How to create an employee computer usage policy (guidelines)

by Ryan Plank
computer usage policy

Want to create an effective computer usage policy for your business but don’t know where to start?

If your employees do most of their work on a computer, then creating a computer usage policy is an important step for your organization. It guides your employees on how to use their work computers, what to use them for, and can help protect your company from certain legal liabilities.

It’s important to remember that laws surrounding computer usage policies vary by location and can change over time. For this reason, we advise that you seek professional legal counsel before moving forward with your computer usage policy.

In this article, we’ll take a look at what a computer usage policy is, what they generally contain, and 3 key reasons why you need one.

This Article Contains:

(Click on the links below to go to a specific section)

Let’s dive in.

What is a computer usage policy?

Note: These first few sections focus on what a computer usage policy is, why you need one, and what generally goes into one. 

A computer usage policy is a document that provides employees with guidelines on how to appropriately use company equipment and the internet on your work computer network.

This policy is designed to make employees aware that browsing specific sites, downloading certain files, and using the computer system for anything other than business purposes is prohibited. It’ll also highlight how violations of the policy could be handled. Depending on the laws in your region and the severity of the violation, it could lead to termination of employment and other consequences. 

This way, you help protect your business from various risks like losing or leaking important information and computer files or getting your computers infected with malware.

However, businesses aren’t the only ones who benefit from such a policy.

Most universities also have a computer and internet usage policy. Students, faculty, and staff have to adhere to a similar university policy when using a university computer or when they access the university’s information technology resources. 

To use the campus network, students might have to go to a specific computing facility on campus or the university’s library and access the computers from the library staff or with their library card. 

This kind of policy often helps businesses minimize the risk of computer misuse – whether in the university library or a business office.

The goal of a computer usage policy is to create a safe computer environment within your organization for all parties. It’s meant to protect the company from dangerous and detrimental computer activity on the network and to inform employees of what they can and can’t do on company computers.

What should a computer usage policy cover?

National and regional laws surrounding computer usage policies vary across locations, so there’s no standard format that fits every organization. We advise seeking legal counsel to find out what needs to be included in yours. Here are a few items that can generally be found in a computer usage policy: 

1. Overview

This is the introduction to the document. It usually includes your company’s name and briefly mentions the reasons for creating a policy.

2. Scope

This section lays out what the document will include – and the people, facilities, and equipment it applies to.

3. Purpose

This section shares the purpose of the policy. The goal is to give your employees more detail on the specific reasons for implementing the policy. 

You might mention the most important reasons for creating a policy. 

Ideally, it would be phrased in a way that your employees can see how the policy will help both the organization and themselves to be better at their job. 

4. Policy

The policy itself can vary depending on your industry, location, size, and the type of business you’re running. It may include the following sections, which your legal counsel can customize depending on your needs:

A. A blanket statement

This general, blanket statement explains that your employees could be monitored when using work computers and the business network for the purposes of adhering to the law (if that is the case).

Businesses often try to make it clear that employees should not expect personal privacy while using company equipment on company time.

B. What is appropriate employee computer and internet usage?

This section describes what’s included in proper employee computer use and internet access, according to company policy.

This section is specific and can be customized to the nature of your business. For example, many companies prohibit using social media during work hours. However, if you’re a social media marketing agency, this isn’t feasible. 

In this case, it would specify what their job duties are and the approved activities to carry out those duties. Also, it clarifies their level of authorization as computer users and what the acceptable use of these communication platforms is.

C. What is inappropriate employee computer and internet usage?

This section might answer the questions below. Remember to consult your legal counsel to make sure you include everything that is required and nothing that is prohibited:

  • Which activities are considered unauthorized?
  • When are employees prone to abuse their access to confidential information?
  • In what instances will employees have to be denied their computing privileges?
  • On what occasions do they breach security policies and abuse internet use?
  • What type of activities are considered illegal and will have law enforcement consequences?

D. Sections on each procedural policy 

Here, you might include additional specifications on some of these elements:

  • Usage: Computers should not be used for any illegal activities, chain letters (electronic mail spam), or discriminatory communication. You may also include more specific usage violations.
  • Monitoring: Clarifies that employees should not assume their privacy is protected while using the company-owned computer equipment – and that employers have the right to monitor their activities on the computers (if that is the case in your region under applicable law).
  • Security: Employees should not engage in activities that jeopardize the security of the computer network system.
  • Copyright: Employees cannot copy, retrieve, or modify copyrighted materials without the permission of the copyright holder. Violation of this policy can lead to copyright law enforcement for both the individual and the company.

Depending on the counsel of your legal advisors, you might expand on each of these sections to include specifics related to your industry and business.

E. Disciplinary action

The final section of the policy will likely state that violating the policy may lead to disciplinary action. You may specify what this action is, the procedure and whether the employee will get a warning beforehand.

Why do you need a computer usage policy?

Did you know that 50% of employees don’t know what’s expected from them when it comes to computer and internet usage at work? 

With a computer use policy, you can set precise guidelines for your employees’ computer usage, and they’ll better understand what behavior is expected of them when they use the organization’s computing resources.

Let’s take a look at where a computer usage policy can help you:

1. Reduces piracy and security issues

About 92% of computers with pirated software have malware like Trojan horses, viruses, and worms. 

Additionally, if your employees download pirated files or software, your company will be liable and have to pay fines. 

When you have well-defined rules that prohibit the usage of unlicensed or pirated programs, you can reduce the risk of running into serious security and legal issues like those mentioned above.

2. Minimizes computer and network misuse

There are many ways in which your employees can misuse your computer and information resources. 

So, which specific computer and network activities should you advise against in your policy?

That will depend on the laws in your area, but you may be able to prohibit activities like:

  • Hacking: Employees using your computer system to gain unauthorized access to data, other computer networks, or user logins.
  • Data misuse: Illegally revealing or transferring the company’s data to personal devices.
  • Copyright infringement: Copying of intellectual property (software, movies, books) and distributing them on the internet without copyright holder permission.
  • Identity and financial abuses: Financial frauds and handling stolen credit card information.
  • Cryptocurrency mining: Using your computer resources and power to mine bitcoins and other cryptocurrencies.
  • Using excessive network bandwidth: Downloading unnecessary files that might result in bandwidth loss.

There are even some official laws against such misuses, like the Computer Fraud and Abuse Act and the Data Protection Act.

That’s why it might be worth it to include such guidelines in your company’s computer usage policy too. This way, you can lay out clear rules which your employees can refer to, and they’ll understand the consequences received if they violate the policy.

3. Helps you address employee privacy concerns

Privacy-related laws and monitoring rights will also differ according to country and state.

That’s why it can be important to create a straightforward policy about the degree of privacy your employees should expect and your company’s monitoring activities in the workplace. 

Many employees expect to have personal privacy while working on company-owned computers.

However, according to the Electronic Communications Privacy Act of 1986, an employer in the U.S. can monitor employee activity on three occasions:

  • Business exception: An employer can intercept employee communication when transmitted on company-owned devices during the ordinary course of business.
  • Consent exception: An employer can monitor communication activities as long as at least one individual agrees.
  • Service provider exception: An employer can monitor communication on the company’s communication system channels. These include email use, voicemail, and other communication software.

For this reason, your counsel may advise you to emphasize in the policy that computers are company assets and not a device on which they can conduct personal activities. 

Including such aspects in your computer usage policy can help your employees understand what expectation of privacy and monitoring they should have, and help them stay away from unproductive internet activities.

Final thoughts

Apart from potentially minimizing risk, a computer usage policy can help your employees understand what is acceptable and what is not when they’re using a company computer.

This way, you clearly illustrate their responsibilities, which could result in better efficiency, more productive employees, and a more secure online working environment.

Along with the help of your legal counsel, the examples we’ve mentioned above can help you create a strong computer usage policy that keeps your employees focused and motivated in no time!

Book a free demo of Time Doctor

help managers focus on what matters most
time doctor ratings

Related Posts