Cyber Security Policy

A Cyber Security Policy is a document used by an employer or organisation, to outline their protocols, standards, and procedures for employees, contractors, consultants and other workers (which we'll just refer to as "employees") to follow in relation to cyber security, both during work hours and in their personal time.

In this Cyber Security Policy, the employer communicates the expectations and requirements of employees with regard to maintaining cyber security. This includes areas such as how and where to access their work devices outside the workplace, the correct storage of devices when not in use, the appropriate handling of sensitive data, reporting a loss or theft of a work device, procedures for system updates, measures to protect data on devices, security when using social media and email, minimum requirements for passwords and restrictions on the use of removable devices.

Similar to other employer policies, Cyber Security Policies do not require approval from employees. These policies serve as a point of reference detailing the employer's standard procedures and guidelines. While they are not generally contractually binding, they do provide a clear understanding of the employer's general rules, procedures, and expectations related to cyber security. Therefore, if there are specific matters of importance that should be legally binding on the employee (such as specific job duties, confidentiality obligations, or conflict of interest obligations), these should be addressed in a legally binding document like an Employment Agreement, a Confidentiality Agreement, or a Non-Compete Agreement.

Along with a Cyber Security Policy, employers often have other documents dealing with various employment-related matters. We offer a number of these documents for download, including an Employee Handbook, Social Media Policy, Drug and Alcohol Policy, Workplace Health and Safety Policy and a Discrimination Policy, all of which can complement the Cyber Security Policy.

How to use this document

This document should be used by an employer wishing to establish rules concerning employee cyber security practices. The employer can input their relevant details at the beginning of the document and select options throughout the document to adapt it to their particular circumstances.

The employer must ensure the document truly represents their actual approach to these matters. The Australian Government's Business website provides useful guidance about cyber security. If in doubt, seek professional advice from lawyers and/or IT professionals.

Once completed, the document can be made available to employees. It may be provided to new employees when they first start, or distributed to existing employees to inform them of the employer's updated cyber security approach.

It is critical that the Policy's details are effectively communicated to employees, and they understand what is expected of them. This can be achieved by sending a Letter to Employees About New or Updated Workplace Policies.

Some employers may require employees to sign the document, confirming they have read and understood it. Signed copies can be kept on file. This document includes an option to incorporate space for the employee's signature.

Some employers also opt to reference this Policy within the Employment Contract.

Applicable law

Cyber Security Policies may be influenced by various Australian laws. These include but are not limited to:

• Privacy Act 1988 (Commonwealth)
• Crimes Act 1914 (Commonwealth)
• Cybercrime Act 2001 (Commonwealth)
• Telecommunications (Interception and Access) Act 1979 (Commonwealth)
• State and Territory legislation related to criminal law and law enforcement

In addition, the Fair Work Act 2009 (Commonwealth) deals with other employment matters such as unfair dismissal.

Ordinary principles of contract law, as provided by the common law, may also apply to the general terms of the employee's employment.

How to modify the template

You fill out a form. The document is created before your eyes as you respond to the questions.

At the end, you receive it in Word and PDF formats. You can modify it and reuse it.