What to include in an IT policy

Your IT policy should cover:

  • what devices the company will provide to employees
  • if personal devices can be used for work and, if so, when
  • how issues with devices can be reported
  • how to keep equipment and information secure, including when working remotely
  • what kind of IT training employees can expect to receive
  • good cyber security practice. For example, rules on passwords and safe use of email
  • how information will be stored and backed up
  • rules for employees on downloading software
  • how employees can report a cyber incident, such as a hack or a phishing attack
  • consequences for employees who breach this policy