Best Practice
Policy Templates

Whether you’re writing a new policy or updating an existing one, myPolicies has you covered. We’ve been writing and refining our policy templates for over a decade to ensure they are comprehensive and easy to understand. Never write another policy from scratch with over 150 road tested policy templates at your fingertips.

Filter Options
Security
Continuity
Talent Management
HR Operations
Data
Learning & Development
IT Operations
Hardware
Acceptable Usage
Software

No items matched this filter. Please try another.

Access Control Policy

The policy provides a framework to ensure users have the appropriate access levels specifically authorized to them by the organization or specific department leaders to access information on systems and applications.

Account Management Policy

This policy outlines the only legitimate method by which the company's information systems may be accessed. Without active account management, the potential exists that legitimate users can use these accounts for illegitimate purposes.

Administrative Rights Policy

This policy describes the circumstances under which administrative rights can be granted as well as the terms and conditions upon which this privilege will be granted.

Americans with Disabilities Act (ADA) Policy

This policy outlines the specific steps taken by the company to ensure full accessibility in accordance with the Americans with Disabilities Act (ADA).

Anti-Bullying Policy

The purpose of this policy is to define bullying, outline steps to be taken against bullying and list employee conduct to ensure a safe and comfortable working environment.

Anti-Corruption Policy

The purpose of the Anti-Corruption Policy is to strengthen the ethical environment of the organization by providing guidance on the principles, standards, and responsibilities of conduct for all employees in the performance of their duties.

Anti-Harassment Policy

Harassment, in all of its forms, has a negative impact on employees. An employee who is harassed may suffer from a range of physical, mental, and emotional stresses that can affect their personal and professional lives. An anti-harassment policy is necessary to prevent and eradicate harassment in the workplace. The purpose of an anti-harassment policy is to provide a framework to prevent harassment in the workplace, to communicate the rights and responsibilities of those involved in a harassment claim, and to alleviate effects in the event harassment does occur. The anti-harassment policy template was created for myPolicies by its parent company, Info-Tech Research Group. myPolicies is an online policy management software that streamlines the creation, approval, distribution, and monitoring of corporate policies, procedures, and forms. Access to over 150 Policy templates like these are one of the many benefits to myPolicies.

Anti-Violence Policy

The company maintains a zero tolerance position on violence at a workplace, and this policy provides a definition of what workplace violence is, how to prevent it, and how to report it.

Anti-Virus Policy

The purpose of this policy is to provide instructions on measures that must be taken by the company's employees to help achieve effective virus detection and prevention.

Application Security Policy

This policy ensures that the quality and integrity of this company's applications will be designed and implemented in as secure a manner as possible using pre-defined application development principles and procedures.

Asset Management Policy

The purpose of this policy is to ensure assets are identified appropriately and the proper protection controls for those assets are in place.

Attendance Management Policy

This policy lists the various reasons employees may take time away from work whether it be paid or unpaid.

Audit Log Review Policy

This policy will aid in the detection of unusual or unauthorized events as well as investigate causal factors for identified events, reconstruct the course of events before and after an event, and identify the account associated with a specific event.

Background Check Policy

This policy establishes that the company may conduct background checks on prospective or existing employees through a third party agency to verify personal information, determine organizational fit, and maintain a safe and productive work environment.

Benefits Policy

This policy attempts to provide a benefits plan that is competitive with those found elsewhere in the industry at a reasonable cost.

Blogging Policy

The company blog policy template outlines standards for the use of corporate blogs and blogging platforms.

Business Expense Reimbursement Policy

This policy reimburses employees for money spent on behalf of the company, or a client of the organization, provided the expense is proper and reasonable, in accordance with the policies, is proper under applicable federal regulations and is receipted and reported in accordance with the organization's policy.

Change Control Freezes and Risks Policy

The purpose of this policy is to place restrictions on the number and complexity of systems changes for periods of time around key schedule systems activities.

Change Management Policy

This policy will define a consistent approach to manage changes to the IT environment of your enterprise. Changes to IT applications (or infrastructure) must be managed properly to avoid disrupting the normal operation of the enterprise.

Children in the Workplace

This policy outlines the procedures for instances in which an employee is forced to bring their child to work with them.

Communications Security Policy

The purpose of this policy is to ensure security is a key consideration in network management and in the transfer of information in and out of the organization.

Community Fundraising Policy

This policy outlines the procedures for the organization as it pertains to sponsoring fundraising campaigns for community partner organizations.

Company-Owned Vehicle Usage Policy

Employees who operate any of our vehicles on approved by the organization are responsible for its care, and the following policy outlines the expectations and guidelines for using an organization-owned vehicle.

Complaint Resolution Policy

The purpose of this policy is to provide an effective mechanism for resolving workplace issues in a fair, timely, and transparent manner.

Compliance Policy

The purpose of this policy is to ensure proper measures are in place to avoid non-adherence to information security compliance requirements – legal, contractual, regulatory, or otherwise.

Conflict of Interest Policy

This policy outlines how to identify a conflict of interest, examples of conflict of interest, and reporting procedures.

Contingency Planning Policy

This policy establishes the manner in which information systems will continue to be operated in the event of a catastrophic failure to the information system or any of its components.

Corporate Communications Policy

This policy seeks to establish guidelines for presenting the organization to current and potential stakeholders, both internally and externally.

Corporate Social Responsibility Policy

This policy ensures commitment to handling business relations in a socially and environmentally conscious way, as well as maintaining ethical corporate governance practices to benefit the community and maintain environmental sustainability.

Cryptography Policy

The purpose of this policy is to ensure correct use of cryptography to protect the confidentiality, authenticity, and integrity of the organization’s information.

Data Access Policy

This policy will outline the responsibilities for the protection of institutional data and prevent unauthorized, wrongful, or malicious use.

Data Archiving Policy

The purpose of this policy is to outline the responsibilities for appropriately preserving and protecting corporate data.

Data Back-Up Policy

The Data Backup Policy will outline the mechanisms to help safeguard corporate data using regular backups and have data available in the event of a catastrophic system failure.

Data Cleansing and Quality

The Data Cleansing and Quality Policy will outline the responsibilities for ensuring that all corporate data adheres to the principles of data quality and that redundant information is appropriately and effectively disposed of.

Data Entry and Provenance Policy

This policy will outline the responsibilities for maintaining the integrity and quality of data and provenance data used to inform corporate decision making.

Data Integration and Virtualization Policy

This policy will outline the responsibilities for mitigating the risks to personal privacy when integrating, replicating, or virtualizing personal data, and ensure data integration, replication, or virtualization only occurs when necessary.

Data Management Policy

The data management policy will outline the standards for uniform management of all corporate critical data.

Data Protection Policy

The data protection policy will outline the standards for protecting corporate data from any risk that it may be exposed to.

Data Security Policy

The data security policy will outline the standards for protecting all corporate and client data from security breaches.

Disability Accommodation Policy

The purpose of this policy is to provide reasonable accommodations for persons with disabilities in a manner that is respectful of each person’s dignity up to the point of undue hardship.

Document Retention Policy

This policy describes the rules retaining copies of documents for regulatory, legal and strategic purposes.

Document Security Policy

The purpose of a document security policy is to provide examples for document encryption redaction and metadata cleaning within this company.

Downtime Policy

This downtime policy helps create a baseline for what is considered acceptable or planned downtime of systems and applications.

Drugs and Alcohol Policy

The purpose of this policy is to outline the expectations of behavior of employees during working hours with regards to drugs and alcohol, and the organization maintains a zero tolerance policy for the use of drugs and alcohol while at work.

Educational Leave of Absence Policy

The organization provides employees with the option of taking a leave of absence from work, if pursuing further education, given its relation to their job duties.

Email Acceptable Use

This email policy template outlines the standards for appropriate use of corporate email accounts.

Employee Recognition and Rewards Policy

The goal of this policy is to acknowledge and encourage exceptional achievement and behavior in the workplace in a tangible manner.

Employee Records Policy

This policy outlines the procedure for keeping and accessing employee records in the strictest confidence, and contain a complete history of an employee’s employment at an organization.

Employee Reference Provision Policy

The goal of this policy is to provide fair treatment to former employees of the organization in their pursuit of employment at other organizations, as well as to protect the company from potential legal liability.

Employee Referral Policy

This policy encourages employees to draw on their existing networks and refer individuals whom they believe to have the skills and fit necessary to succeed at the organization.

Employee Romantic Relationships Policy

This policy outlines appropriate workplace conduct for employees involved in a romantic or non-platonic relationship.

Employee Status Change Policy and Form

The policy outlines the processes that must be followed when hiring, terminating, or otherwise changing the status of any of the organization's employees.

Enterprise Architecture Policy

This policy ensures that information services, resources, and technologies are fully and properly used in support of a company’s strategies and processes in order to achieve its organization goals.

Equal Employment Policy

This policy outlines the company's zero tolerance policy towards discrimination in hiring or during employment.

Firewall Policy

This policy describes how the company's firewall will filter Internet traffic in order to mitigate risks and losses associated with security threats, while maintaining appropriate levels of access for business users.

Flex Location Policy

This policy offers a range of flexible work arrangements, such as telework or telecommuting for the practice of working at home, or at another secondary work site location, instead of working at the primary place of work (i.e. the office).

Flex Time Off Policy

Flexible Time Off (FTO) policy is oriented to empower employees to make erudite decisions about their paid and unpaid time off and outlines FTO scope and procedures at the organization.

Flexible Succession Plan Policy

This policy ensures a commitment to developing a comprehensive, flexible succession plan for all critical roles within the organization, which ensures that critical roles are not left vacant and that transfer of vital, specific information occurs.

Green Office Initiatives Policy

The purpose of this policy is to improve the company's environmental performance by minimizing pollution and waste, conserving energy, and supporting environmentally friendly practices and initiatives.

Health and Safety Policy

The purpose of the Health and Safety Policy is to maintain a healthy and safe working environment for all employees, and to provide a mechanism for reporting instances of unsafe or unhealthy situations.

Hiring of Relatives Policy

This policy governs the hiring and continuing employment of relatives in order to minimize the risk of conflict and the possibility of favoritism.

Human Resources Security Policy

The purpose of this policy is to ensure personnel, including contractors, are aware of and understand their responsibilities in regards to security.

Identity and Access Management Policy

This policy establishes that without authorization, identification, and authentication controls, the potential exists that information systems could be accessed illicitly and that the security of those information systems can be compromised.

Incident Response Policy

An incident management process and policy is critical for mitigating the risks associated with security incidents. Without an incident response policy the potential exists that a security incident will go unnoticed and the magnitude of harm associated with the incident will be significantly greater than if it were noted and corrected. The incident response policy template provides a framework for the management of security incidents as well as an outline for how an organization monitors and responds to such incidents. This template was created for myPolicies by its parent company, Info-Tech Research Group. myPolicies is an online policy management software that streamlines the creation, approval, distribution, and monitoring of corporate policies, procedures, and forms. Access to over 150 Policy templates like these are one of the many benefits to myPolicies.

Inclement Weather Policy

This policy outlines the procedures for notification and employee responsibilities when severe weather conditions pose a hazard to our employees’ personal safety, given that it can be a significant barrier to our operations, the company's offices may be close.

Information Acceptable Use Policy

The information acceptable use policy outlines standards for appropriate use of corporate information and IT equipment.

Information Disposition and Retention Policy

The information disposition and retention policy will outline the standards for which corporate records should be retained or disposed of, how they should be retained or disposed of, and for what period they should be retained.

Information Security Aspects of Business continuity Planning Policy

The purpose of this policy is to ensure that information security is properly addressed within the organization’s Business continuity Planning (BCP) strategy.

Information Security Incident Management Policy

The purpose of this policy is to ensure proper recognition, management, and communication of security events and weaknesses through a formal process.

Instant Messaging Acceptable Use Policy

The instant messaging usage and security policy outlines the standards for the usage of, and security controls associated with, corporate instant messaging.

Instant Messaging Usage and Security Policy

This policy ensures that the use of Instant Messaging is not abused or misused within the organization.

Internet Acceptable Use Policy

Internet usage is both a necessary tool and a potential distraction and security risk. With capabilities of the Internet and users advancing daily, it is important for organizations to construct an Internet access policy during working hours and on company resources.

IT Security Risk Strategy Policy

The purpose of this policy is to ensure adequate processes and controls are in place to mitigate risks and measure progress related to security performance and it applies to all business processes and data, information systems and components, personnel, and physical areas of the organization.

IT Standards Policy

The IT standards policy organizes standards by technology category, distinguishes standards from preferred products, and documents products or policy standards that govern technology acquisition.

IT Support Policy

The IT support policy will outline the basic level of support guaranteed by a corporation’s IT Department as well as the method by which IT requests will be prioritized.

Jury Duty and Witness Leave Policy

This policy outlines the procedure for taking leave from work to attend jury duty or duties as a witness.

Lactation Accommodation Policy

This policy is designed to accommodate new mothers who wish to continue breastfeeding upon their return to the workplace and ensures that women who are pregnant or who are intending to become pregnant are fully aware of the accommodations that will be made for them upon their return to work.

Media Protection Policy

This policy ensures quality and integrity of the organization's media protection mechanisms and allows information to be provided a greater level of security than can be achieved with system based protection mechanisms alone.

Military-Reservist Leave Policy

This policy protects military/reservists from discrimination during a leave of absence. It outlines employee eligibility, the process of notification, and how such leave affects the employee’s job status and benefits.

Mobile Device Acceptable Use Policy

The mobile device acceptable use policy outlines standards for the use of mobile devices when connected to corporate networks and data.

Multi-Factor Authentication Policy

This policy presents multi-factor authentication methods to increase security of information systems, which include passwords, tokens, OOB SMS or email options, which must be treated carefully.

Network Resource Personal Use Policy

The limited personal use of network resources policy outlines the standards for appropriate usage of corporate network resources.

Non-Solicitation Policy

This policy outlines the expectations of any current or departing employees when engaging with external organizations to ensure protection and goodwill of the organization, our stakeholders, data, and business practices.

Office Supplies Policy

This policy ensures provision of employees with basic office supplies, such as pens, paper, note pads, and any additional items that are not typically purchased under a requested approval for the purchase from your supervisor and notification of the office administrator.

On-Call Policy

This policy's purpose is to establish and outline the expectations and compensation for employees required to be placed on on-call status outside of their scheduled work hours.

Onboarding Policy

This policy addresses the onboarding and orientation processes and sets out roles and responsibilities to ensure all new employees feel welcome at the organization.

Operations Security Policy

The purpose of this policy is to ensure the secure operations of information processing facilities within and related to the organization, which applies to all business processes and data, information systems and components, personnel, and physical areas of the organization.

Organization of Information Security Policy

The purpose of this policy is to ensure a framework is in place to include information security within internal and remote operations, and applies to all business processes and data, information systems and components, personnel, and physical areas of the organization.

Outside Employment Policy

This policy provides guidelines and procedures for employees seeking approval for outside employment if they wish to do so, in addition to their official responsibilities with our organization, given that they are full time employees.

Overtime Policy

The overtime policy will outline the standards for regular employee eligibility and compensation for overtime. The policy will help to ensure that all overtime is authorized and employees are correctly compensated for it.

Paid Time-Off Policy

This policy combines traditional vacation and sick day benefits, providing employees with some flexibility and discretion as to when they take time away from work and outlines the circumstances under which an employee’s time away from work will or will not be paid.

Pandemic Policy

This policy outlines the specific steps taken by the organization to ensure full safety of our employees and business continuity within the organization during a pandemic that play a critical role in mitigating the impact of a pandemic on the organization and our employees.

Password Policy

This policy ensures that passwords provide as much security as possible, and are carefully created and used minimizing risks for easier illicit access to the organization's information systems, and thereby compromising the security of those systems.

Patch Management Policy

The patch management policy outlines standard application maintenance and patch management practices and responsibilities for identifying and mitigating any system vulnerabilities.

Personal Device Acceptable Use Policy

The PDA usage policy outlines standards for connecting to company network(s) or related technology resources via any means involving mobile devices that are categorized as personal digital assistants.

Physical Access Policy

This policy addresses physical access controls, to avoid the potential risk that information systems could be illegitimately physically accessed and the security of the information they house could be compromised.

Physical and Environmental Policy

The purpose of this policy is to ensure proper measures are in place to prevent unauthorized physical access or damage to the organization’s information and facilities.

Plagiarism and Copyright Policy

The goal of this policy is to inform employees at the organization on the rules and procedures relating to plagiarism and copyright law compliance, given that the company holds a “zero tolerance” position on plagiarism and copyright infringement.

Probationary Period Policy

This policy ensures that the company is the right fit for individuals we hire, therefore, all newly hired employees will complete a certain probationary period in order for the organization to select and retain the best people for the job.

Promotions and Transfers Policy

The purpose of this policy is to support career development by providing opportunities for promotions and internal transfers for its employees.

Recognition and Appreciation Policy

The purpose of this policy is to acknowledge and encourage exceptional achievement and actions that promote the organization's mission and core values.

Reference Check Policy

Under this policy, the organization will conduct reference checks to verify information and assess candidates’ fit. Offers of employment will be contingent on the successful completion of all elements of the hiring process, including reference checks.

Rehiring Policy

This policy governs the process of rehiring eligible former employees.

Results Only Work Environment (ROWE) Policy

This policy ensures that regular employees [with the exception of contract workers and list other exempt groups] are free to complete their work on their own schedule and in a location of their own choosing so long as they meet agreed upon performance goals and targets.

Retirement Policy

The purpose of this policy is to make the transition from employment to retirement as smooth as possible. This policy governs retirement procedures for all employees.

Risk Assessment Policy

By following the guidelines of thei policy and determining the amount of risk that exists, the company will be in a better position to determine how much of that risk should be mitigated and what controls should be used, which would eliminate inappropriate (either too strict or too lax) security controls.

Secondment Policy

This policy will outline formal procedures for internal and external secondment, as an organization committed to employees and their development, the organization values the use of secondment as an avenue for its top talent to learn and grow on the job.

Security Assessment Policy

This policy adresses the quality and integrity of organization's security assessment and is focused on determining the degree to which information system security controls are correctly implemented, whether they are operating as intended, and whether they are producing the desired level of security.

Security Infrastructure Policy

This policy is directed at the develeopment of security infrastructure, which allows information systems to obtain a greater level of security than can be achieved through configuration control alone by delivering enhanced security capabilities.

Security Training Awareness Policy

This policy addresses quality and integrity of the management of the organizations’s information systems, understanding the security implications of their actions and increases the likelihood that information system security will not be breached through technical measures or non-technical measures.

Server Back-Up Policy

This policy outlines how and when data residing on company servers will be backed up and stored for the purpose of providing restoration capability.

Server Space Usage Policy

The server space usage policy will outline the standards for appropriate use of network server storage space.

Short-Term Disability Policy

The purpose of this policy is to provide employees with income protection during unavoidable absences necessitated by a short-term or temporary disability. For the purposes of this policy, disability includes any illness, injury, or other medically certified disability.

Small Enterprise Change Management Policy

The small enterprise change management policy properly manages how to effectively change management requirements and create a solid policy.

Smoking Policy

This policy addresses secondhand smoke health hazards in consideration of the concerns and sensitivities of our employees, and the organization enforces a no-smoking policy, given the commitment to a smoke-free work environment.

Social Media Acceptable Use Policy

The social media acceptable use policy outlines the standards for employee use of social media.

Software Acquisition and Usage Policy

The software acquisition and usage policy outlines the requirements for selection, acquisition, evaluation, and use of company software.

Software Development Policy

The software development policy outlines the standard for corporate software development and code management.

Software Installation Policy

The software installation policy outlines the permitted and prohibited software titles and the proper procedures for software installation on company devices.

Special Request Handling Policy

The special request handling policy evaluates the nature of non-project requests and prioritizes requests against business and IT objectives as well as allocated resources to request completion.

Supplier Relationships Security Policy

The purpose of this policy is to ensure proper protection of the organization’s assets that are accessed by suppliers.

System Acquisition, Development and Maintenance Policy

The purpose of this policy is to ensure information is a forefront consideration throughout the lifecycle of information systems in the organization.

System Change Control Policy

This policy ensures that configuration of the change control involves the systematic proposal, justification, implementation, test/evaluation, review, and disposition of changes to information systems, including upgrades and modifications.

System Configuration Policy

This policy focuses on the quality and integrity of the organization's standardized configuration settings allowing information systems and information system components to be consistently deployed in an efficient and secure manner.

System Maintenance Policy

This policy sets guidelines for systems maintenance processes that are required to ensure that maintenance is conducted in the most secure manner possible, ensuring that performance of systems maintenance helps to alleviate compromised information system security.

System Monitoring and Auditing Policy

This policy is oriented at implementation of system monitoring that is used to look either intentional or unintentional inappropriate actions, that have occurred within an information system.

Taxonomy Quality Assurance Policy

The taxonomy quality assurance policy has been established in order to preserve the accuracy of categorized folders, files, and directory structures available on network servers.

Telephone and Voicemail Acceptable Use Policy

The purpose of this policy is to balance the business need for telephone and voicemail use by the company.

Temporary Employee Policy

This policy governs temporary direct-hire employment assignments with the company.

Third-Party Access Policy

The purpose of the Third-Party Access Policy is to establish the rules for third-party access to the organization's information systems and the computer room, third-party responsibilities, and protection of the organization's information.

Tuition-Conference Reimbursement Policy

This policy outlines the requirements and procedures for receiving reimbursement of tuition fees and/or conference fees.

User Authorization Identification Authentication Policy

This policy ensures implementation of federated identity mechanisms, such as authorization, identification, and authentication controls, which allow only known users to access information systems, controls of cloud services and mobile devices with internal systems.

Wireless LAN Acceptable Use Policy

The wireless LAN user acceptable use policy will outline the standards for appropriate use of the corporate wireless network.