Skip to content

Acceptable Use Policy

Open IT Policy Library by Sorted Solution | sortedsolution.com
Version 1.0 — March 2026 Free to use, fork, and adapt at github.com/sortedsol/Open-IT-Policy-Library | Download DOCX version

1. Purpose

This policy defines acceptable and unacceptable use of the company's technology resources — computers, networks, software, email, cloud services, and data. It exists to protect the company, its clients, and its employees from security incidents, data loss, and legal liability.

This is not about restricting how you work. It's about making sure the tools the company provides are used responsibly and securely.

2. Scope

This policy applies to everyone who uses the company's technology resources — employees, contractors, consultants, interns, and temporary staff. It covers:

  • Company-owned desktops, laptops, tablets, and phones
  • Personal devices used for company work (see the BYOD Policy for additional requirements)
  • The company's network, VPN, and Wi-Fi
  • Company-managed email, cloud storage, and collaboration platforms (Microsoft 365, Google Workspace, Dropbox, SharePoint, OneDrive, Slack, Teams, etc.)
  • Software licensed by the company
  • Any third-party service you access using company credentials

3. Ownership

Everything stored on or transmitted through the company's technology resources is the company's property. This includes email, files, messages, browser history, and cloud-stored data. The company may access, review, or monitor this data at any time without prior notice for security, compliance, or legal purposes.

Don't store personal files on company devices or in company cloud accounts. The company is not responsible for personal data on its systems, and it may be deleted during maintenance, offboarding, or incident response without warning.

4. Acceptable Use

4.1 General Principles

  • Use company technology primarily for company business. Incidental personal use is fine — checking personal email, browsing during lunch — as long as it doesn't interfere with your work, consume significant resources, or create security risks.
  • Keep your workstation locked when you step away (Windows: Win+L, Mac: Ctrl+Cmd+Q).
  • Log out of shared workstations when you're done.
  • Don't share your credentials with anyone, including IT. IT will never ask for your password.
  • Use the company VPN when working from outside the office.

4.2 Email and Communication

  • Company email is for company business. Don't use it to sign up for personal accounts, newsletters, or services unrelated to work.
  • Don't forward company email to personal email accounts.
  • Don't open attachments or click links in unexpected emails — if something looks suspicious, report it to IT. It's always better to ask than to click.
  • Don't send confidential client or business data to personal email addresses or unauthorized external recipients.
  • Be professional in all company communications. Email, chat messages, and other communications are business records and may be discoverable in legal proceedings.

4.3 Software and Licensing

  • Only use software that IT has approved and licensed for the company. Don't install software on company devices without IT approval — this includes browser extensions, plugins, and "free" tools downloaded from the internet.
  • Don't use personal licenses for company work, and don't use company licenses for personal work.
  • Don't share license credentials between employees or install company software on personal devices unless IT has explicitly approved it.

Company administrators

List your specific license management rules here. Common items: seat-based vs. floating licenses, how employees request new software, and how to handle licenses for contractors.

4.4 Cloud Storage and File Management

  • Store work files in the company's approved storage systems — not on your local desktop, personal cloud storage, or USB drives.
  • Follow the company's folder structure and naming conventions.
  • Don't sync work folders to personal cloud storage (Google Drive, iCloud, personal OneDrive, personal Dropbox).

Company administrators

Specify your approved file storage and collaboration platforms here (e.g., "All client files must be stored in [SharePoint / company file server / approved cloud platform]. Personal cloud storage is not approved for company data.")

5. Unacceptable Use

The following are never acceptable, regardless of the circumstances:

  1. Accessing, downloading, storing, or distributing illegal content on company systems
  2. Using company resources to harass, threaten, or discriminate against anyone
  3. Attempting to bypass security controls, firewalls, content filters, or access restrictions
  4. Connecting unauthorized devices to the company's network (personal routers, network switches, wireless access points)
  5. Using company systems for personal commercial activity, side businesses, or freelance work
  6. Sharing company credentials, VPN access, or software licenses with anyone outside the company (including family members)
  7. Installing unauthorized remote access tools (TeamViewer, AnyDesk, personal VPN clients) on company devices
  8. Disabling, uninstalling, or interfering with endpoint protection software, device management, or security tools
  9. Connecting to the company network from a device that doesn't meet the company's security baseline (current OS, endpoint protection, encrypted storage)
  10. Using company email or communication tools to impersonate another employee
  11. Downloading or distributing pirated software, cracked license files, or unauthorized license key generators

6. Data Handling

6.1 Client and Business Data

Client and business data is the company's most sensitive asset. This includes client files, correspondence, financials, proposals, contracts, and any other confidential business information.

  • Never share client or business data with unauthorized parties.
  • Follow the company's data classification policy (if applicable) for handling different types of data.
  • When sharing data with external parties (clients, vendors, partners), use the company's approved file sharing methods — not personal email or personal cloud storage.
  • Don't store client or business data on personal devices, personal cloud storage, or removable media (USB drives, external hard drives) unless specifically authorized by IT.

6.2 Removable Media

  • USB drives and external hard drives are generally not approved for storing company data. If you need to use removable media, get approval from IT first.
  • Encrypt any removable media containing company or client data.
  • Never plug in a USB drive you found or received from an unknown source.

6.3 Data Retention and Disposal

  • Don't delete business or client data unless you're following the company's retention policy.
  • When disposing of old equipment, IT will handle secure data wiping. Don't donate, sell, or throw away company devices without going through IT.

Company administrators

Specify your data retention requirements here, especially for client records, contracts, and financial data. Many industries have specific retention requirements.

7. Network and Internet Use

  • The company's network is monitored. IT can see what devices are connected and what traffic is flowing through the network.
  • Don't use the company's network for high-bandwidth personal activities (streaming, large personal downloads, torrenting) that degrade performance for everyone.
  • Don't attempt to access the company's network infrastructure (routers, switches, firewalls, servers) unless you're authorized IT staff.
  • When working remotely, use the company VPN to access company resources.

8. Physical Security

  • Don't leave company laptops unattended in vehicles, public spaces, or unsecured areas.
  • Lock your workstation when you leave your desk — even for a few minutes.
  • Report lost or stolen devices to IT immediately — within 1 hour if possible. The faster IT knows, the faster they can remotely wipe the device and secure company data.
  • Don't let unauthorized individuals tailgate into the office or access server rooms, network closets, or IT storage areas.

9. Incident Reporting

If you notice something wrong — a suspicious email, unexpected software on your machine, a possible security breach, lost or stolen equipment, or anything else that doesn't seem right — report it to IT immediately.

How to report: [INSERT IT CONTACT: email/Slack/phone]

Don't try to investigate or fix security issues on your own. Don't wait until you're "sure" something is wrong. Early reporting prevents small problems from becoming big ones.

Company administrators

Insert your actual IT contact method and expected response time above.

10. Enforcement

  • IT may audit devices, accounts, and network usage at any time to verify compliance with this policy.
  • Violations will be handled through the company's standard disciplinary process.
  • Serious violations — especially those that expose client data or create legal liability — may result in immediate termination.
  • This policy will be reviewed and updated annually, or sooner if the company's technology environment changes significantly.

11. Disclaimer

This policy covers the company's expectations for technology use. It doesn't replace client-specific contract requirements, legal advice, or professional obligations. If a client contract imposes stricter requirements on data handling or technology use, the stricter requirement applies.

12. Acknowledgment

I have read and understand this Acceptable Use Policy. I understand that violations may result in disciplinary action, up to and including termination, and that I am responsible for using the company's technology resources appropriately.

Name: _______________________________________________

Signature: _______________________________________________

Date: _______________________________________________

13. Revision History

Version Date Summary
1.0 March 2026 Initial release

This policy is part of the Open IT Policy Library by Sorted Solution. Free to use, fork, and adapt. Attribution appreciated.

By Sorted Solution Sorted Solution