Sample IT policies, disclaimers and notices
Sample acceptable internet use policy
Acceptable internet use policy sets out your employees' responsibilities when using company internet access in their day-to-day working activities. To modify the sample below for your business, download our sample internet acceptable use policy (DOC, 29K).
Acceptable internet use policy - sample template
Use of the internet by employees of [business name] is permitted and encouraged where such use supports the goals and objectives of the business.
However, [business name] has a policy for the use of the internet whereby employees must ensure that they:
- comply with current legislation
- use the internet in an acceptable way
- do not create unnecessary business risk to the company by their misuse of the internet
Unacceptable behaviour
In particular, the following is deemed unacceptable use or behaviour by employees:
- visiting internet sites that contain obscene, hateful, pornographic or otherwise illegal material
- using the computer to perpetrate any form of fraud, or software, film or music piracy
- using the internet to send offensive or harassing material to other users
- downloading commercial software or any copyrighted materials belonging to third parties, unless this download is covered or permitted under a commercial agreement or other such licence
- hacking into unauthorised areas
- publishing defamatory and/or knowingly false material about [business name], your colleagues and/or our customers on social networking sites, 'blogs' (online journals), 'wikis' and any online publishing format
- revealing confidential information about [business name] in a personal online posting, upload or transmission - including financial information and information relating to our customers, business plans, policies, staff and/or internal discussions
- undertaking deliberate activities that waste staff effort or networked resources
- introducing any form of malicious software into the corporate network
Company-owned information held on third-party websites
If you produce, collect and/or process business-related information in the course of your work, the information remains the property of [business name]. This includes such information stored on third-party websites such as webmail service providers and social networking sites, such as Facebook and LinkedIn.
Monitoring
[business name] accepts that the use of the internet is a valuable business tool. However, misuse of this facility can have a negative impact upon employee productivity and the reputation of the business.
In addition, all of the company's internet-related resources are provided for business purposes. Therefore, the company maintains the right to monitor the volume of internet and network traffic, together with the internet sites visited. The specific content of any transactions will not be monitored unless there is a suspicion of improper use.
Sanctions
Where it is believed that an employee has failed to comply with this policy, they will face the company's disciplinary procedure. If the employee is found to have breached the policy, they will face a disciplinary penalty ranging from a verbal warning to dismissal. The actual penalty applied will depend on factors such as the seriousness of the breach and the employee's disciplinary record. [These procedures will be specific to your business. They should reflect your normal operational and disciplinary processes. You should establish them from the outset and include them in your acceptable use policy.]
Agreement
All company employees, contractors or temporary staff who have been granted the right to use the company's internet access are required to sign this agreement confirming their understanding and acceptance of this policy.
You should also consider developing a social media policy for your staff - see managing social media in the workplace and learn how to increase cyber security in your workplace.