingly review policies like this as part of the application process and may reduce premiums or deny coverage without one.\n",{"question":407,"answer":408},"Who should be covered by an IT acceptable use policy?","The policy should apply to every person who accesses company IT systems, including full-time employees, part-time staff, contractors, consultants, temporary workers, interns, and vendors with network access. Limiting scope to employees only is one of the most common gaps cited in security audits, since third parties with system access present the same data risk.\n",{"question":410,"answer":411},"Does an IT acceptable use policy need to be signed?","Employees do not need to physically sign the policy for it to be effective, but some form of documented acknowledgment — a wet signature, digital signature, or a logged click-through acceptance — is essential. Acknowledgment records are the primary evidence that an employee was aware of the rules, which is the foundational requirement in any disciplinary proceeding or legal claim stemming from a policy violation.\n",{"question":413,"answer":414},"How often should an IT acceptable use policy be updated?","An annual review is the minimum standard recommended by most security frameworks. The policy should also be reviewed after any significant change to the technology environment — such as adopting a new cloud platform, enabling remote work, or experiencing a security incident. Outdated policies that do not address current tools and threats create audit findings and leave actual risks undocumented.\n",{"question":416,"answer":417},"What is the difference between an IT acceptable use policy and an employee code of conduct?","An employee code of conduct addresses broad workplace behavior — professionalism, conflicts of interest, harassment, and ethics. An IT acceptable use policy is specific to technology systems, covering device use, internet access, data handling, and cybersecurity rules. The two documents complement each other and should be consistent, but the AUP provides the technical detail that a general code of conduct cannot.\n",{"question":419,"answer":420},"Can employees be monitored under an IT acceptable use policy?","Yes, in most jurisdictions, employers may monitor activity on company-owned systems and networks, provided employees are given prior notice that monitoring occurs — which the AUP acknowledgment process fulfills. The scope and legal basis for monitoring vary by jurisdiction: GDPR in the EU and state laws in California impose additional requirements around notice, proportionality, and lawful basis. Consult a legal or privacy advisor before deploying monitoring tools.\n",{"question":422,"answer":423},"What happens if an employee violates the IT acceptable use policy?","Consequences should be proportionate to the severity of the violation and aligned with the company's existing disciplinary procedure. Minor first offenses typically warrant a verbal or written warning. Repeated violations, deliberate data misuse, or illegal activity may result in suspension, termination, or referral to law enforcement. Using tiered language — 'up to and including termination' — preserves managerial discretion while documenting that serious consequences are possible.\n",{"question":425,"answer":426},"Is an IT acceptable use policy required for compliance with SOC 2 or ISO 27001?","SOC 2 Type II audits examine whether a documented acceptable use policy exists and whether employees have acknowledged it. ISO 27001 Annex A control A.8.1.3 specifically requires a policy on acceptable use of information assets. HIPAA's Security Rule requires covered entities to implement policies governing workstation use and electronic media access. In each case, the absence of a documented, acknowledged policy is a finding that can affect certification status or audit outcomes.\n",[428,432,436,440,444,448],{"industry":429,"icon_asset_id":430,"specifics":431},"Technology / SaaS","industry-saas","Covers use of development environments, code repositories, API keys, and AI coding assistants, with stricter rules on forwarding proprietary source code to personal accounts.",{"industry":433,"icon_asset_id":434,"specifics":435},"Financial Services","industry-fintech","Addresses SEC and FINRA recordkeeping rules, prohibitions on personal trading using company systems, and encryption requirements for transmitting client financial data.",{"industry":437,"icon_asset_id":438,"specifics":439},"Healthcare","industry-healthtech","Incorporates HIPAA workstation use and device disposal requirements, prohibits forwarding protected health information to personal email, and mandates encryption for any PHI stored on endpoints.",{"industry":441,"icon_asset_id":442,"specifics":443},"Professional Services","industry-professional-services","Focuses on client confidentiality protections, restricts use of personal cloud storage for client documents, and addresses rules for using client-provided system credentials.",{"industry":445,"icon_asset_id":446,"specifics":447},"Education","industry-education","Extends coverage to student-facing systems and shared devices, addresses FERPA requirements for student data, and includes separate acceptable use provisions for minors where applicable.",{"industry":449,"icon_asset_id":450,"specifics":451},"Retail / E-commerce","industry-retail","Addresses PCI-DSS requirements for systems that process payment card data, restricts point-of-sale device use to authorized transactions, and prohibits storing cardholder data on endpoint devices.",[453,456,459,461],{"vs":249,"vs_template_id":454,"summary":455},"code-of-conduct-D12959","An employee code of conduct governs broad workplace behavior including professionalism, ethics, and harassment. An IT acceptable use policy is narrower and more technical, covering only technology systems and data. Both documents should coexist and cross-reference each other — the AUP cannot replace a general code of conduct.",{"vs":107,"vs_template_id":457,"summary":458},"privacy-policy-D13095","A data privacy policy (or privacy notice) explains to customers and users how their personal data is collected, used, and protected — it is an external-facing document. An IT acceptable use policy is an internal document governing how employees handle data. Regulated organizations need both, and the internal AUP should align with the commitments made in the external privacy policy.",{"vs":230,"vs_template_id":231,"summary":460},"A remote work policy governs where and how employees may work outside the office — covering ergonomics, availability expectations, and equipment stipends. An IT acceptable use policy governs what employees may do on company systems, regardless of location. For distributed teams, both documents are needed and should be consistent on VPN, device security, and data handling rules.",{"vs":241,"vs_template_id":462,"summary":463},"D{INCIDENT_RESPONSE_PLAN_ID}","An incident response plan defines how the organization detects, contains, and recovers from a cybersecurity breach. An IT acceptable use policy is a preventive control that reduces the likelihood of incidents by setting rules for user behavior. The two documents are complementary — the AUP aims to prevent incidents; the incident response plan addresses what happens when prevention fails.",{"use_template":465,"template_plus_review":469,"custom_drafted":473},{"best_for":466,"cost":467,"time":468},"Small to mid-sized businesses establishing or formalizing IT rules for the first time","Free","2–4 hours to customize and distribute",{"best_for":470,"cost":471,"time":472},"Companies in regulated industries (healthcare, finance) or those preparing for a SOC 2 or ISO 27001 audit","$300–$800 for an IT security consultant or attorney review","1–3 days",{"best_for":474,"cost":475,"time":476},"Enterprise organizations with complex IT environments, multi-jurisdiction operations, or mandatory compliance programs","$1,500–$5,000+ for a full policy suite from a cybersecurity firm or law firm","2–4 weeks",[478,479],"acceptable-use-policy-basics","it-security-policy-compliance-checklist",[250,481,231,238,482,483,484,485,227,486,246,487],"data-privacy-policy-D13465","employee-handbook-D712","non-disclosure-agreement-nda-D12692","it-security-policy-D13722","data-breach-response-and-notification-policy-D13650","information-security-policy-D13552","vendor-management-policy-D12802",{"emit_how_to":489,"emit_defined_term":489},true,{"primary_folder":491,"secondary_folder":492,"document_type":493,"industry":494,"business_stage":495,"tags":496,"confidence":502},"software-technology","cybersecurity-policies","policy","general","all-stages",[497,498,499,500,501],"compliance","it-policy","acceptable-use-policy","aup","cybersecurity",0.95,"\u003Ch2>What is an IT Acceptable Use Policy?\u003C/h2>\n\u003Cp>An \u003Cstrong>IT Acceptable Use Policy (AUP)\u003C/strong> is an internal operational document that defines the rules governing how employees, contractors, and any other authorized users may access and use a company's technology systems — including computers, networks, email, internet access, mobile devices, and cloud platforms. It distinguishes permitted business use from prohibited activities, sets expectations for device security and data handling, establishes monitoring practices, and specifies the disciplinary consequences for violations. Unlike a general code of conduct, an AUP is focused exclusively on technology behavior and is typically acknowledged in writing by every user before they receive system credentials.\u003C/p>\n\u003Ch2>Why You Need This Document\u003C/h2>\n\u003Cp>Without a documented IT acceptable use policy, your organization has no enforceable standard against which to measure or discipline technology misuse. When an employee forwards confidential client data to a personal email account, installs unauthorized software that introduces malware, or shares system credentials with a vendor, the absence of a written policy means you cannot demonstrate that any rule was broken — making disciplinary action, legal claims, and insurance filings far more difficult. Beyond internal enforcement, an AUP is a hard requirement for SOC 2 Type II audits, ISO 27001 certification, HIPAA compliance, and most cyber liability insurance applications. Organizations that have experienced a breach also face insurer scrutiny of whether documented controls were in place at the time of the incident. This template gives you a complete, editable starting point that covers every essential section — from prohibited activities to monitoring notices — so you can distribute a credible, enforceable policy in hours rather than weeks.\u003C/p>\n",1781185986588]