We’re reader-supported and may be paid when you visit links to partner sites. We don’t compare all products in the market, but we’re working on it!
An Information Technology (IT) policy can sometimes fit into the category of one of those lengthy documents that sits on your business' intranet page, infrequently referred to and gathering dust. Fortunately, with access to a slew of samples and templates online, there's no reason not to draft a relevant IT policy that your employees can relate to and refer to when needed.
Here, we take a look at how to write your very own IT policy to suit your business and its people.
What's in this guide?
- What is an IT policy?
- When should I use an IT policy?
- What does an IT policy include?
- How effective is an IT policy?
- Do I need a lawyer for an IT policy?
- Get access to customisable IT policy templates online
- How do I write an IT policy?
- Where to get free legal documents and templates like an IT policy
What is an IT policy?
An IT Policy identifies the procedures and rules for accessing and using an organisation's IT assets and resources including the internet and email systems.
Three key objectives of an IT policy are:
- The preservation of integrity to ensure the modification of IT assets is handled in an authorised and specified manner
- The confidential use of assets and protection from unauthorised entities
- The availability of an organisation's systems and information
Along with your business' Work Health and Safety policy (WHS policy), an IT policy can assist with meeting your WHS and anti-discrimination obligations and can help reduce your legal liability in the event of a breach.
Download this template at Lawpath
When should I use an IT policy?
An employee handbook typically includes the IT policy which should be provided to new starters as part of your organisation's onboarding process. Otherwise, the IT policy should be easily accessible for staff to review at any time either on the employee intranet or with physical copies.
The IT policy usually applies to visitors to your business as well, especially if they will be using any of the IT systems or facilities including the internet.
What does an IT policy include?
An IT policy typically sets out:
- Who it covers
- What happens in the event of a breach
- Internet and email prohibited use
- Appropriate use of social media
- Internet and email monitoring and surveillance
- Ownership of intellectual property
- Prohibited uses (e.g. using IT to harass, bully or discriminate)
How effective is an IT policy?
An IT policy makes it easy for your employees to understand the expectations and regulations for behaviour related to the appropriate use of systems and facilities in the workplace.
IT policies also detail the consequences for employees and other users in the event of a policy violation which may provide a basis for a defence in the event of a lawsuit.
Do I need a lawyer for an IT policy?
No, you do not have to consult with a lawyer when drafting your IT policy. You should, however, consider any legislative requirements that could impact your policy and procedures specifically when it applies to workplace surveillance and IT monitoring.
Each state has different legislation governing how you conduct workplace surveillance and what your obligations are if you choose to monitor your employees IT usage.
Get access to customisable IT policy templates online
Does your company belong in this list?
How do I write an IT policy?
An IT policy should be a unique document to every business driven by how its people see and value their information and their perspectives on risk tolerance.
Your IT policy should be a living document that is kept updated as your business evolves and IT requirements change. The writing style doesn't need to be long-winded or formal and will be most effective when writing in simple English, using clear and targeted language.
As a general rule of thumb, organisations should consider including the following elements:
- An invitation for recommendations, suggestions or feedback
- Purpose of the policy
- Procedures for each part of the policy including acceptable usage and what happens in the event of a breach
- Reference to related policies
- Any exemptions that apply
There are multiple types of policies and procedures that you could include in your company's overall IT policy and, depending on how extensive they are, you could consider breaking these up into separate and distinct policies. For example, if your business collects a lot of customer data, you may want to have a separate data governance policy. Likewise, if your business is centred around marketing, a standalone social media policy may be useful to staff.
Here are the most common IT policies you will encounter in a workplace.
Acceptable use policy.
An acceptable use policy restricts the use of an organisation's network or services to ensure security, prevent illegal activity and safeguard the reputation of the company.
Privacy policies document how information is collected, used, stored and disposed of.
Data governance policy.
Data governance describes how data is administered as it passes through company systems and can also identify the persons responsible for the security and quality of company data.
A Bring Your Own Device policy governs the use of personal devices in the workplace including mobile phones and laptops. Specifically, which personal devices are allowed within the workplace, what can be done with them and how the company will support them.
Disaster recovery policy.
A policy to outline the requirements of a company's disaster recovery plan and identify any critical data and responsible departments or staff.
Social media policy.
Social media policies govern the use of social media and define how a company will manage and monitor the online activities of its employees. They also set forth any company expectations regarding the tone and nature of information being posted both in and out of the workplace.
Where to get free legal documents and templates like an IT policy
- Lawpath. Lawpath is an online legal resource for small businesses and entrepreneurs. A free sample is available and, if required, you can sign up to access customisation options.
- Business Victoria. An online resource published by the State Government of Victoria, Business Victoria is designed to help you start, run and grow your business. It provides a free IT Policies and Procedures Manual Template for businesses to use.
More guides on Finder
7 ways your SME can use its $1,200 digital rebate in Victoria
Take advantage of a new digital product or service for your Victoria-based SME – and let the government foot the bill.
Best enterprise password managers for 2021
Enterprise password managers are an essential cybersecurity tool. We compare the top 5 so you don’t have to.
How to switch from WhatsApp to Signal in 2021
What you need to know about making the move to Signal, the privacy-first secure messaging app.
How to start a daycare business
Nurture your dream of starting a daycare company with this step-by-step guide.
How to start a T-shirt business
Start building a profitable side hustle by setting up a t-shirt business.
How to start an asbestos removal business
Your comprehensive guide to starting an asbestos removal company.
How to start an ebook writing business
Start your own eBook writing business with our guide to the skills, equipment and legal documents you’ll need.
How to start an entertainment business
Here's everything you need to know to set up and grow your entertainment business.
How to start an accounting business
Find out what you need to know before starting an accounting business.
How to start a watch business
Tap into the demand for fashion accessories by opening a watchmaking company.
Ask an Expert