A print-ready PDF of this policy is available at: /pdfs/Acceptable_Use_Policy__Redacted__-_v1.0.pdf
Acceptable Use Policy v1.0
Rules governing use of company IT systems, networks, data, and equipment
Purpose and Scopeπ
This policy defines the acceptable use of PolicyPress βs information systems, networks, devices, and data. It exists to protect the company, its employees, and its customers from risk - not to restrict people from doing their jobs.
This policy applies to all employees, contractors, and third parties who access PolicyPress systems or data, whether on company-owned or personal devices.
General Principlesπ
Use company systems and data:
- For work purposes - personal use is tolerated when incidental and does not interfere with your work or company resources
- With care - treat company systems and data as you would any professional asset
- Honestly - do not misrepresent yourself, falsify records, or circumvent controls
When in doubt about whether a use is appropriate, ask your manager or IT.
Acceptable Useπ
The following uses are expected and encouraged:
- Performing your job duties and collaborating with colleagues
- Accessing systems and data you have been granted permission to use
- Installing work-required software through approved channels
- Reporting security concerns or suspicious activity to IT
Prohibited Useπ
The following uses are prohibited on all company systems and networks, including personal devices used to access company resources:
Data and Privacyπ
- Accessing, copying, or sharing data beyond what your role requires
- Sharing confidential company, customer, or employee information with unauthorized parties
- Circumventing data loss prevention controls or access restrictions
Systems and Networkπ
- Installing unauthorized software, tools, or browser extensions on company devices
- Attempting to gain unauthorized access to any system, account, or network
- Using company systems to conduct cryptocurrency mining or run personal services
- Connecting unauthorized devices to the internal network
Communicationsπ
- Sending harassing, discriminatory, or threatening communications via company systems
- Impersonating another person or organization
- Using company email or accounts for personal commercial activity
Legal and Complianceπ
- Downloading, storing, or distributing copyrighted material without authorization
- Accessing or distributing illegal content of any kind
- Violating applicable laws or regulations through company systems
Passwords and Credentialsπ
- Use a unique, strong password for every system (use a password manager)
- Enable multi-factor authentication (MFA) wherever it is offered
- Never share your credentials with anyone, including IT staff
- Report suspected credential compromise to IT immediately
Personal Devices (BYOD)π
If you use a personal device to access company systems (email, Slack, cloud services):
- The device must be password or PIN protected
- Company data must not be stored permanently on personal devices unless in an approved app
- PolicyPress may require the remote wipe of company data from your personal device if it is lost, stolen, or upon your departure
- PolicyPress will not access personal data on your device beyond what is technically required to manage the companyβs data
Remote Workπ
When working remotely:
- Use the company VPN when accessing internal systems, if required by IT
- Do not conduct sensitive work on public Wi-Fi without VPN protection
- Lock your screen when stepping away from your device
- Do not allow household members or guests to use company-owned equipment
Monitoringπ
PolicyPress reserves the right to monitor use of company systems and networks to the extent permitted by applicable law. This includes:
- Network traffic and logs on company-managed infrastructure
- Email and communication metadata (not content, unless required for a security investigation)
- Activity on company-owned devices
Monitoring is conducted for security, legal compliance, and operational purposes. Employees should have no expectation of privacy when using company-owned systems or networks.
Reporting Violationsπ
If you observe a violation of this policy or a security concern, report it to IT or your manager promptly. Reports made in good faith will not result in retaliation.
Enforcementπ
Violations of this policy may result in disciplinary action up to and including termination, and may be referred to law enforcement where criminal activity is involved.
Exceptionsπ
Exceptions to this policy (e.g., security research requiring otherwise-prohibited tools) must be:
- Documented with business justification
- Approved in writing by IT/Security and the relevant manager
- Time-limited
For questions, contact IT or your manager.
Revisions
| Version | Date | Description | Revised by | Approved by |
|---|---|---|---|---|
| v1.0 | Jan 01, 2026 | Initial policy. | IT / Security | CEO |