[{"data":1,"prerenderedAt":481},["ShallowReactive",2],{"document-it-equipment-email-and-internet-usage-policy-D12640":3},{"document":4,"label":24,"preview":11,"thumb":25,"description":5,"descriptionCustom":6,"apiDescription":5,"pages":8,"extension":10,"parents":26,"breadcrumb":30,"related":38,"customDescModule":170,"customdescription":6,"mdFm":171,"mdProseHtml":480},{"description":5,"descriptionCustom":6,"label":7,"pages":8,"size":9,"extension":10,"preview":11,"thumb":12,"svgFrame":13,"seoMetadata":14,"parents":16,"keywords":23},"IT EQUIPMENT, EMAIL & INTERNET USAGE POLICY OVERVIEW The internet is to be used to further the Company's mission of providing the highest quality service to the Company's customers and employees, and to support other direct job-related purposes. Supervisors should work with employees to determine the appropriateness of using the Company's internet/intranet access. Limited personal use of internet resources is a special exception to the general prohibition against the personal use of computer equipment and software. Employees are individually liable for any and all damages incurred as a result of violating company security policy, copyright and licensing agreements. For these reasons, internet access will be granted only to users to support business activities and only according to their needs in the exercise of their professional functions and roles. PURPOSE The purpose of this policy is to define the appropriate uses of the internet by [COMPANY NAME] employees and affiliates. APPLICABILITY This policy applies to all employees and the use of the term \"employees\" should be read broadly to include permanent full-time and part-time employees, contract workers, temporary workers, business partners and suppliers who have access to the internet through computer or networking resources. In addition, this policy also covers and applies to employees using social media for work purposes and to the personal use of social media when away from work when the employee's employment is identified, known, or presumed. The company's internet users are required to familiarize themselves with and comply with this policy, as well as to use common sense and judgment in the use of internet services. POLICY Access to the internet Internet access will only be granted if reasonable operational needs are identified. In addition, internet services will only be provided in accordance with the employee's current responsibilities. If an employee changes business unit or job, a new internet access request must be submitted within [SPECIFY] business days. Finally, user internet access requirements will be reviewed periodically by the company's departments to ensure that needs are ongoing. Allowed Usage The use of the internet is granted only to support commercial activities necessary for the performance of professional duties. All users must follow the company's principles concerning the use of resources and exercise good judgment in the use of the internet. If you have any questions, please contact the IT department. Acceptable use of the internet to perform the duties of a position includes: Communication between employees and non-employees for commercial purposes; IT technical support downloading software updates and patches; Review of potential suppliers' websites for product information; Reference regulatory or technical information. Research Personal Usage The use of the company's IT resources to access the internet for personal use, without the approval of the user's manager and IT department, may result in disciplinary action up to and including termination. All internet users should be aware that the company's network creates an audit log that reflects service requests, both for incoming and outgoing addresses and that it is constantly reviewed. Users who choose to store or transmit personal information such as private keys, credit card numbers or certificates or who use internet \"wallets\" do so at their own risk. [COMPANY NAME] is not responsible for any loss of information, such as information stored in the portfolio, or any resulting loss of personal property. Prohibited Usage The acquisition, storage and dissemination of illegal, pornographic or racially, gender- or belief-denigrating data is expressly prohibited. The company also prohibits the conduct of a commercial enterprise, political activities, any form of information gathering at its facilities, and fraudulent activities or the knowing dissemination of false and defamatory material. Other activities that are strictly prohibited include, but are not limited to: Using the facilities and equipment in conflict with our objectives, such as to operate a personal business or to seek alternate employment; Broadcasting personal points of view such as commentaries on social or political issues; Participating in internet chat groups, online contest or promotion; Using the facilities and equipment to buy or sell items; Using the facilities and equipment to participate in any kind of on-line games, including gambling; Access company information that is not part of their work. This includes unauthorized reading of client account information, unauthorized access to personnel file information and access to information that is not necessary for the appropriate performance of the duties of the employee's position; Misuse, unauthorized disclosure or modification of customer or staff information. This includes unauthorized modification of a personal file or sharing of electronic data on clients or staff with unauthorized personnel; Any conduct that would constitute or encourage a criminal offense, lead to civil liability, or otherwise violate any regulations, local, state, national or international law; The use, transmission, duplication or voluntary receipt of material that violates the copyrights, trademarks, trade secrets or patent rights of any person or organization. Assume that all material on the internet is protected by copyright or patents, unless specifically stated otherwise;",null,"It Equipment Email And Internet Usage Policy","4",513,"doc","https://templates.business-in-a-box.com/imgs/1000px/it-equipment,-email-and-internet-usage-policy-D12640.png","https://templates.business-in-a-box.com/imgs/250px/12640.png","https://templates.business-in-a-box.com/svgs/docviewerWebApp1.html?v6#12640.xml",{"title":15,"description":6},"it equipment email and internet usage policy",[17,20],{"label":18,"url":19},"Human Resources","/templates/human-resources/",{"label":21,"url":22},"Company Policies","/templates/company-policies/","it equipment email internet usage policy","It Equipment Email And Internet Usage Policy Template","https://templates.business-in-a-box.com/imgs/400px/12640.png",[27,17,20],{"label":28,"url":29},"Templates","/templates/",[31,32,35],{"label":28,"url":29},{"label":33,"url":34},"Software & Technology","/templates/software-technology/",{"label":36,"url":37},"Cybersecurity Policies","/templates/cybersecurity-policies/",[39,43,47,51,55,59,63,67,71,75,79,83,87,101,113,127,141,158],{"label":40,"url":41,"thumb":42,"extension":10},"Internet Policy","/template/internet-policy-D13421","https://templates.business-in-a-box.com/imgs/250px/13421.png",{"label":44,"url":45,"thumb":46,"extension":10},"Office Space Allocation and Usage Policy","/template/office-space-allocation-and-usage-policy-D13739","https://templates.business-in-a-box.com/imgs/250px/13739.png",{"label":48,"url":49,"thumb":50,"extension":10},"IT Security Policy","/template/it-security-policy-D13722","https://templates.business-in-a-box.com/imgs/250px/13722.png",{"label":52,"url":53,"thumb":54,"extension":10},"Email Security Policy","/template/email-security-policy-D13961","https://templates.business-in-a-box.com/imgs/250px/13961.png",{"label":56,"url":57,"thumb":58,"extension":10},"Email Policy Strict","/template/email-policy-strict-D710","https://templates.business-in-a-box.com/imgs/250px/710.png",{"label":60,"url":61,"thumb":62,"extension":10},"IT Governance and Compliance Policy","/template/it-governance-and-compliance-policy-D13721","https://templates.business-in-a-box.com/imgs/250px/13721.png",{"label":64,"url":65,"thumb":66,"extension":10},"IT Acceptable Use Policy","/template/it-acceptable-use-policy-D13720","https://templates.business-in-a-box.com/imgs/250px/13720.png",{"label":68,"url":69,"thumb":70,"extension":10},"Personal Protective Equipment Policy","/template/personal-protective-equipment-policy-D13746","https://templates.business-in-a-box.com/imgs/250px/13746.png",{"label":72,"url":73,"thumb":74,"extension":10},"Remote Work Equipment and Security Policy","/template/remote-work-equipment-and-security-policy-D13763","https://templates.business-in-a-box.com/imgs/250px/13763.png",{"label":76,"url":77,"thumb":78,"extension":10},"Technology Policy","/template/technology-policy-D13285","https://templates.business-in-a-box.com/imgs/250px/13285.png",{"label":80,"url":81,"thumb":82,"extension":10},"Equipment Placement Agreement","/template/equipment-placement-agreement-D773","https://templates.business-in-a-box.com/imgs/250px/773.png",{"label":84,"url":85,"thumb":86,"extension":10},"Cyber Security Policy","/template/cyber-security-policy-D12867","https://templates.business-in-a-box.com/imgs/250px/12867.png",{"description":88,"descriptionCustom":6,"label":89,"pages":8,"size":9,"extension":10,"preview":90,"thumb":91,"svgFrame":92,"seoMetadata":93,"parents":95,"keywords":94,"url":100},"[COMPANY NAME] REMOTE WORK POLICY POLICY STATEMENT [COMPANY NAME] provides users with the facilities and opportunities to work remotely as appropriate. We will ensure that all users who work remotely are aware of the acceptable use of portable computer devices and remote working opportunities. STATEMENT OF PURPOSE The purpose of this document is to state the Remote Working policy of [COMPANY NAME]. Portable computing devices are provided to assist users to conduct official business efficiently and effectively. This equipment, and any information stored on portable computing devices, should be recognised as valuable organisational information assets, and safeguarded appropriately. SCOPE This document applies to all employees of [COMPANY NAME] and contractual third parties who use [COMPANY NAME] IT facilities and equipment remotely, or who require remote access to [COMPANY NAME] Information Systems or information. This policy should always be adhered to whenever any user makes use of portable computing devices. This policy applies to all users of [COMPANY NAME] IT equipment and personal IT equipment when working away from [COMPANY NAME] offices/facilities. Portable computing devices include, but are not restricted to, the following: Laptop computers. Tablet, PCs. Mobile phones Wireless technologies. RISKS [COMPANY NAME] recognises that there are risks associated with users accessing and handling information to conduct official work. The mobility, technology and information that make portable computing devices so useful to employees and organisations also make them valuable assets for thieves. This policy aims to mitigate the following risks: Increased risk of equipment damage, loss, or theft. Accidental or deliberate overlooking by unauthorised individuals. Unauthorised access to PROTECT and RESTRICTED information. Unauthorised introduction of malicious software and viruses. Potential sanctions against the company imposed by the authorities because of information loss or misuse. Potential legal action against the company because of information loss or misuse. [COMPANY NAME] reputational damage because of information loss or misuse. Non-compliance with this policy could have a significant effect on the efficient operation of [COMPANY NAME] and may result in financial loss and an inability to provide necessary services to our customers. EQUIPMENTS All IT equipment (including portable computer devices) supplied to users is the property of [COMPANY NAME]. It must be returned upon the request of [COMPANY NAME]. Access for support or IT Service staff of [COMPANY NAME] shall be given to allow essential maintenance security work or removal, upon request. All IT equipment will be supplied and installed by [COMPANY NAME] IT Service staff. Hardware and software must only be provided by [COMPANY NAME] IT Service staff. USER RESPONSIBILITY It is the user's responsibility to ensure that the following points are always adhered to: Users must take due care and attention of portable computer devices when moving between home and another business site. Users will not install or update any software on a [COMPANY NAME] owned portable computer device. Users will not install any screen savers on a [COMPANY NAME] owned portable computer device. Users will not change the configuration of any [COMPANY NAME] owned portable computer device. Users will not install any hardware to or inside any [COMPANY NAME] owned portable computer device, unless authorised by [COMPANY NAME] IT Service staff. Users will allow the installation and maintenance of [COMPANY NAME] installed Anti-Virus updates immediately. Business critical data should be stored on a [COMPANY NAME] file and print server wherever possible and not held on the portable computer device. Users must not remove or deface any asset registration number. User requests for upgrades of hardware or software must be approved by [SPECIFY]. Equipment and software will then be purchased and installed by IT Service staff.","Remote Work Policy","https://templates.business-in-a-box.com/imgs/1000px/remote-work-policy-D12540.png","https://templates.business-in-a-box.com/imgs/250px/12540.png","https://templates.business-in-a-box.com/svgs/docviewerWebApp1.html?v6#12540.xml",{"title":94,"description":6},"remote work policy",[96,98],{"label":18,"url":97},"human-resources",{"label":21,"url":99},"company-policies","/template/remote-work-policy-D12540",{"description":102,"descriptionCustom":6,"label":103,"pages":8,"size":9,"extension":10,"preview":104,"thumb":105,"svgFrame":106,"seoMetadata":107,"parents":109,"keywords":108,"url":112},"SOCIAL MEDIA POLICY PURPOSE [COMPANY NAME] recognizes that technology provides unique opportunities to build our business, listen, learn and engage with consumers, stakeholders and employees through the use of a wide variety of Social Media. However, how we use social media and what we say also has the potential to affect [COMPANY NAME]'s reputation and/or expose the Company (and each of us) to business or legal risk. Whilst we recognize the benefits which may be gained from appropriate use of social media, it is also important to be aware that it poses significant risks to our business. These risks include disclosure of confidential information and intellectual property, damage to our reputation and the risk of legal claims. Therefore, every employee has a personal responsibility to be familiar with and comply with [COMPANY NAME]'s overall Social Media Policy. This policy is designed to reflect our purpose, values and principles, our business conduct manual, and legal requirements. Because we use social media in a variety of ways, there are more specific expectations that may apply to your activities. SCOPE This policy covers all forms of social media, including Facebook, Instagram, LinkedIn, Twitter, Google+ Wikipedia, other social networking sites, and other internet postings, including blogs. It applies to the use of social media for both business and personal purposes, during working hours and in your own time to the extent that it may affect the business of the company. The policy applies both when the social media is accessed using our information systems and also when access using equipment or software belonging to employees or others. It also covers all employees and also others including consultants, contractors, and casual and agency staff. Breach of this policy may result in disciplinary action up to and including dismissal. Any misuse of social media should be reported to [SPECIFY]. Questions regarding the content or application of this policy should be directed to [SPECIFY]]. POLICY STATEMENT Although many users may consider their personal comments posted on social media or discussions on social networking sites to be private, these communications are frequently available to a larger audience than the author may realize. As a result, any online communication that directly or indirectly refers to [COMPANY NAME], our products and services, team members or other work-related issues, has the potential to damage [COMPANY NAME]'s reputation or interests. When participating in social media in a personal capacity, employees must: Not disclose [COMPANY NAME]'s confidential information, proprietary or sensitive information. Information is considered confidential when it is not readily available to the public. The majority of information used throughout [COMPANY NAME] is confidential. If you are in doubt about whether information is confidential, refer to the [COMPANY NAME] [EMPLOYEE HANDBOOK/CODE OF CONDUCT] and/or ask your manager before disclosing any information. Not use the [COMPANY NAME] logo or company branding on any social media platform without prior approval from [SPECIFY]; Not communicate anything that might damage [COMPANY NAME]'s reputation, brand image, commercial interests, or the confidence of our customers; Not represent or communicate on behalf of [COMPANY NAME] in the public domain without prior approval from [SPECIFY]; Not post any material that would directly or indirectly defame, harass, discriminate against or bully any [COMPANY NAME] team member, supplier or customer; Ensure, when identifying themselves (or when they may be identified) as a [COMPANY NAME] team member, that their social media communications are lawful and Comply with [COMPANY NAME]'s policies and procedures RESPONSIBLE USE OF SOCIA MEDIA Employee must not use social media in a way that might breach any of our policies, any express or implied contractual obligations, legislation, or regulatory requirements. In particular, use of social media must comply with: The Anti-Bullying and Sexual Harassment Policies Rules of relevant regulatory bodies; Contractual confidentiality requirements;","Social Media Policy","https://templates.business-in-a-box.com/imgs/1000px/social-media-policy-D12688.png","https://templates.business-in-a-box.com/imgs/250px/12688.png","https://templates.business-in-a-box.com/svgs/docviewerWebApp1.html?v6#12688.xml",{"title":108,"description":6},"social media policy",[110,111],{"label":18,"url":97},{"label":21,"url":99},"/template/social-media-policy-D12688",{"description":114,"descriptionCustom":6,"label":115,"pages":116,"size":9,"extension":10,"preview":117,"thumb":118,"svgFrame":119,"seoMetadata":120,"parents":122,"keywords":125,"url":126},"DATA PROTECTION & PRIVACY POLICY PURPOSE The purpose of this Data Protection and Privacy Policy is to establish the principles and practices for the protection of personal and sensitive data collected and processed by [COMPANY NAME]. This Policy ensures compliance with data protection laws and regulations and outlines our commitment to safeguarding the privacy and confidentiality of individuals' data. SCOPE This Policy applies to all employees, contractors, vendors, and authorized users who handle or have access to personal and sensitive data within [COMPANY NAME]. It encompasses data collected from customers, employees, partners, and other stakeholders. POLICY STATEMENTS Data Protection Principles Lawful Processing: [COMPANY NAME] will only collect, process, and use personal and sensitive data when there is a lawful basis for doing so, such as consent, contract necessity, legal obligation, legitimate interests, or the protection of vital interests. Transparency: Individuals will be informed about the purpose, use, and processing of their data at the time of collection or as soon as practicable thereafter. Data Minimization: [COMPANY NAME] will only collect data that is necessary for the specified purpose and will retain it only for as long as required. Data Accuracy: Reasonable efforts will be made to ensure the accuracy of data, and individuals have the right to request correction of inaccuracies. Security: Appropriate security measures, including encryption, access controls, and data breach response plans, will be implemented to protect data from unauthorized access, disclosure, alteration, or destruction. Data Collection and Consent Consent: Wherever required by law, [COMPANY NAME] will obtain clear and unambiguous consent from individuals before collecting or processing their personal data. Children's Data: Special care will be taken to protect the data of children and minors, and parental or guardian consent will be obtained when necessary. Data Subject Rights Access and Rectification: Data subjects have the right to access their data and request corrections, updates, or deletions.","Data Protection and Privacy Policy","0","https://templates.business-in-a-box.com/imgs/1000px/data-protection-and-privacy-policy-D13653.png","https://templates.business-in-a-box.com/imgs/250px/13653.png","https://templates.business-in-a-box.com/svgs/docviewerWebApp1.html?v6#13653.xml",{"title":121,"description":6},"data protection and privacy policy",[123,124],{"label":18,"url":97},{"label":21,"url":99},"data protection privacy policy","/template/data-protection-and-privacy-policy-D13653",{"description":128,"descriptionCustom":6,"label":129,"pages":130,"size":131,"extension":10,"preview":132,"thumb":133,"svgFrame":134,"seoMetadata":135,"parents":136,"keywords":139,"url":140},"Employee Handbook Understanding employment at [YOUR COMPANY NAME] Revised on [DATE] Prepared By: [YOUR NAME] [YOUR JOB TITLE] Phone 555.555.5555 Email info@yourbusiness.com www.yourbusiness.com Table of Content Table of Content 2 Welcome to [YOUR COMPANY NAME]! 5 1. Organization Description 6 1.1 Introductory Statement 6 1.2 Customer Relations 6 1.3 Products and Services Provided 7 1.4 Facilities and Location(s) 7 1.5 The History of [YOUR COMPANY NAME] 7 1.6 Management Philosophy 7 1.7 Goals 8 2. The Employment 9 2.1 Nature of Employment 9 2.2 Employee Relations 9 2.3 Equal Employment Opportunity 10 2.4 Diversity 10 2.5 Business Ethics and Conduct 12 2.6 Personal Relationships in the Workplace 13 2.7 Conflicts of Interest 13 2.8 Outside Employment 14 2.9 Non-Disclosure 15 2.10 Disability Accommodation 16 2.11 Job Posting and Employee Referrals 17 2.12 Whistleblower Policy 18 2.13 Accident and First Aid 20 3. Employment Status and Records 21 3.1 Employment Categories 21 3.2 Access to Personnel Files 22 3.3 Personnel Data Changes 23 3.4 Probation Period 23 3.5 Employment Applications 24 3.6 Performance Evaluation 24 3.7 Job Descriptions 25 3.8 Salary Administration 25 3.9 Professional Development 26 4. Employee Benefit Programs 27 4.1 Employee Benefits 27 4.2 Vacation Benefits 27 4.3 Military Service Leave 29 4.4 Religious Observance 29 4.5 Holidays 29 4.6 Workers Insurance 30 4.7 Sick Leave Benefits 31 4.8 Bereavement Leave 32 4.9 Relocation Benefits 33 4.10 Educational Assistance 33 4.11 Health Insurance 34 4.12 Life Insurance 35 4.13 Long Term Disability 35 4.14 Marriage, Maternity and Parental Leave 36 5. Timekeeping / Payroll 40 5.1 Timekeeping 40 5.2 Paydays 40 5.3 Employment Termination 41 5.4 Administrative Pay Corrections 42 6. Work Conditions and Hours 43 6.1 Work Schedules 43 6.2 Absences 43 6.3 Jury Duty 45 6.4 Use of Phone and Mail Systems 45 6.5 Smoking 46 6.6 Meal Periods 46 6.7 Overtime 46 6.8 Use of Equipment 47 6.9 Telecommuting 47 6.10 Emergency Closing 48 6.11 Business Travel Expenses 49 6.12 Visitors in the Workplace 51 6.13 Computer and Email Usage 51 6.14 Internet Usage 52 6.15 Workplace Monitoring 54 6.16 Workplace Violence Prevention 55 7. Employee Conduct & Disciplinary Action 57 7.1 Employee Conduct and Work Rules 57 7.2 Sexual and Other Unlawful Harassment 58 7.3 Attendance and Punctuality 60 7.4 Personal Appearance 60 7.5 Return of Property 61 7.6 Resignation and Retirement 61 7.7 Security Inspections 62 7.8 Progressive Discipline 62 7.9 Problem Resolution 64 7.10 Workplace Etiquette 65 7.11 Suggestion Program 67 Acknowledgement of Receipt 68 Welcome to [YOUR COMPANY NAME]! On behalf of your colleagues, we welcome you to [YOUR COMPANY NAME] and wish you every success here. At [YOUR COMPANY NAME], we believe that each employee contributes directly to the growth and success of the company, and we hope you will take pride in being a member of our team. This handbook was developed to describe some of the expectations of our employees and to outline the policies, programs, and benefits available to eligible employees. Employees should become familiar with the contents of the employee handbook as soon as possible, for it will answer many questions about employment with [YOUR COMPANY NAME]. We believe that professional relationships are easier when all employees are aware of the culture and values of the organization. This guide will help you to better understand our vision for the future of our business and the challenges that are ahead. We hope that your experience here will be challenging, enjoyable, and rewarding. Again, welcome! [PRESIDENT NAME] President & CEO 1. Organization Description 1.1 Introductory Statement This handbook is designed to acquaint you with [YOUR COMPANY NAME] and provide you with information about working conditions, employee benefits, and some of the policies affecting your employment. You should read, understand, and comply with all provisions of the handbook. It describes many of your responsibilities as an employee and outlines the programs developed by [YOUR COMPANY NAME] to benefit employees. One of our objectives is to provide a work environment that is conducive to both personal and professional growth. No employee handbook can anticipate every circumstance or question about policy. As [YOUR COMPANY NAME] continues to grow, the need may arise and [YOUR COMPANY NAME] reserves the right to revise, supplement, or rescind any policies or portion of the handbook from time to time as it deems appropriate, in its sole and absolute discretion. Employees will be notified of such changes to the handbook as they occur. 1.2 Customer Relations Customers are among our organization's most valuable assets. Every employee represents [YOUR COMPANY NAME] to our customers and the public. The way we do our jobs presents an image of our entire organization. Customers judge all of us by how they are treated with each employee contact. Therefore, one of our first business priorities is to assist any customer or potential customer. Nothing is more important than being courteous, friendly, helpful, and prompt in the attention you give to customers. [YOUR COMPANY NAME] will provide customer relations and services training to all employees with extensive customer contact. Customers who wish to lodge specific comments or complaints should be directed to the [TITLE AND NAME OF THE PERSON RESPONSIBLE] for appropriate action. Our personal contact with the public, our manners on the telephone, and the communications we send to customers are a reflection not only of ourselves, but also of the professionalism of [YOUR COMPANY NAME]. Positive customer relations not only enhance the public's perception or image of [YOUR COMPANY NAME], but also pay off in greater customer loyalty and increased sales and profit. 1.3 Products and Services Provided You will find more information about our products and services by reading the [YOUR COMPANY NAME] Corporate Brochures. 1.4 Facilities and Location(s) Head Office: [ADDRESS] [CITY], [STATE] [ZIP/POSTAL CODE] [COUNTRY] 1.5 The History of [YOUR COMPANY NAME] [DESCRIBE THE HISTORY OF YOUR COMPANY HERE] 1.6 Management Philosophy [YOUR COMPANY NAME] management philosophy is based on responsibility and mutual respect. Our wishes are to maintain a work environment that fosters on personal and professional growth for all employees. Maintaining such an environment is the responsibility of every staff person. Because of their role, managers and supervisors have the additional responsibility to lead in a manner which fosters an environment of respect for each person. People who come to [YOUR COMPANY NAME] want to work here because we have created an environment that encourages creativity and achievement. [YOUR COMPANY NAME] aims to become a leader in [DESCRIBE YOUR COMPANY'S FIELD OF EXPERTISE]. The mainstay of our strategy will be to offer a level of client focus that is superior to that offered by our competitors. To help achieve this objective, [YOUR COMPANY NAME] seeks to attract highly motivated individuals that want to work as a team and share in the commitment, responsibility, risk taking, and discipline required to achieve our vision. Part of attracting these special individuals will be to build a culture that promotes both uniqueness and a bias for action. While we will be realistic in setting goals and expectations, [YOUR COMPANY NAME] will also be aggressive in reaching its objectives. This success will in turn enable [YOUR COMPANY NAME] to give its employees above average compensation and innovative benefits or rewards, key elements in helping us maintain our leadership position in the worldwide marketplace. 1.7 Goals [DESCRIBE YOUR COMPANY'S GOALS HERE] 2. The Employment 2","Employee Handbook","34",280,"https://templates.business-in-a-box.com/imgs/1000px/employee-handbook-D712.png","https://templates.business-in-a-box.com/imgs/250px/712.png","https://templates.business-in-a-box.com/svgs/docviewerWebApp1.html?v6#712.xml",{"title":6,"description":6},[137,138],{"label":18,"url":97},{"label":21,"url":99},"employee handbook","/template/employee-handbook-D712",{"description":142,"descriptionCustom":6,"label":143,"pages":144,"size":9,"extension":10,"preview":145,"thumb":146,"svgFrame":147,"seoMetadata":148,"parents":150,"keywords":149,"url":157},"NON-DISCLOSURE AGREEMENT (NDA) This Non-Disclosure Agreement (the \"Agreement\") is made and effective [DATE], BETWEEN: [YOUR COMPANY NAME] (the \"Disclosing Party\"), a corporation organized and existing under the laws of the [State/Province] of [STATE/PROVINCE], with its head office located at: [YOUR COMPLETE ADDRESS] AND: [RECEIVING PARTY NAME] (the \"Receiving Party\"), an individual with his main address located at OR a corporation organized and existing under the laws of the [State/Province] of [STATE/PROVINCE], with its head office located at: [COMPLETE ADDRESS] WHEREAS, Receiving Party has been or will be engaged in the performance of work on [DESCRIBE]; and in connection therewith will be given access to certain confidential and proprietary information; and WHEREAS, Receiving Party and Disclosing Party wish to evidence by this Agreement the manner in which said confidential and proprietary material will be treated. NOW, THEREFORE, it is agreed as follows: NON-DISCLOSURE OF CONFIDENTIAL INFORMATION Both Parties understand and agree that each Party may have access to the confidential information of the other party. For the purposes of this Agreement, \"Confidential Information\" means proprietary and confidential information about the Disclosing Party's (or it's suppliers') business or activities. Such information includes all business, financial, technical, and other information marked or designated by such Party as \"confidential\" or \"proprietary.\" Confidential Information also includes information which, by the nature of the circumstances surrounding the disclosure, ought in good faith to be treated as confidential. For the purposes of this Agreement, Confidential Information does not include: Information that is currently in the public domain or that enters the public domain after the signing of this Agreement. Information a Party lawfully receives from a third Party without restriction on disclosure and without breach of a non-disclosure obligation. Information that the Receiving Party knew prior to receiving any Confidential Information from the Disclosing Party. Information that the Receiving Party independently develops without reliance on any Confidential Information from the Disclosing Party. Each Party agrees that it will not disclose to any third Party or use any Confidential Information disclosed to it by the other Party except when expressly permitted in writing by the other Party. Each Party also agrees that it will take all reasonable measures to maintain the confidentiality of all Confidential Information of the other Party in its possession or control. TERM The term of this Agreement is [number] of [years/months] from the date of execution by both Parties. TITLE The Receiving Party agrees that all Confidential Information furnished by the Disclosing Party shall remain the sole property of the Disclosing Party. DISCLAIMER","Non Disclosure Agreement Nda","3","https://templates.business-in-a-box.com/imgs/1000px/non-disclosure-agreement-nda-D12692.png","https://templates.business-in-a-box.com/imgs/250px/12692.png","https://templates.business-in-a-box.com/svgs/docviewerWebApp1.html?v6#12692.xml",{"title":149,"description":6},"non disclosure agreement nda",[151,154],{"label":152,"url":153},"Legal Agreements","business-legal-agreements",{"label":155,"url":156},"Confidentiality Agreements","confidentiality-agreement","/template/non-disclosure-agreement-nda-D12692",{"description":159,"descriptionCustom":6,"label":160,"pages":144,"size":9,"extension":10,"preview":161,"thumb":162,"svgFrame":163,"seoMetadata":164,"parents":166,"keywords":165,"url":169},"INFORMATION SECURITY POLICY PURPOSE The purpose of this Information Security Policy is to establish guidelines and procedures for safeguarding [COMPANY NAME]'s sensitive information, data, and resources. This Policy aims to ensure the confidentiality, integrity, and availability of information assets and protect against unauthorized access, use, disclosure, and breaches. SCOPE This Policy applies to all employees, contractors, vendors, and third-party entities who access, handle, or manage [COMPANY NAME]'s information systems, networks, applications, and data. INFORMATION CLASSIFICATION Data Classification: Information assets will be classified based on their sensitivity and criticality into categories such as \"Confidential,\" \"Internal Use Only,\" and \"Public.\" Handling Procedures: Different handling procedures and security controls will apply to each classification level. ACCESS CONTROL User Authentication: Access to systems and data will require strong authentication methods, including passwords, biometrics, and multi-factor authentication (MFA). Least Privilege: Users will be granted access privileges based on the principle of least privilege, meaning they will have access only to the information and systems necessary to perform their roles. DATA PROTECTION Encryption: Sensitive data in transit and at rest will be encrypted using strong encryption algorithms. Data Loss Prevention (DLP): DLP measures will be implemented to prevent the unauthorized transmission or sharing of sensitive data outside the organization. Data Retention: Data will be retained in compliance with legal and regulatory requirements. SECURITY AWARENESS ","Information Security Policy","https://templates.business-in-a-box.com/imgs/1000px/information-security-policy-D13552.png","https://templates.business-in-a-box.com/imgs/250px/13552.png","https://templates.business-in-a-box.com/svgs/docviewerWebApp1.html?v6#13552.xml",{"title":165,"description":6},"information security policy",[167,168],{"label":18,"url":97},{"label":21,"url":99},"/template/information-security-policy-D13552",false,{"seo":172,"reviewer":182,"legal_disclaimer":170,"quick_facts":186,"at_a_glance":188,"personas":192,"variants":217,"glossary":243,"sections":274,"how_to_fill":325,"common_mistakes":366,"faqs":383,"industries":411,"comparisons":428,"diy_vs_pro":441,"educational_modules":454,"related_template_ids_curated":457,"schema":466,"classification":468},{"meta_title":173,"meta_description":174,"primary_keyword":15,"secondary_keywords":175},"IT Equipment, Email and Internet Usage Policy Template | BIB","Free IT equipment, email and internet usage policy template. Define acceptable use, security rules, and employee responsibilities.",[176,177,178,179,180,181],"internet usage policy template","email usage policy template","it policy template word","employee internet policy template","company it policy template free","computer usage policy template",{"name":183,"credential":184,"reviewed_date":185},"Bruno Goulet","CEO, Business in a Box","2026-05-02",{"difficulty":187,"legal_review_recommended":170,"signature_required":170},"medium",{"what_it_is":189,"when_you_need_it":190,"whats_inside":191},"An IT Equipment, Email and Internet Usage Policy is a written workplace document that defines how employees are permitted to use company-owned technology — computers, mobile devices, email accounts, and internet connections — and what is expressly prohibited. This free Word download gives you a structured, ready-to-customize policy you can edit online and distribute as PDF or via your HR onboarding system.\n","Use it when onboarding new employees, updating your employee handbook, responding to a security incident, or establishing a formal IT governance framework for the first time. Any organization that issues devices or provides network access to staff needs this document in place before a problem occurs, not after.\n","Acceptable use rules for hardware, software, email, and internet access; prohibited activities and content categories; personal use boundaries; monitoring and privacy disclosures; security responsibilities such as password management and software updates; bring-your-own-device (BYOD) guidelines; consequences for policy violations; and an employee acknowledgment section.\n",[193,197,201,205,209,213],{"title":194,"use_case":195,"icon_asset_id":196},"HR managers","Embedding IT acceptable use rules in employee onboarding and handbooks","persona-hr-manager",{"title":198,"use_case":199,"icon_asset_id":200},"IT managers and sysadmins","Setting a documented baseline for network and device security enforcement","persona-it-manager",{"title":202,"use_case":203,"icon_asset_id":204},"Small business owners","Establishing clear technology rules before the first security incident","persona-small-business-owner",{"title":206,"use_case":207,"icon_asset_id":208},"Operations directors","Standardizing IT conduct rules across departments and remote teams","persona-operations-director",{"title":210,"use_case":211,"icon_asset_id":212},"Compliance officers","Meeting regulatory or cyber-insurance requirements for documented IT policies","persona-compliance-officer",{"title":214,"use_case":215,"icon_asset_id":216},"Startup founders","Putting foundational IT governance in place as the team scales past ten people","persona-startup-founder",[218,222,225,228,231,235,239],{"situation":219,"recommended_template":220,"slug":221},"Employees using personal devices to access company systems","BYOD Policy","bring-your-own-device-policy-byod-D12626",{"situation":223,"recommended_template":89,"slug":224},"Remote or hybrid workforce with home network access to company resources","remote-work-policy-D12540",{"situation":226,"recommended_template":103,"slug":227},"Governing social media activity on behalf of the company","social-media-policy-D12688",{"situation":229,"recommended_template":115,"slug":230},"Protecting sensitive business and customer data specifically","data-protection-and-privacy-policy-D13653",{"situation":232,"recommended_template":233,"slug":234},"Responding to a confirmed security breach or data incident","Incident Response Plan","incident-response-plan-D13714",{"situation":236,"recommended_template":237,"slug":238},"Governing software licensing and approved application lists","Software Asset Management Policy","asset-management-policy-D12879",{"situation":240,"recommended_template":241,"slug":242},"Issuing a standalone email communication conduct policy","Email Communication Policy","crisis-communication-policy-D13641",[244,247,250,253,256,259,262,265,268,271],{"term":245,"definition":246},"Acceptable Use Policy (AUP)","A set of rules governing how employees or users may use an organization's technology systems, networks, and devices.",{"term":248,"definition":249},"Bring Your Own Device (BYOD)","A practice allowing employees to use personally owned devices — phones, laptops, tablets — to access company systems and data.",{"term":251,"definition":252},"Network Monitoring","The practice of observing and logging traffic on a company's network to detect security threats, policy violations, or unauthorized access.",{"term":254,"definition":255},"Phishing","A cyberattack method where fraudulent emails or messages impersonate trusted sources to trick recipients into revealing credentials or installing malware.",{"term":257,"definition":258},"Malware","Malicious software — including viruses, ransomware, and spyware — designed to damage, disrupt, or gain unauthorized access to computer systems.",{"term":260,"definition":261},"Two-Factor Authentication (2FA)","A login security method requiring two forms of verification — typically a password plus a one-time code — before granting system access.",{"term":263,"definition":264},"VPN (Virtual Private Network)","An encrypted connection that routes internet traffic through a secure server, protecting data when employees access company resources remotely.",{"term":266,"definition":267},"Data Exfiltration","The unauthorized transfer of company data to an external destination — through email, USB drives, cloud storage, or other channels.",{"term":269,"definition":270},"Policy Acknowledgment","A signed or digitally confirmed statement by an employee confirming they have read, understood, and agree to comply with a policy.",{"term":272,"definition":273},"Privileged Access","Elevated system permissions granted to IT staff or administrators that allow actions — such as installing software or accessing all files — unavailable to standard users.",[275,280,285,290,295,300,305,310,315,320],{"name":276,"plain_english":277,"sample_language":278,"common_mistake":279},"Purpose and scope","Explains why the policy exists, which employees and contractors it covers, and which systems and devices it applies to.","This policy applies to all employees, contractors, and third parties of [COMPANY NAME] who use company-owned or company-provided IT equipment, email accounts, or network infrastructure, whether on-site or remotely.","Scoping the policy to 'employees' only and omitting contractors and temporary staff — who often have the same or broader system access and represent an equal security risk.",{"name":281,"plain_english":282,"sample_language":283,"common_mistake":284},"Acceptable use of IT equipment","Defines permitted uses of company-owned computers, phones, and peripherals, and establishes the primary-business-purpose rule for personal use.","Company IT equipment is provided primarily for business purposes. Incidental personal use is permitted provided it does not interfere with work performance, consume excessive resources, or violate any other provision of this policy.","Prohibiting all personal use entirely. Blanket bans are routinely ignored and unenforceable; a reasonable personal-use allowance with clear limits is more effective and defensible.",{"name":286,"plain_english":287,"sample_language":288,"common_mistake":289},"Email usage rules","Governs how company email accounts may be used, what content is prohibited, and how employees should handle suspicious messages.","Company email accounts must not be used to send, forward, or store content that is discriminatory, harassing, defamatory, or in violation of applicable law. Employees must not open attachments or click links in unsolicited emails from unknown senders without IT verification.","Omitting guidance on forwarding company email to personal accounts. Employees regularly do this for convenience — and it is one of the most common routes for unintentional data exfiltration.",{"name":291,"plain_english":292,"sample_language":293,"common_mistake":294},"Internet access and browsing","Lists prohibited website categories and content types, and addresses bandwidth-intensive personal activity such as streaming.","Access to sites containing adult content, illegal material, gambling platforms, or content promoting hate or violence is strictly prohibited on company networks and devices. Streaming personal media during working hours is not permitted on company connections.","Listing prohibited categories without stating that monitoring is in place. Employees who are unaware their browsing is logged may claim ignorance; the monitoring disclosure must appear in this same section.",{"name":296,"plain_english":297,"sample_language":298,"common_mistake":299},"Monitoring and privacy","Discloses that the company monitors network traffic, device activity, and email, and that employees have no expectation of privacy on company systems.","[COMPANY NAME] reserves the right to monitor, access, review, audit, and disclose all activity on company systems, devices, networks, and email accounts without prior notice. Employees have no expectation of privacy when using company resources.","Burying the monitoring disclosure in an appendix or omitting it entirely. Without a clear, conspicuous disclosure, monitoring may expose the company to employee privacy claims in certain jurisdictions.",{"name":301,"plain_english":302,"sample_language":303,"common_mistake":304},"Password and access security","Sets minimum password standards, prohibits password sharing, and requires multi-factor authentication where applicable.","Passwords must be at least [12] characters and include upper and lowercase letters, at least one number, and one special character. Passwords must not be shared, reused across systems, or written down in unsecured locations. Two-factor authentication is required for all systems storing [DATA TYPE].","Setting a minimum password length below 12 characters or not requiring 2FA for email and cloud systems — the two most commonly compromised entry points in small-business security incidents.",{"name":306,"plain_english":307,"sample_language":308,"common_mistake":309},"Software installation and device security","Prohibits unauthorized software installation, requires timely updates, and mandates encryption and remote-wipe capability on mobile devices.","Employees may not install software on company devices without written approval from [IT DEPARTMENT / IT MANAGER]. All devices must have approved antivirus software active and current. Mobile devices accessing company email or data must have remote-wipe capability enabled.","Allowing employees to install browser extensions and plugins freely while restricting standalone software. Extensions carry the same malware risk and should require IT approval or be governed by an approved-list.",{"name":311,"plain_english":312,"sample_language":313,"common_mistake":314},"BYOD guidelines","Governs personal devices used for work, including minimum security requirements and the company's right to wipe company data from personal hardware.","Employees who use personal devices to access [COMPANY NAME] systems must enroll the device in the company's mobile device management (MDM) system, enable device encryption, and maintain an approved lock-screen PIN of at least [6] characters. The company reserves the right to remotely remove company data from enrolled personal devices.","Failing to address what happens to company data on a personal device when employment ends. Without an explicit offboarding clause, retrieving or deleting company data from former-employee devices is legally and practically difficult.",{"name":316,"plain_english":317,"sample_language":318,"common_mistake":319},"Violations and consequences","States that policy breaches may result in disciplinary action up to and including termination, and that certain violations will be referred to law enforcement.","Violations of this policy may result in disciplinary action, up to and including termination of employment. Violations involving illegal activity, intentional data theft, or sabotage will be referred to appropriate law enforcement authorities.","Using vague language like 'appropriate action may be taken.' Specificity — naming the disciplinary ladder — signals that the policy is enforced and deters casual violations.",{"name":321,"plain_english":322,"sample_language":323,"common_mistake":324},"Policy acknowledgment","Requires employees to sign or digitally confirm that they have read and understood the policy, creating a documented record of receipt.","I, [EMPLOYEE FULL NAME], acknowledge that I have read, understood, and agree to comply with the [COMPANY NAME] IT Equipment, Email and Internet Usage Policy dated [DATE]. I understand that violation of this policy may result in disciplinary action.","Distributing the policy without collecting acknowledgments. If an employee later claims they were unaware of the rules, the absence of a signed acknowledgment removes the company's ability to enforce consequences.",[326,331,336,341,346,351,356,361],{"step":327,"title":328,"description":329,"tip":330},1,"Insert company name and effective date","Replace all [COMPANY NAME] placeholders throughout the document and set the effective date. Ensure the header and footer both reflect the same version date so distributed copies are identifiable.","Add a version number (e.g., v1.0, v2.1) alongside the date — it makes tracking future revisions and communicating updates to staff significantly easier.",{"step":332,"title":333,"description":334,"tip":335},2,"Define the scope of covered personnel and systems","Explicitly list all categories of personnel the policy covers — full-time employees, part-time staff, contractors, interns, and third-party vendors — and name the systems and device types in scope.","If you engage contractors through a staffing agency, confirm in your vendor agreement that they are bound by your IT policies — the policy document alone may not be sufficient.",{"step":337,"title":338,"description":339,"tip":340},3,"Set personal use boundaries","Decide on a specific personal use rule — for example, incidental use is permitted outside core hours — and write it into the acceptable use section. Vague rules invite inconsistent enforcement.","Align the personal use rule with your remote work policy if you have one; contradictions between documents create employee relations problems.",{"step":342,"title":343,"description":344,"tip":345},4,"Configure the password and 2FA requirements","Enter your minimum password length, complexity rules, rotation frequency, and which specific systems require two-factor authentication. Coordinate with your IT team to confirm the technical controls match what is written.","State the 2FA requirement for email, VPN, and any cloud platform handling customer or financial data — these are the three systems most frequently targeted in small-business breaches.",{"step":347,"title":348,"description":349,"tip":350},5,"Add the monitoring disclosure prominently","Place the monitoring and privacy section early in the document — not in an appendix — and use plain language. Employees must understand they have no expectation of privacy on company systems before they use them.","In the EU and Canada, the monitoring disclosure may need to be more specific about what is logged and for how long. Flag this section for a brief legal review if you have employees in those jurisdictions.",{"step":352,"title":353,"description":354,"tip":355},6,"Complete the BYOD and remote access section","If employees use personal devices or work remotely, fill in the MDM enrollment requirement, minimum PIN length, encryption requirement, and the remote-wipe clause. If BYOD is not permitted, state it explicitly.","A blanket 'no personal devices' policy is the simplest approach — but if you can't enforce it in practice, a documented BYOD framework is safer than an ignored prohibition.",{"step":357,"title":358,"description":359,"tip":360},7,"State violations and consequences clearly","Name the disciplinary steps — verbal warning, written warning, suspension, termination — and specify which violations bypass the progressive ladder and result in immediate termination or law enforcement referral.","Cross-reference your employee handbook's disciplinary procedure so both documents are consistent. Contradiction between the IT policy and the handbook is a common HR dispute trigger.",{"step":362,"title":363,"description":364,"tip":365},8,"Distribute and collect signed acknowledgments","Send the policy to all in-scope personnel, set a deadline for signed acknowledgment, and store completed acknowledgments in each employee's HR file. Repeat this process whenever the policy is materially updated.","For remote teams, use an e-signature or HR platform acknowledgment flow — chasing PDF signatures from distributed staff results in incomplete records.",[367,371,375,379],{"mistake":368,"why_it_matters":369,"fix":370},"No monitoring disclosure","Monitoring employees without prior notice can expose the company to privacy claims or regulatory penalties, particularly in Canada, the EU, and California. Employees who are not informed they have no privacy expectation may successfully challenge disciplinary action based on monitored activity.","Include a clear, standalone monitoring and privacy section near the beginning of the policy. Use plain language: state what is monitored, that no privacy is expected, and that monitoring may occur without prior notice.",{"mistake":372,"why_it_matters":373,"fix":374},"Omitting contractors and temporary staff from scope","Contractors frequently have the same or broader system access as permanent employees and represent a significant but often unaddressed security surface. A breach caused by a contractor with no policy coverage is difficult to address through disciplinary or legal channels.","Explicitly name all categories of covered personnel in the scope section, and require acknowledgment from contractors at onboarding, not only permanent employees.",{"mistake":376,"why_it_matters":377,"fix":378},"No acknowledgment collection process","A policy that employees have not formally acknowledged cannot be reliably enforced. In termination disputes, an employer who cannot prove the employee received and accepted the policy is in a materially weaker position.","Add a signed acknowledgment page and build the collection step into new-hire onboarding. Store completed acknowledgments in HR files and re-collect after any material policy update.",{"mistake":380,"why_it_matters":381,"fix":382},"Failing to update the policy after a security incident or technology change","An IT policy written in 2019 that does not address cloud collaboration tools, AI assistants, or remote work is functionally obsolete and leaves real exposure undocumented. Employees interpret gaps as implicit permission.","Schedule an annual policy review tied to your fiscal year start. Assign a named owner — typically the IT manager or HR director — responsible for triggering the review and distributing updates.",[384,387,390,393,396,399,402,405,408],{"question":385,"answer":386},"What is an IT equipment, email and internet usage policy?","An IT equipment, email and internet usage policy is a written workplace document that defines how employees may use company-owned computers, mobile devices, email accounts, and network connections — and what is prohibited. It sets security responsibilities, personal use boundaries, and monitoring disclosures, and establishes the consequences for violations. It functions as both a conduct rule and a legal notice to employees that company systems are not private.\n",{"question":388,"answer":389},"Is an IT acceptable use policy legally required?","No single law universally mandates a written acceptable use policy, but several regulatory frameworks make one effectively necessary. HIPAA requires covered healthcare entities to document workforce IT access controls. PCI DSS requires documented security policies for any business processing card payments. Cyber-insurance underwriters increasingly require a signed AUP as a condition of coverage. Even where not legally required, the policy is essential for enforcing disciplinary action and defending against data breach liability claims.\n",{"question":391,"answer":392},"Can an employer monitor employee email and internet usage?","In most jurisdictions, yes — provided employees have been given clear prior notice that monitoring may occur and that they have no expectation of privacy on company systems. The monitoring disclosure in the policy serves this notice function. In the EU under GDPR and in Canada, more specific notice and proportionality requirements apply. Monitoring without disclosure creates significant legal exposure regardless of jurisdiction.\n",{"question":394,"answer":395},"Should personal use of company devices be completely prohibited?","A blanket prohibition is the simplest rule to write but the hardest to enforce consistently. Most employment law practitioners recommend permitting incidental personal use — defined by time, type of activity, and business-hours limits — rather than an absolute ban. A reasonable personal use allowance reduces the risk that minor violations are treated inconsistently and gives the employer a clear, defensible standard to apply when a genuine violation occurs.\n",{"question":397,"answer":398},"What should a BYOD section of an IT policy cover?","A BYOD section should require enrollment in the company's mobile device management (MDM) system, specify minimum security settings (encryption, lock-screen PIN length, and OS update requirements), address what happens to company data on the device when employment ends, and reserve the company's right to remotely wipe company data. It should also state clearly whether the company will reimburse any portion of data or device costs for personal devices used for work.\n",{"question":400,"answer":401},"How often should an IT usage policy be updated?","At minimum, annually — timed to your fiscal year or HR policy review cycle. Additionally, update it after any material security incident, whenever a significant new technology is deployed (e.g., a cloud collaboration platform, AI tools, or a new MDM system), and whenever relevant employment or privacy law changes in your operating jurisdiction. Assign a named policy owner and build the review into their annual calendar.\n",{"question":403,"answer":404},"What are the consequences for violating an IT usage policy?","Consequences should follow the company's standard disciplinary ladder — typically verbal warning, written warning, suspension, and termination — with specific violations (intentional data theft, accessing illegal content, sabotage) triggering immediate termination and potential law enforcement referral. The policy should state these consequences explicitly rather than deferring generically to 'appropriate action,' which is difficult to enforce and signals the policy is not taken seriously.\n",{"question":406,"answer":407},"Does every employee need to sign the IT policy?","Yes. Every person in scope — employees, contractors, and temporary staff — should sign or digitally acknowledge the policy at onboarding and after any material update. The acknowledgment creates a documented record that the individual received, read, and agreed to comply with the rules. Without it, enforcing disciplinary action or pursuing legal remedies after a violation is significantly harder.\n",{"question":409,"answer":410},"What is the difference between an IT usage policy and a data protection policy?","An IT usage policy governs employee behavior — how devices, email, and the internet may be used and what conduct is prohibited. A data protection policy governs how the organization collects, stores, processes, and protects personal or sensitive data, typically in response to laws like GDPR or CCPA. The two documents are complementary: the IT policy sets behavioral rules that help enforce the data protection obligations established in the separate privacy document.\n",[412,416,420,424],{"industry":413,"icon_asset_id":414,"specifics":415},"Professional Services","industry-professional-services","Client confidentiality obligations make email forwarding restrictions and data exfiltration controls especially critical for law firms, accounting practices, and consultancies.",{"industry":417,"icon_asset_id":418,"specifics":419},"Healthcare","industry-healthtech","HIPAA requires documented workforce IT access policies; the acceptable use policy must explicitly prohibit transmitting protected health information over unsecured email or personal devices.",{"industry":421,"icon_asset_id":422,"specifics":423},"Financial Services","industry-fintech","Regulators including the SEC, FINRA, and PCI DSS require documented IT security policies; email archiving requirements and prohibited-platform rules for trading communication need explicit coverage.",{"industry":425,"icon_asset_id":426,"specifics":427},"Retail and E-commerce","industry-retail","PCI DSS compliance for card-processing environments requires a formal acceptable use policy covering devices that connect to the payment network, including point-of-sale terminals.",[429,432,435,438],{"vs":115,"vs_template_id":430,"summary":431},"data-protection-and-privacy-policy-D13266","A data protection policy governs how the organization handles personal and sensitive data — collection, storage, retention, and disclosure — in compliance with laws like GDPR or CCPA. An IT usage policy governs employee behavior on company systems. The two are complementary: the IT policy sets the conduct rules that operationalize the data protection obligations. Both are typically required; neither replaces the other.",{"vs":89,"vs_template_id":433,"summary":434},"remote-work-policy-D13273","A remote work policy governs where and when employees work, ergonomics, availability expectations, and expense reimbursement for home office setups. An IT usage policy governs how company technology is used regardless of location. Remote workers need to comply with both; the IT policy's BYOD and VPN sections are particularly relevant for distributed teams.",{"vs":103,"vs_template_id":436,"summary":437},"social-media-policy-D13108","A social media policy governs how employees represent the company online — what they may or may not post, on which platforms, and in what capacity. An IT usage policy governs the use of company systems and devices. The two overlap on internet access rules, but a social media policy goes further in addressing off-hours personal posts and brand representation, which fall outside the IT policy's scope.",{"vs":129,"vs_template_id":439,"summary":440},"employee-handbook-D712","An employee handbook is an umbrella document covering all workplace conduct policies — attendance, leave, compensation, and conduct — of which the IT usage policy is typically one chapter. For organizations past roughly 20 employees, a standalone IT policy is more practical than embedding the rules inside a handbook, because IT policies need to be updated more frequently and distributed to contractors who do not receive the full handbook.",{"use_template":442,"template_plus_review":446,"custom_drafted":450},{"best_for":443,"cost":444,"time":445},"Small and mid-size businesses establishing IT conduct rules for the first time or updating an outdated policy","Free","1–2 hours to customize and distribute",{"best_for":447,"cost":448,"time":449},"Organizations with employees in the EU or Canada, those subject to HIPAA or PCI DSS, or any company implementing active network monitoring","$200–$600 for a one-hour employment lawyer or IT compliance consultant review","2–5 business days",{"best_for":451,"cost":452,"time":453},"Regulated industries (healthcare, financial services) requiring jurisdiction-specific privacy law alignment, or enterprises deploying MDM and DLP tools across 500+ endpoints","$1,000–$4,000 for a fully customized policy drafted by an employment or technology lawyer","1–3 weeks",[455,456],"acceptable-use-policy-basics","employee-monitoring-and-privacy-law",[224,227,230,439,458,459,460,461,462,463,464,465],"non-disclosure-agreement-nda-D12692","information-security-policy-D13552","employment-agreement_at-will-employee-D541","disciplinary-action-policy-D13486","independent-contractor-agreement-D160","warning-notice-D622","employee-termination-policy-D13489","inventory-management-policy-D13719",{"emit_how_to":467,"emit_defined_term":467},true,{"primary_folder":469,"secondary_folder":470,"document_type":471,"industry":472,"business_stage":473,"tags":474,"confidence":479},"software-technology","cybersecurity-policies","policy","general","all-stages",[475,476,477,470,478],"it-policy","acceptable-use","employee-conduct","workplace-policies",0.95,"\u003Ch2>What is an IT Equipment, Email and Internet Usage Policy?\u003C/h2>\n\u003Cp>An \u003Cstrong>IT Equipment, Email and Internet Usage Policy\u003C/strong> is a written workplace document that establishes the rules governing how employees, contractors, and other authorized personnel may use company-owned technology — including computers, mobile devices, email accounts, and internet connections. It defines acceptable and prohibited activities, sets minimum security requirements such as password standards and device encryption, discloses that company systems are subject to monitoring, and specifies the consequences for violations. By putting these rules in writing and requiring employee acknowledgment, the policy creates both a behavioral standard and a documented legal notice that company-provided technology is not a private resource.\u003C/p>\n\u003Ch2>Why You Need This Document\u003C/h2>\n\u003Cp>Without a written IT usage policy, you have no enforceable baseline for disciplining employees who misuse company systems, no documented disclosure to defend monitoring activity against privacy claims, and no clear security requirements that employees are contractually obligated to follow. When a security incident occurs — a malware infection from a personal download, a data leak via personal email forwarding, or a phishing attack that succeeded because an employee clicked an unverified link — the absence of a policy removes your ability to take consistent disciplinary action and weakens your position with insurers, regulators, and legal counsel. Cyber-insurance underwriters increasingly require a signed acceptable use policy as a condition of coverage, and regulated industries including healthcare and financial services face compliance exposure without one. This template gives you a complete, customizable policy you can distribute and enforce from day one.\u003C/p>\n",1778773472477]