Resources Blogs The Tech Edge: Returning Acceptable Use Policies to HR and Why Collaboration with IT Matters

The Tech Edge: Returning Acceptable Use Policies to HR and Why Collaboration with IT Matters

author
calendar09/05/2025
clock 4 min read
feature image

book open Table of Contents

Working in tech for the past decade, I’ve seen countless “game-changing” innovations come and go, each promising to transform the way we work, only for organizations to stumble when it comes to real-world implementation. Regarding workplace policy, however, true revolution is more about who gets to write the rules, going beyond the tools that organizations use.

I was reminded of this in a Tech Edge episode with Lewis Eisen, policy drafting expert at Perfect Policies. As he shared sharp lessons about organizational governance, I didn’t expect how much our conversation would shift my thinking about who should own technology policy and why getting it right matters for everyone.

The Policy Tug-of-War: HR vs. IT

Lewis brought a fascinating historical perspective: When technology first entered the office – think telephones and typewriters – HR owned the rules. They decided whether you could use the phone for personal calls or type up a letter during your break. When computers became commonplace, IT stepped in, not because they were experts in conduct, but because HR wasn’t particularly computer literate at the time. Suddenly, IT was drafting acceptable use policies and regulating online behavior.

But here’s the catch, as Lewis explained: IT’s toolkit for discipline is limited. They can disconnect your account or threaten to do so, but they’re not exactly handing out demerits for bad behavior. Meanwhile, HR has a whole grid of consequences, from a gentle nudge to a formal warning.

Why the Split Matters

Lewis highlighted a major challenge: When HR manages offline behavior and IT manages online behavior, you end up with two sets of rules and a whole lot of inconsistency. Imagine a workplace where harassment is forbidden in emails but not in the hallway. Or where misrepresenting yourself online is a big no-no, but doing so in person flies under the radar.

Many acceptable use policies in IT aren’t really about technology — they’re about behavior. Harassment, misrepresentation, and business ethics apply everywhere, not just online. When these rules sit only in IT, organizations risk having gaps or overlaps that confuse employees and leaders alike.

What Should IT Really Own?

Lewis points out that IT’s mandate is not to control people, but to protect information and equipment. If someone’s actions threaten the integrity of your systems (installing unauthorized software, hogging resources, opening security holes), then IT should step in. That’s their turf.

But when it comes to broader conduct – harassment, misrepresentation, business ethics – those are business infractions, and outside IT’s domain. IT then takes the role of evidence gatherer: they monitor, document activity trail, and report. Enforcement belongs elsewhere.

The Power Struggle: Letting Go is Not Easy

Lewis acknowledges that having the power to create and enforce acceptable use policies gives IT a kind of organizational clout it’s never had before. Letting go of that power can be tough, especially when there’s fear that relinquishing control might lead to new risks or liabilities.

However, shifting conduct policies back to HR doesn’t mean that IT loses relevance. It means both teams get to focus on what they do best — HR on people, IT on technology.

How to Make the Transition

If your organization is ready to rethink who owns what, here are some practical steps:

  1. Audit Your Policies: Review HR’s rules and make sure they’re technology-agnostic. Add language to HR policies so conduct standards apply in all contexts, not just when using technology. For example, instead of limiting a rule to online behavior, make it clear that it applies regardless of technology use.
  2. Align Discipline Grids: Slot tech-related infractions into HR’s existing discipline framework. Don’t reinvent the wheel — just make sure every likely scenario is covered.
  3. Clarify IT’s Role: Position IT as the evidence gatherer, not the enforcer. Their job is to monitor, collect information, and report, not to hand out punishments.
  4. Fix Enforcement and Not Just Wording: Heavy-handed language (“it is forbidden” or “not tolerated”) often signals weak enforcement. Focus on building collaborative processes, not just tougher policies.

Writing Policies People Actually Follow

Lewis’s focus is not on policy readership, but on real compliance and meaningful adherence. The goal is to write rules that resonate, make sense, and feel fair. And remember, not every directive needs to be a formal policy. Sometimes, a clear expectation from leadership is enough.

Collaboration Over Control

Effective workplace policy is not about drawing hard lines between HR and IT — it’s about collaboration. When both teams work together, policies can better protect people and data, while minimizing confusion.

So, when debating policy ownership, ask: Is this about technology, or behavior? If the answer is unclear, bring HR and IT together for a focused discussion. Striving for collaboration and clarity helps ensure that policies remain relevant and effective. 

author

Alyssa Blackburn

As AvePoint's Global Program Manager for Information Management, Alyssa Blackburn is the person you want in your corner when navigating the digital maze, especially within the public sector. A globally recognised expert, she has a passion for transforming complex information challenges into powerful business assets.

For more than 20 years, Alyssa has partnered with organisations worldwide, including a strong focus on government agencies, helping them demystify data and information governance and unlock the incredible value hidden in their information. She combines deep industry knowledge with a friendly, practical approach that makes information management accessible to everyone.

A sought-after speaker and an award-winning author for publications like RIMPA IQ, Alyssa thrives on sharing her insights (she has been known to refer to herself as the "Chief Opinion Officer") and helping people rethink what's possible in the digital age. She continues to be a driving force behind AvePoint's leading information management solutions, guiding both the product's development and its successful implementation for clients across the globe.