The Policies

1. Information security policy: From sales reports to employee social security

numbers, IT is tasked with protecting your organization’s private and confidential
data. To accomplish this, you need to define acceptable and unacceptable use of
systems and identify responsibilities for employees, information technology staff,
and supervisors/managers. This policy offers a comprehensive outline for
establishing standards, rules, and guidelines to secure your company data.

2. VPN usage policy: Using a VPN to access internal resources comes with
responsibilities to uphold network security, as well as to use company resources
safely and equitably. This policy will help you enforce security standards when it
comes to VPN use.

3. Password management policy: Employee passwords are the first line of defense in
securing the organization from inappropriate or malicious access to data and
services. Password-driven security may not be the perfect solution, but the
alternatives have not gained much traction. This password policy defines best
practices that will make password protection as strong and manageable as possible.

4. Mobile device security policy: More and more users are conducting business on
mobile devices. This can be due to increases in remote workers, travel, global
workforces, or just being on-the-go. This policy provides guidelines for mobile device
security needs to protect businesses and their employees from security threats.

5. Identity theft protection policy: Help protect your employees and customers from
identity theft. This policy outlines precautions for reducing risk, signs to watch out
for, and steps to take if you suspect identity theft has occurred.

6. Remote access policy: This policy outlines guidelines and processes for requesting,
obtaining, using, and terminating remote access to organization networks, systems,
and data.

7. User privilege policy: This policy provides guidelines for the delegation of user
privileges on organization-owned systems and guidance for high-privilege and
administrator accounts.

8. Perimeter security policy: While security principles should apply throughout the
organization, locking down the perimeter and ensuring only necessary connections
get through is an especially critical goal. This policy provides guidelines for securing
your organization's network perimeter from potential vulnerabilities.

9. Security awareness and training policy: A security policy is only as valuable as the
knowledge and efforts of those who adhere to it, whether IT staff or regular users.
This policy is designed to help your information technology staff guide employees
toward understanding and adhering to best security practices that are relevant to
their job responsibilities and avoid a potential security incident.
10. Natural disaster and emergency policy: This policy offers guidelines for responding
to natural disaster and other emergencies. The download includes both a PDF
version and an RTF document to make customization easier.

11. Resource and data recovery policy: All employees should be familiar with the
processes for recovering information if it becomes lost, inaccessible, or
compromised. This policy provides guidelines for the recovery of data from
company-owned or company-purchased resources, equipment, and/or services.

12. Incident response policy: Whether initiated with criminal intent or not,
unauthorized access to an enterprise network or campus network is an all too
common occurrence. Every enterprise needs to establish a plan of action to assess
and then recover from unauthorized access to its network. This policy provides a
foundation from which to start building your specific procedures.

13. Third party vendor policy: Many businesses rely on outside companies, known as
third party organizations, to handle their data or services. This policy provides
guidelines for establishing qualified third party vendors with whom to do business
and what requirements or regulations should be imposed upon their operational
processes.

14. Moonlighting policy: Moonlighting, is especially frequent in technology where

people with varying skills and backgrounds may find their abilities in demand by
multiple companies. This policy provides guidelines for permissible employee
moonlighting practices to establish expectations for both workers and organizations.

15. Drug and alcohol abuse policy: This policy provides a working framework for
establishing rules and procedures that prohibit drug and alcohol use on company
premises or in company vehicles.

16. Employee non-compete agreement: Don't let your valuable corporate assets,
proprietary information, or intellectual property walk out the door when an
employee leaves the company.

17. Workplace safety policy: This policy will help ensure that your company facilities are
safe for all employees, visitors, contractors, and customers.

18. Severance Policy: The Severance Policy outlines the differences between simple
departure scenarios where the employee is paid a final check for the time they
worked and any unused vacation hours, as well as more complex situations.

19. Interviewing guidelines policy: This policy will help organizations conduct useful and
appropriate interviews with potential new hires, both from a proper methodology
perspective and a legal standpoint.
20. Employee objectives policy: Defining objectives is a prime way to motivate
employees, giving them tangible proof of their accomplishments, their progress, and
their contributions to the business. However, it is important to follow certain
guidelines to provide an effective framework for establishing objectives, monitoring
them, and helping employees complete them.

21. Personnel screening policy: This policy provides guidelines for screening
employment candidates, either as full-time or part-time employees, or contingent
workers, including temporary, volunteer, intern, contract, consultant, offshore, or
1099 workers) for high-risk roles. It aims to ensure that candidates meet regulatory
and circumstantial requirements for employment.

22. Telecommuting policy: This policy describes the organization's processes for
requesting, obtaining, using, and terminating access to organization networks,
systems, and data for the purpose of enabling staff members to regularly work
remotely on a formal basis.

23. IT staff systems/data access policy: IT pros typically have access to company servers,
network devices, and data so they can perform their jobs. However, that access
entails risk, including exposure of confidential information and interruption in
essential business services. This policy offers guidelines for governing access to
critical systems and confidential data.

24. Ergonomics policy: A safe and healthy work environment provides the foundation
for all employees to be at their most productive. Not only does it promote
productivity in the workforce, it also helps prevent accidents, lawsuits, and in
extreme cases, serious injury and potentially loss of life. This policy establishes
procedures to help ensure a safe, ergonomically healthy environment.

25. IT Hardware inventory policy: This policy describes guidelines your organization can
follow to track, process, and decommission IT equipment.

26. Asset control policy: This customizable policy template includes procedures and
protocols for supporting effective organizational asset management specifically
focused on electronic devices.

27. IT hardware procurement policy: A strong hardware procurement policy will ensure
that requirements are followed and that all purchases are subject to the same
screening and approval processes.

28. BYOD (Bring Your Own Device) Policy: Our BYOD (Bring Your Own Device) Policy
describes the steps your employees must take when connecting personal devices to
the organization's systems and networks.

29. Home usage of company-owned equipment policy: Employees who work from
home often use company-supplied systems and devices, which helps ensure that
they have consistent, state-of-the-art equipment to do their work. However,
 organizations should provide usage guidelines, such as this policy, covering the
responsibilities of IT staff and employees.

30. Hardware decommissioning policy: When decommissioning hardware, standard and

well-documented practices are critical. The steps outlined in this policy will guide
your staff methodically through the process. Assets won't be unnecessarily wasted
or placed in the wrong hands, data stored on this hardware will be preserved as
needed (or securely purged), and all ancillary information regarding hardware (asset
tags, location, status, etc.) will be updated.

31. Acceptable Use Policy: Equipment: Employees rely on IT to provide the equipment
they need to get things done. This policy template assists in directing employees to
use that equipment safely and within organizational guidelines.

32. Development lifecycle policy: Software development is a complex process which

involves a specific series of steps (known as the development lifecycle) to transform
a concept into a deliverable product. The purpose of this policy is to provide
guidelines for establishing and following a development lifecycle system.

33. Patch management policy: A comprehensive patching strategy is a must to reap the
benefits, however a willy-nilly approach can result in unexpected downtime,
dissatisfied users, and even more technical support headaches. This policy provides
guidelines for the appropriate application of patches.

34. Artificial intelligence ethics policy: Artificial intelligence has the power to help
businesses as well as employees by providing greater data insights, better threat
protection, more efficient automation, and other advances. However, if misused,
artificial intelligence can be a detriment to individuals, organizations, and society
overall. This policy offers guidelines for the appropriate use of and ethics involving
artificial Intelligence.

35. Scheduled downtime policy: IT departments must regularly perform maintenance,

upgrades, and other service on the organization's servers, systems, and networks.
Communicating scheduled downtime in advance to the proper contacts helps ensure
that routine maintenance and service tasks do not surprise other departments or
staff, and it enables others within the organization to prepare and plan accordingly.

36. Internet and email usage policy: This policy sets forth guidelines for the use of the
internet, as well as internet-powered communication services, including email,
proprietary group messaging services (e.g., Slack), and social networking services
(e.g., Facebook, Twitter) in business contexts. It also covers Internet of Things (IoT)
use and bring-your-own-device (BYOD) practices.

37. Virtualization policy: Virtualization platforms are available from a number of

vendors, but it's still critical to maintain your virtualization environment to avoid
unnecessary resource consumption, out of-compliance systems or applications, data
loss, security breaches, and other negative outcomes. This policy defines
 responsibilities for both end users and the IT department to ensure that the
virtualized resources are deployed and maintained effectively.

38. Machine automation policy guidelines: Many industries rely on machine

automation implementations to save money and reduce risk. However, along with
the benefits comes the critical need to implement policies for its proper use. This set
of guidelines will help your organization keep its machine automation safe, reliable,
and in compliance.

39. Software automation policy guidelines: Software automation is used for many
business and IT processes, depending on industry vertical and individual company
business and IT needs. Because this automation is far-reaching, policy considerations
touch on many areas. This set of guidelines will help you cover all the bases as you
build a comprehensive software automation policy.