Sample IT acceptable use policy

Note: This sample policy has been provided by Imagine Canada.


Imagine Canada is committed to the values of Accountability and Drive. Imagine Canada’s information technology (IT) is a key resource for managing information, communication, and process. Our employees and partners expect our system to be secure and to maintain information which is considered private or confidential. As well, it is critical to ensure continuity of system resources and protect against disruptions or breaches which may affect operations or data privacy.


The use of IT supports the mission, values, and operations of Imagine Canada. IT resources are provided to enable employees, volunteers, and charities across Canada to fulfill their missions and provide services. Employees are expected to use these resources responsibly, ethically, and within the law, without affecting the ability of others to use these resources or compromise system security or privacy.

When using Imagine Canada IT, whether for work or personal use, employees and volunteers will:

  • Ensure at all times that the security of all IT systems is of paramount consideration and concern (for example, exercising an abundance of caution in opening attachments or clicking on uncertain links).
  • Ensure that any personal use of IT does not conflict with or constrain the availability of Imagine Canada resources for work purposes (for example, streaming personal videos to the detriment of network bandwidth and responsiveness).
  • Respect copyright and intellectual property rights.
  • Not use IT to do anything that is a violation of the rights of others, such as displaying or distributing obscene, harassing, defamatory, or discriminatory material or messages.
  • Not use IT for any activities or actions which are illegal or do not comply with Canadian or provincial legislation.

Employees and volunteers will immediately report known or suspected security risks, and take all reasonable or directed steps to prevent or mitigate any damage or breach of privacy or security of any IT systems.

Imagine Canada reserves the right to suspend an employee’s access to IT, remove material not in keeping with the organization’s mission and values, or take any other appropriate action to maintain the operational integrity of the IT systems, and the data it contains.

Imagine Canada reserves the right to monitor or share the contents of its IT systems when it believes reasonable action is necessary, including, but not limited to:

  • When emergency information is required.
  • Compliance with law and a valid legal process.
  • Ensuring compliance with this policy.

Imagine Canada does not routinely monitor employees’ use of IT resources for purposes of assessing employee productivity or other performance indicators.


Information technology (IT): Imagine Canada’s networks, hardware, software and data storage and the management systems that apply to them. This includes cloud services, cell phones, and any other electronic devices and services which hold or transmit data for the organization.


Leadership Council

  • The Leadership Council approves this policy.
  • It also ensures training is available for employees to educate them on the policy and proper usage.


  • Supervisors should make employees aware of the policy, particularly those who handle confidential information.
  • If supervisors are aware of a risk to Imagine Canada’s IT systems, they should immediately report it to the VP, Finance & Operations.


  • Employees are expected to follow this policy, and ensure the safety and security of IT systems whenever possible.
  • Employees must report any risks to the IT systems to their manager or a member of the Leadership Council.


Investigations of any breach of this policy will be directed to the Internal Complaints Policy. If an employee is unsure how to handle a situation, they should speak to their supervisor or the VP, Finance & Operations for guidance.


Reference any other policies, documents, or legislation that support the interpretation of this policy.

Effective Date

Indicate the date the policy came into effect and the date of any revisions.

Review Date

Indicate the date the policy is due to be reviewed. This will vary based upon the policy.


Indicate who approved the policy and the date of approval (for example, the board, the human resources policy committee, the executive director).


Visit our article on Drafting an HR Policy to learn more about developing HR policies.


Important: This document is an example of a policy for a small to medium-size nonprofit organization operating in Canada. While certain assumptions have been made in the creation of this policy, it is your responsibility to adapt, modify, and customize the document to suit the particular needs of your organization.

The content of this sample policy is provided for information purposes only. No legal liability or other responsibility is accepted by or on behalf of HR Intervals, Imagine Canada, or its partners for any errors, omissions, or statements made within this document. HR Intervals, Imagine Canada, and its partners accept no responsibility for any loss, damage or inconvenience caused as a result of reliance on such information.

Was this article helpful?
3 out of 3 found this helpful