Open IT Policy Library¶

by Sorted Solution | Free to use, fork, and adapt at github.com/sortedsol/Open-IT-Policy-Library

Practical, enforceable IT policies written for small and mid-sized professional services firms — with a dedicated track for Architecture, Engineering, and Construction (AEC) firms.

What This Is¶

This is a free, open-source library of IT policy templates designed for firms that actually need to implement them — not just check a compliance box. Every policy in this library:

• Names specific tools, platforms, and configurations instead of using vague "approved software" language
• Includes enforcement hooks so IT can actually audit and enforce each requirement
• Contains clearly marked callout boxes where your organization customizes the policy to match your tools, contracts, and risk tolerance
• Is written for employees, contractors, and subconsultants — ready to drop into an employee handbook without rewriting the tone

Policy Tracks¶

AEC Firms¶

Policies tailored for architecture, engineering, and construction firms running industry-standard tools (ArchiCAD, Revit, AutoCAD, Bluebeam, M365, Google Workspace, Adobe Creative Cloud).

• AI Acceptable Use Policy for AEC Firms
• Acceptable Use Policy for AEC Firms
• BYOD Policy for AEC Firms
• Remote Work Security Policy for AEC Firms
• Incident Response Plan for AEC Firms

General SMB¶

Policies for any small or mid-sized professional services firm.

• AI Acceptable Use Policy
• Acceptable Use Policy
• BYOD Policy
• Remote Work Security Policy
• Incident Response Plan

Shared References¶

• Password Policy Best Practices — Current NIST, Microsoft, and CIS password guidance side by side
• MFA Method Comparison — MFA methods rated on phishing resistance, user friction, cost, and SMB suitability
• IT Onboarding Checklist — Step-by-step IT setup process for new hires
• IT Offboarding Checklist — Account disabling, hardware recovery, and data transfer when someone leaves

How to Use These Policies¶

1. Download or copy the policy you need
2. Look for the callout boxes — these are clearly marked sections where you customize for your organization (labeled "Firms" in AEC policies, "Company administrators" in general SMB policies)
3. Search for [INSERT placeholders — a few fields require your organization-specific information
4. Review with your leadership and legal counsel before adding to your employee handbook

Contribute¶

Find an error, have a suggestion, or want to contribute a new policy? Visit the GitHub repository.

These policy templates are provided as-is for informational and operational purposes. They do not constitute legal advice and do not replace consultation with qualified legal counsel.