How to create a Corporate IT Charter?

Implementation of an IT Charter in a company makes it possible to set rules for the use of IT equipment by employees, but also provides for penalties in case of violation of these rules. Its implementation has also been recommended by the National Commission for Computing and Liberties (CNIL).

Usually integrated into the company’s internal rules (or added as an annex to these rules), the IT charter can also be integrated into the employment contract (although the first solution is preferred).

In this article, let’s find out why to create an IT charter, as well as 10 essential points when writing this document.

needed Developer & nbsp?
Webmaster & nbsp?
Editor & nbsp?

Submit your project on for free, get 15 quotes and choose the ideal service provider.

find a provider

Why Create an IT Charter?

Before giving you the essential points that should appear in your charter, take a look at the importance of the latter to your business!

The IT Charter serves as a reference document for your teams

The IT Charter is the first defense in protecting your data. Employees, contractors, partners and supervisors may refer to this document to limit threats, breaches and data loss.

It defines the framework for using the IT tools provided to employees and freelancers. You will find, in particular, the operating modes of CRM, ERP, messaging applications and other internal software.

The IT Charter also defines the measures to be taken for the management and processing of data.

For the employee, this is a useful resource! He does not need to constantly refer to the CIO (Director of IT and/or Information Systems) to solve certain problems. This can improve its productivity as well as the productivity of your IT managers.

IT Charter defines the barriers between personal and professional life

This document sets out the conditions for access to computer terminals, as well as limits on use for personal purposes. Similarly, this Charter describes the terms of use of social networks (and the Internet in general) in a professional context.

Its purpose is to prevent personal and business data from being confused, or that employees reveal sensitive information on social networks.

The IT charter should also include sanctions in case of non-compliance with established rules. For this purpose, it has legal significance.

IT Charter inspires better use of IT tools

Depending on your business, IT infrastructure can focus most of your business budget. With a clearly defined charter, you can optimize the use of your equipment.

Employees know how to use your software effectively to maximize value. Thus, you are saved from unexpected maintenance or repair expenses.

IT charter strengthens cyber security

Strengthening cyber security is a core asset of the IT Charter! Data leaks and hacking can be very costly for a business. And contrary to popular belief, it’s not just big corporations that attract hackers!

43% of cyber attacks affect SMEs and 60% of affected small businesses file for bankruptcy within 6 months. Human error is the cause of data leaks in 95% of cases.

It is therefore important to make your employees aware of good cyber security practices. It starts with the IT Charter. Clear and well-written policies can go a long way in mitigating these risks.

For example, you can set limits on the use of personal computing tools or define a password policy within your company. Don’t forget to remember the basic rules in terms of malware protection: avoid opening attachments from strangers, call your manager when in doubt, don’t write your credentials on a sticky note, use strong pass words, etc.

10 points to integrate into your IT charter

Now that you know the value of an IT charter, it’s time to start building it. Here are 10 elements to integrate:

1. Use of Personal Equipment

The use of personal devices (computer, telephone, etc.) by the employee within the framework of his work is a delicate point.

In fact, such practices are dangerous to the security of company data, but also to the dignity of employee personal information.

While it is better to ban the use of personal devices altogether, another solution is to set up an “airtight” space on the employee’s equipment, in which data and applications for business use will be stored.

This allows the company to take control of the worker’s activities without having access to all of their data.

2. Means of Monitoring

Monitoring of employees’ activities by the employer is subject to certain limitations that must be known.

First, if it is possible to access the employee’s connections, files, and personal email, this can only be done in his presence.

The use of an e-mail control device or even Internet activities is permitted provided:

  • To consult with employees’ representatives;
  • notifying employees in advance;
  • To make an announcement to CNIL.

3. Use of Electronic Mail

The use of email within the company should also be regulated within the framework of the IT Charter.

In particular, this may include respecting privacy measures (for example, never mentioning certain sensitive information by email).

This may also be to limit the size of attachments that can be received or sent by email.

With regard to the use of professional e-mail for personal purposes, it is not prohibited.

However, the employee must clearly identify the personal emails (otherwise, they will be considered professional and the employer will have the right to consult them). To do this, for example, he can create a dedicated directory in his mailbox.

4. Internet access for personal use

In principle, access to the Internet for personal purposes in a professional context is tolerated within reasonable limits.

However, the IT Charter may provide a list of sites (or categories of sites) that employees are not entitled to visit.

It may also prohibit the downloading of certain files.

5. Possible Sanctions

The IT Charter may provide for applicable penalties for non-compliance with the prescribed rules. However, these should not be contrary to the law (particularly the Labor Code) and should not be excessive.

Dismissal is a potential sanction, disregard and non-compliance with the IT Charter may constitute serious misconduct.

6. Rules for creating and managing passwords

Very important point! The IT charter should integrate training and awareness on the importance of choosing a strong password. Consider including rules for creating and changing passwords.

This document should also include specific requirements for password complexity and length. It should educate employees about the risks of using a simple word or personal information.

7. Remote Access

In the context of popularization of telecommunications, the IT Charter should define a framework. It helps to reduce the risk of hacking or spying.

Therefore the IT Charter should include provisions relating to the sending or receiving of email and the use of intranet resources. The company may require the traveling employee to have VPN access, the installation of anti-malware software, and the use of a recent operating system.

For example, employees should not:

  • engage in illegal activities on their remote access
  • Let unauthorized users access your work equipment
  • Connect personal tools to business tools

The IT charter should prohibit connecting to other networks when disconnecting and connecting to internal networks when leaving your device alone.

This document may also include Wi-Fi connection rules, especially for employees who travel regularly. The latter, who have to connect to public Wi-Fi, should be made aware of good practices to secure their connections.

8. A Crisis Management Policy

Crisis management policy should be part of the IT charter. It describes the company’s response to a cyber security incident.

It should detail the role of each team member, the means and resources used to identify and recover tampered data. The steps in incident response are as follows:

  • preparation
  • Recognizance
  • prevention
  • Destruction
  • health benefit
  • post event

Purpose of this policy? Encourage employee feedback by educating them on procedures to follow in the event of a data breach or security breach risk.

9. Maintenance of Computer Systems

Like all equipment, computer systems require regular maintenance. To reduce downtime and costs associated with hardware and software failure, include regular maintenance schedules and procedures in your charter.

  • When and how will IT maintenance happen?
  • How will employees be notified?
  • What types of service interruptions can be avoided?

Thus, your employees will be able to estimate these periods.

10. Signatures of the employees of the company

An IT charter is not complete until employees decide to sign it. This shows that they have read the written information, that they agree to it and that they will abide by the rules. Their vigil has been increased.

This signature also gives legal importance to the document. Once approved, they will have no choice but to implement the rules set out in the charter.


Keep these things in mind while writing this important document. To help you out, you can also download this Model IT Charter offered by CNIL.

Need help managing your business IT systems? Find a Freelance IT Service Provider at

Related Stories


Zen by LegalStart: An anti-scam shield for entrepreneurs

Created almost ten years ago with the aim of simplifying and digitizing the legal...

social network, an opportunity

Social networks have invaded our world. Facebook, Twitter, LinkedIn, YouTube, Pinterest, Instagram... and...

Self-employment in France: revival of activities and income

At the end of 2021, France will have no less than 3.9 million self-employed...

fundraising fashion

Fundraising has become a major trend in the business world. Whether promising startups,...

Ten Mistakes Entrepreneurs Shouldn’t Make

Almost every day, we learn that new laws are coming,...

Which tools for more efficient management?

There are many responsibilities involved in managing a DSI (Department of Computer Services). ...

Popular Categories



Please enter your comment!
Please enter your name here