We’re reader-supported and may be paid when you visit links to partner sites. We don’t compare all products in the market, but we’re working on it!
An Information Technology (IT) policy can sometimes fit into the category of one of those lengthy documents that sits on your business' intranet page, infrequently referred to and gathering dust. Fortunately, with access to a slew of samples and templates online, there's no reason not to draft a relevant IT policy that your employees can relate to and refer to when needed.
Here, we take a look at how to write your very own IT policy to suit your business and its people.
What is an IT policy?
An IT Policy identifies the procedures and rules for accessing and using an organisation's IT assets and resources including the internet and email systems.
Three key objectives of an IT policy are:
- The preservation of integrity to ensure the modification of IT assets is handled in an authorised and specified manner
- The confidential use of assets and protection from unauthorised entities
- The availability of an organisation's systems and information
Along with your business' Work Health and Safety policy (WHS policy), an IT policy can assist with meeting your WHS and anti-discrimination obligations and can help reduce your legal liability in the event of a breach.
Download this template at Lawpath
When should I use an IT policy?
An employee handbook typically includes the IT policy which should be provided to new starters as part of your organisation's onboarding process. Otherwise, the IT policy should be easily accessible for staff to review at any time either on the employee intranet or with physical copies.
The IT policy usually applies to visitors to your business as well, especially if they will be using any of the IT systems or facilities including the internet.
What does an IT policy include?
An IT policy typically sets out:
- Who it covers
- What happens in the event of a breach
- Internet and email prohibited use
- Appropriate use of social media
- Internet and email monitoring and surveillance
- Ownership of intellectual property
- Prohibited uses (e.g. using IT to harass, bully or discriminate)
How effective is an IT policy?
An IT policy makes it easy for your employees to understand the expectations and regulations for behaviour related to the appropriate use of systems and facilities in the workplace.
IT policies also detail the consequences for employees and other users in the event of a policy violation which may provide a basis for a defence in the event of a lawsuit.
Do I need a lawyer for an IT policy?
No, you do not have to consult with a lawyer when drafting your IT policy. You should, however, consider any legislative requirements that could impact your policy and procedures specifically when it applies to workplace surveillance and IT monitoring.
Each state has different legislation governing how you conduct workplace surveillance and what your obligations are if you choose to monitor your employees IT usage.
Get access to customisable IT policy templates online
We update our data regularly, but information can change between updates. Confirm details with the provider you're interested in before making a decision.
How do I write an IT policy?
An IT policy should be a unique document to every business driven by how its people see and value their information and their perspectives on risk tolerance.
Your IT policy should be a living document that is kept updated as your business evolves and IT requirements change. The writing style doesn't need to be long-winded or formal and will be most effective when writing in simple English, using clear and targeted language.
As a general rule of thumb, organisations should consider including the following elements:
- An invitation for recommendations, suggestions or feedback
- Purpose of the policy
- Procedures for each part of the policy including acceptable usage and what happens in the event of a breach
- Reference to related policies
- Any exemptions that apply
There are multiple types of policies and procedures that you could include in your company's overall IT policy and, depending on how extensive they are, you could consider breaking these up into separate and distinct policies. For example, if your business collects a lot of customer data, you may want to have a separate data governance policy. Likewise, if your business is centred around marketing, a standalone social media policy may be useful to staff.
Here are the most common IT policies you will encounter in a workplace.
Acceptable use policy.
An acceptable use policy restricts the use of an organisation's network or services to ensure security, prevent illegal activity and safeguard the reputation of the company.
Privacy policies document how information is collected, used, stored and disposed of.
Data governance policy.
Data governance describes how data is administered as it passes through company systems and can also identify the persons responsible for the security and quality of company data.
A Bring Your Own Device policy governs the use of personal devices in the workplace including mobile phones and laptops. Specifically, which personal devices are allowed within the workplace, what can be done with them and how the company will support them.
Disaster recovery policy.
A policy to outline the requirements of a company's disaster recovery plan and identify any critical data and responsible departments or staff.
Social media policy.
Social media policies govern the use of social media and define how a company will manage and monitor the online activities of its employees. They also set forth any company expectations regarding the tone and nature of information being posted both in and out of the workplace.
Where to get free legal documents and templates like an IT policy
- Lawpath. Lawpath is an online legal resource for small businesses and entrepreneurs. A free sample is available and, if required, you can sign up to access customisation options.
- Business Victoria. An online resource published by the State Government of Victoria, Business Victoria is designed to help you start, run and grow your business. It provides a free IT Policies and Procedures Manual Template for businesses to use.
More guides on Finder
Stepping up safety as lockdowns and vaccine debates continue
As vaccination becomes our clear pathway out of lockdown and economic ruin, the vaccine debate rages on. How do we navigate the chaos?
NSW waives COVID ambulance fees: What about the rest of Australia?
What isn't covered by ambulance services, and can insurance help?
Find the best investment newsletters in Australia
Read our guide to the best investment newsletters to help you boost your investment knowledge and grow your wealth.
First Home Buyer’s e-Course Module 8
Moving day is never going to be completely stress-free, but with our expert guide, we can make it as smooth sailing as possible.
9 important business trends for the new financial year [SPONSORED] Unpredictable times mean planning is more important than ever.
How to avoid getting ripped off by under-regulated industries
Pet groomers and debt management companies don’t appear to have much in common – but until recently they shared a dangerous lack of regulation.
Successful investors share tips for 2021 [SPONSORED] Want to know what other investors are up to? We asked so you don’t have to.
Finance tips for getting a high-end look without breaking the bank
SPONSORED: Love the champagne lifestyle but living on a lemonade budget? Don’t worry, we’ve got your back.
Boost your 2021 tax return: Top tips for a bigger refund
It's tax time! Finder's money writers share their tips to claim deductions on everything from your home office, car and insurance to your mortgage.
Ask an Expert