IT & device use policy template
A free, ready-to-edit IT and device use policy — also known as an acceptable use policy (AUP) — for Australian workplaces. Set clear rules for company devices, security, personal use and monitoring to protect your data and equipment. No signup required.
IT & device use policy
PDF format • Ready to download
By downloading, you agree to our template disclaimer
This IT and device use policy template reflects general Australian workplace and privacy standards at the time of publication and is provided as a general guide to adapt for your business and IT systems. It does not constitute legal, HR, or professional advice and should not be relied on as a substitute for advice specific to your business, workforce, or circumstances.
Why your business needs an IT & device use policy
An IT and device use policy — often called an acceptable use policy (AUP) — sets the rules for how your team uses company computers, phones, accounts and networks. It protects your data, manages security risk, and makes sure IT resources are used securely, ethically and legally.
Without clear rules, you risk security breaches, lost or damaged equipment, and inconsistent practices across the business. A documented policy sets expectations before problems arise, gives managers a fair basis to address misuse, and makes the device hand-back process clean when someone leaves. It pairs naturally with your BYOD policy for personal devices and your information security policy for wider data controls.
It applies to all employees, contractors and anyone who accesses company IT resources. Store the policy and capture acknowledgements in your HR software so you can show every worker has read and accepted it.
What an IT & device use policy should cover
The essentials of a clear acceptable use framework
Acceptable use
What employees can and can't do with company devices, accounts and networks.
Prohibited activities
Offensive material, harassment, illegal activity and unauthorised access or software.
Security requirements
Strong passwords, screen locks, software updates and least-privilege access.
Data protection
Keeping company and customer data secure on every device.
Monitoring & privacy
What the business may monitor and how employee privacy is respected.
Issue & return
Assigning devices, an asset register, and returning equipment on exit.
What's included in this template
A complete acceptable use framework for company IT and devices
Purpose & scope
Why the policy exists and that it covers all IT resources, employees and contractors.
Policy statement
The organisation's commitment to secure, appropriate IT use.
Authorised use
Business use plus any permitted incidental personal use.
Prohibited activities
Offensive content, harassment, illegal use, password sharing and unauthorised software.
Security requirements
Passwords, multi-factor authentication, updates and reporting incidents.
Software & applications
Rules for installing, licensing and using software.
Personal use
Whether and how limited personal use is permitted.
Monitoring & privacy
What may be monitored and the employee's reasonable expectation of privacy.
Care & device return
Looking after equipment and returning it when employment ends.
Breach & acknowledgement
Consequences of misuse and employee sign-off.
Australian compliance considerations
What to get right for monitoring, privacy and data
Be transparent about monitoring
If you monitor employee computer, email or internet use, you generally need to tell staff first. In NSW the Workplace Surveillance Act requires written notice at least 14 days before monitoring begins, and other states have similar expectations. Spell out clearly what you monitor and why so the policy holds up.
Protect personal information
Company devices often hold personal information covered by the Privacy Act and the Australian Privacy Principles. Use least-privilege access, require strong passwords and define how data is stored and removed, especially when a device is reassigned or returned.
The device lifecycle
Issue & register
Assign the device, record it on an asset register and confirm the user has accepted the policy.
Secure
Apply passwords, encryption, updates and access controls before use.
Use & monitor
Acceptable use within agreed monitoring and privacy boundaries.
Return & wipe
Recover the device, back up and securely wipe data when employment ends.
Tie device return into your offboarding checklist so nothing is missed, and use an IT access form to track accounts and equipment as they are granted and revoked.
Breaches of an IT and device use policy can range from misuse of equipment to serious security incidents, so define proportionate consequences and follow a consistent process. For wider data controls, pair this policy with your information security policy. Authoritative guidance is available from the Office of the Australian Information Commissioner (OAIC) and the Australian Cyber Security Centre.
Who should use this template?
Any Australian business that issues IT equipment or accounts to staff
Especially useful for businesses with remote or field staff, shared devices, or sensitive customer data.
Compliance resources
Official guidance on privacy, surveillance and cyber security.
Manage your policies the easy way
RosterElf helps Australian businesses store policies, capture employee acknowledgements at onboarding and keep an audit trail — all in one place.
Related guides
Write and roll out workplace policies the right way
Related templates
Build out your technology & data framework
IT & device use policy FAQ
-
An acceptable use policy (AUP), also called an IT and device use policy, is a set of rules for how employees and contractors may use an organisation’s IT infrastructure — devices, accounts, software and networks. It protects data, manages security risk, and makes sure IT resources are used securely, ethically and legally by covering authorised access, prohibited activities, personal use, and monitoring.
-
Yes. This template is a solid starting point, but you should tailor it to your IT systems, security requirements and any industry regulations. It helps to review it with your IT or security lead, then store it and capture acknowledgements in your HR software so you can prove every worker has accepted it.
Before you download
General information only — not legal advice
This document is a general HR template provided for informational purposes only. It is not legal advice and may not reflect the latest changes in legislation or apply to every workplace situation. RosterElf Pty Ltd and the template provider accept no liability for any loss arising from reliance on this document. Users should seek independent legal advice and customise the template to ensure it complies with all relevant laws, awards and workplace requirements.