RosterElf Logo
Start trial
FREE HR TEMPLATE Last updated 27 June 2026

IT & device use policy template

A free, ready-to-edit IT and device use policy — also known as an acceptable use policy (AUP) — for Australian workplaces. Set clear rules for company devices, security, personal use and monitoring to protect your data and equipment. No signup required.

IT & device use policy

PDF format • Ready to download

Acceptable & prohibited use
Security & data protection
Personal use & monitoring rules
Device issue & return process

By downloading, you agree to our template disclaimer

This IT and device use policy template reflects general Australian workplace and privacy standards at the time of publication and is provided as a general guide to adapt for your business and IT systems. It does not constitute legal, HR, or professional advice and should not be relied on as a substitute for advice specific to your business, workforce, or circumstances.

Why your business needs an IT & device use policy

An IT and device use policy — often called an acceptable use policy (AUP) — sets the rules for how your team uses company computers, phones, accounts and networks. It protects your data, manages security risk, and makes sure IT resources are used securely, ethically and legally.

Without clear rules, you risk security breaches, lost or damaged equipment, and inconsistent practices across the business. A documented policy sets expectations before problems arise, gives managers a fair basis to address misuse, and makes the device hand-back process clean when someone leaves. It pairs naturally with your BYOD policy for personal devices and your information security policy for wider data controls.

It applies to all employees, contractors and anyone who accesses company IT resources. Store the policy and capture acknowledgements in your HR software so you can show every worker has read and accepted it.

Employee working on a laptop with company IT equipment

What an IT & device use policy should cover

The essentials of a clear acceptable use framework

Acceptable use

What employees can and can't do with company devices, accounts and networks.

Prohibited activities

Offensive material, harassment, illegal activity and unauthorised access or software.

Security requirements

Strong passwords, screen locks, software updates and least-privilege access.

Data protection

Keeping company and customer data secure on every device.

Monitoring & privacy

What the business may monitor and how employee privacy is respected.

Issue & return

Assigning devices, an asset register, and returning equipment on exit.

What's included in this template

A complete acceptable use framework for company IT and devices

Purpose & scope

Why the policy exists and that it covers all IT resources, employees and contractors.

Policy statement

The organisation's commitment to secure, appropriate IT use.

Authorised use

Business use plus any permitted incidental personal use.

Prohibited activities

Offensive content, harassment, illegal use, password sharing and unauthorised software.

Security requirements

Passwords, multi-factor authentication, updates and reporting incidents.

Software & applications

Rules for installing, licensing and using software.

Personal use

Whether and how limited personal use is permitted.

Monitoring & privacy

What may be monitored and the employee's reasonable expectation of privacy.

Care & device return

Looking after equipment and returning it when employment ends.

Breach & acknowledgement

Consequences of misuse and employee sign-off.

Australian compliance considerations

What to get right for monitoring, privacy and data

Be transparent about monitoring

If you monitor employee computer, email or internet use, you generally need to tell staff first. In NSW the Workplace Surveillance Act requires written notice at least 14 days before monitoring begins, and other states have similar expectations. Spell out clearly what you monitor and why so the policy holds up.

Protect personal information

Company devices often hold personal information covered by the Privacy Act and the Australian Privacy Principles. Use least-privilege access, require strong passwords and define how data is stored and removed, especially when a device is reassigned or returned.

The device lifecycle

Issue & register

Assign the device, record it on an asset register and confirm the user has accepted the policy.

Secure

Apply passwords, encryption, updates and access controls before use.

Use & monitor

Acceptable use within agreed monitoring and privacy boundaries.

Return & wipe

Recover the device, back up and securely wipe data when employment ends.

Tie device return into your offboarding checklist so nothing is missed, and use an IT access form to track accounts and equipment as they are granted and revoked.

Breaches of an IT and device use policy can range from misuse of equipment to serious security incidents, so define proportionate consequences and follow a consistent process. For wider data controls, pair this policy with your information security policy. Authoritative guidance is available from the Office of the Australian Information Commissioner (OAIC) and the Australian Cyber Security Centre.

Who should use this template?

Any Australian business that issues IT equipment or accounts to staff

Especially useful for businesses with remote or field staff, shared devices, or sensitive customer data.

Compliance resources

Official guidance on privacy, surveillance and cyber security.

Manage your policies the easy way

RosterElf helps Australian businesses store policies, capture employee acknowledgements at onboarding and keep an audit trail — all in one place.

Start free trial See HR software
FAQ

IT & device use policy FAQ

  • An acceptable use policy (AUP), also called an IT and device use policy, is a set of rules for how employees and contractors may use an organisation’s IT infrastructure — devices, accounts, software and networks. It protects data, manages security risk, and makes sure IT resources are used securely, ethically and legally by covering authorised access, prohibited activities, personal use, and monitoring.

  • Yes. This template is a solid starting point, but you should tailor it to your IT systems, security requirements and any industry regulations. It helps to review it with your IT or security lead, then store it and capture acknowledgements in your HR software so you can prove every worker has accepted it.