We’re reader-supported and may be paid when you visit links to partner sites. We don’t compare all products in the market, but we’re working on it!
An Information Technology (IT) policy can sometimes fit into the category of one of those lengthy documents that sits on your business' intranet page, infrequently referred to and gathering dust. Fortunately, with access to a slew of samples and templates online, there's no reason not to draft a relevant IT policy that your employees can relate to and refer to when needed.
Here, we take a look at how to write your very own IT policy to suit your business and its people.
What is an IT policy?
An IT Policy identifies the procedures and rules for accessing and using an organisation's IT assets and resources including the internet and email systems.
Three key objectives of an IT policy are:
- The preservation of integrity to ensure the modification of IT assets is handled in an authorised and specified manner
- The confidential use of assets and protection from unauthorised entities
- The availability of an organisation's systems and information
Along with your business' Work Health and Safety policy (WHS policy), an IT policy can assist with meeting your WHS and anti-discrimination obligations and can help reduce your legal liability in the event of a breach.
When should I use an IT policy?
An employee handbook typically includes the IT policy which should be provided to new starters as part of your organisation's onboarding process. Otherwise, the IT policy should be easily accessible for staff to review at any time either on the employee intranet or with physical copies.
The IT policy usually applies to visitors to your business as well, especially if they will be using any of the IT systems or facilities including the internet.
What does an IT policy include?
An IT policy typically sets out:
- Who it covers
- What happens in the event of a breach
- Internet and email prohibited use
- Appropriate use of social media
- Internet and email monitoring and surveillance
- Ownership of intellectual property
- Prohibited uses (e.g. using IT to harass, bully or discriminate)
How effective is an IT policy?
An IT policy makes it easy for your employees to understand the expectations and regulations for behaviour related to the appropriate use of systems and facilities in the workplace.
IT policies also detail the consequences for employees and other users in the event of a policy violation which may provide a basis for a defence in the event of a lawsuit.
Do I need a lawyer for an IT policy?
No, you do not have to consult with a lawyer when drafting your IT policy. You should, however, consider any legislative requirements that could impact your policy and procedures specifically when it applies to workplace surveillance and IT monitoring.
Each state has different legislation governing how you conduct workplace surveillance and what your obligations are if you choose to monitor your employees IT usage.
How do I write an IT policy?
An IT policy should be a unique document to every business driven by how its people see and value their information and their perspectives on risk tolerance.
Your IT policy should be a living document that is kept updated as your business evolves and IT requirements change. The writing style doesn't need to be long-winded or formal and will be most effective when writing in simple English, using clear and targeted language.
As a general rule of thumb, organisations should consider including the following elements:
- An invitation for recommendations, suggestions or feedback
- Purpose of the policy
- Procedures for each part of the policy including acceptable usage and what happens in the event of a breach
- Reference to related policies
- Any exemptions that apply
There are multiple types of policies and procedures that you could include in your company's overall IT policy and, depending on how extensive they are, you could consider breaking these up into separate and distinct policies. For example, if your business collects a lot of customer data, you may want to have a separate data governance policy. Likewise, if your business is centred around marketing, a standalone social media policy may be useful to staff.
Here are the most common IT policies you will encounter in a workplace.
Acceptable use policy.
An acceptable use policy restricts the use of an organisation's network or services to ensure security, prevent illegal activity and safeguard the reputation of the company.
Privacy policies document how information is collected, used, stored and disposed of.
Data governance policy.
Data governance describes how data is administered as it passes through company systems and can also identify the persons responsible for the security and quality of company data.
A Bring Your Own Device policy governs the use of personal devices in the workplace including mobile phones and laptops. Specifically, which personal devices are allowed within the workplace, what can be done with them and how the company will support them.
Disaster recovery policy.
A policy to outline the requirements of a company's disaster recovery plan and identify any critical data and responsible departments or staff.
Social media policy.
Social media policies govern the use of social media and define how a company will manage and monitor the online activities of its employees. They also set forth any company expectations regarding the tone and nature of information being posted both in and out of the workplace.
Where to get free legal documents and templates like an IT policy
- Lawpath. Lawpath is an online legal resource for small businesses and entrepreneurs. A free sample is available and, if required, you can sign up to access customisation options.
- Business Victoria. An online resource published by the State Government of Victoria, Business Victoria is designed to help you start, run and grow your business. It provides a free IT Policies and Procedures Manual Template for businesses to use.
More guides on Finder
How to start a user testing business
Monetise your ability to help companies with their products and services.
How to start a beautician business
From qualifications to getting the right insurance in place, here’s our guide to starting your beautician business.
How to start an accounting business
Find out what you need to know before starting an accounting business.
Workplace Hygiene Policy templates (Australia)
A personal hygiene in the workplace policy will help keep visitors and customers safe.
Harassment Lawyer (free quote)
How to hire an experienced harassment lawyer to make sure you receive a fair outcome for your claim.
How to start a wedding planning business
Read our comprehensive guide to starting a wedding planning business you can be proud of.
How to start a virtual assistant business
Get set up to provide support services remotely with our guide to launching a virtual assistant company.
How to start a web development business
A guide to help you start your web developer business off on the right foot.
How to start an electrician business
Here's how to get started if you want to turn your skills as an electrician into a business.
Ask an Expert