Policies

Eligibility and Enrollment: Defines which employees (e.g., full-time, part-time) are eligible for company benefits and the process/deadlines for enrollment (e.g., 30 days from hire date, annual open enrollment).

Health and Welfare: Details provided medical, dental, and vision insurance options, including premium contribution amounts and coordination with government programs.

Retirement Savings: Information on the company-sponsored retirement plan (e.g., 401(k), pension), including eligibility, contribution limits, and matching formulas.

Other Insurances: Outlines life insurance, short-term disability (STD), and long-term disability (LTD) coverage and costs.

Continuation of Coverage (e.g., COBRA): Explains the rights and procedures for continuing health coverage after employment ends.

Emergency Contact and Notification: Requires employees to maintain up-to-date emergency contact information and outlines procedures for mass notification during a crisis (e.g., text, email).

Evacuation and Shelter-in-Place: Provides detailed floor plans, designated assembly areas, and specific procedures for various emergencies (fire, severe weather, medical).

Workplace Violence Prevention: Zero-tolerance policy prohibiting threats and violence, with a clear process for reporting concerning behavior anonymously.

Accident Reporting: Mandates immediate reporting of all work-related injuries or illnesses to a supervisor and/or $\text{HR}$, regardless of severity.

Safety Compliance: Commits the company to following all relevant occupational safety and health regulations, including the use of required Personal Protective Equipment ($\text{PPE}$).

Vacation/Paid Time Off: Specifies the accrual rate (or lump sum grant), maximum carryover limits, and procedures for requesting and approving time off.

Sick Leave: Defines the amount of paid sick time available and the appropriate use (personal illness, caring for a family member).

Holiday Schedule: Lists the specific paid holidays observed by the company each year.

Leave of Absence: Outlines eligibility and procedures for extended unpaid leaves, such as Family and Medical Leave Act ($\text{FMLA}$) or military leave.

Bereavement/Jury Duty: Details the amount of paid or unpaid time provided for the death of a family member or civic duties.

Acceptable Use Policy: Defines what constitutes appropriate and inappropriate use of company technology, networks, and internet access.

Data Security and Confidentiality: Establishes guidelines for handling and protecting sensitive company, customer, or employee data ($\text{PII}$), including rules on password strength and sharing.

Email and Internet Monitoring: Informs employees that company devices, email, and internet activity are subject to monitoring and audit.

Remote Access/VPN: Specifies security requirements and procedures for employees accessing the company network from outside the office.

Software Licensing and Installation: Prohibits the unauthorized downloading or installation of software on company devices and requires compliance with all licensing agreements.

Tuition Reimbursement: Outlines eligibility criteria (e.g., employee performance, relevance to the job), maximum financial limits, and required commitment/payback agreements.

Training and Certification Support: Details company support (time off, funding) for attending job-specific training, workshops, conferences, or obtaining professional certifications.

Performance Management: Defines the formal process for regular performance reviews, goal setting, and career development planning.

Mentorship Programs: Establishes guidelines for formal or informal mentorship programs available to employees.

Internal Mobility: Outlines the process and requirements for employees to apply for or transfer into open positions within the company.

I. Acceptable Use of Company Technology

• Authorized Use Only: All company-provided hardware, software, network access, and communication tools are intended solely for business purposes. Limited, incidental personal use may be permitted if it does not interfere with job duties or violate other policies.

• Prohibited Activities: Employees must not use company resources to access, store, or transmit content that is illegal, harassing, discriminatory, sexually explicit, or involves commercial or political solicitation.

• No Tampering/Bypassing: Employees are prohibited from attempting to bypass security measures (e.g., firewalls, content filters), disabling anti-virus software, or installing unauthorized programs.

• Monitoring and Audit: Employees must be aware that the company reserves the right to monitor, intercept, and review all data, communications (email, chat), and internet activity conducted on or transmitted through company systems.
  
  

II. Device Management and Security (Company-Owned Devices)

• Asset Accountability: Employees are responsible for the proper care and physical security of all assigned company devices (laptops, phones, tablets) and must report lost or stolen items immediately.

• Password/Access Control: Strong, unique passwords must be used for all devices and applications, and employees must never share login credentials. Passwords must be changed regularly, as dictated by $\text{IT}$ policy.

• Data Backup: Employees are required to ensure critical work data is stored on designated company servers or cloud services, not solely on the local device drive.

• Software Compliance: Only authorized, properly licensed software may be used. Employees must not download or install software from external or unverified sources.
  
  

III. Bring Your Own Device ($\text{BYOD}$) Policy

• Enrollment and Security: If personal devices (e.g., smartphones, tablets) are permitted for work use, they must be enrolled in the company's mobile device management ($\text{MDM}$) system to enforce security standards.

• Data Isolation: Company data accessed on a $\text{BYOD}$ device must be stored and handled within secure, encrypted containers or approved company apps, separate from personal data.

• Remote Wipe Consent: Employees using $\text{BYOD}$ must consent to the company's right to remotely wipe all company data from the device in the event of termination, loss, or security breach. This action should not affect personal data unless data isolation fails.

• No Compensation for Usage: The company is typically not responsible for the costs associated with the personal device (e.g., maintenance, data plan, upgrades).
  
  

IV. Data and Information Handling

• Confidentiality: All company, customer, and employee data (especially Personally Identifiable Information, or $\text{PII}$) must be treated as confidential and shared only on a "need-to-know" basis.

• Storage and Transmission: Sensitive data must be encrypted when stored or transmitted outside of the secure company network.

• Clean Desk/Screen Policy: Employees should lock their computers when stepping away from their desk and secure physical documents to prevent unauthorized access.

• External Media: The use of unapproved external storage devices (e.g., personal $\text{USB}$ drives) is generally prohibited or heavily restricted to prevent malware introduction or unauthorized data removal.