Understanding the Basics: Company Policies and Procedures Examples

Why Every HR Team Needs a Policy Framework

SHRM's 2022 Employee Benefits Survey found that organizations with clearly documented policies experience up to 30% fewer workplace disputes. That's not a marginal improvement. It's the difference between an HR team that spends its days firefighting and one that operates strategically. Yet many organizations still treat policies and procedures as bureaucratic overhead, something to check off a list rather than a living framework that protects the business and empowers employees.

Before we go further, let's clarify a distinction that even seasoned HR professionals sometimes blur. Policies define the "what" and "why," the guiding principles that set expectations. Procedures define the "how," the step-by-step processes for executing those policies consistently. A policy says "we don't tolerate harassment." A procedure spells out exactly how an employee reports it, who investigates, and what timelines apply. You need both, and they need to work together.

This article provides concrete, usable examples of common company policies and procedures, grounded in compliance context and real-world application. Whether you're building a framework from scratch or auditing what you already have, you'll walk away with actionable guidance you can put to work immediately. For additional policy templates and resources, SHRM's policy toolkit is a valuable companion reference.

Consistency, Risk Mitigation, and Culture

Consistency and standardization. According to McKinsey & Company research on operational excellence, organizations with standardized processes are 1.5 times more likely to report above-median financial performance. Policies create the guardrails that ensure equitable treatment across departments, locations, and management styles. Without them, you're relying on individual managers to interpret expectations on the fly, and that's a recipe for inconsistency, favoritism claims, and legal exposure.

Legal risk reduction. According to the EEOC's harassment guidance, the agency received 81,055 charges of workplace discrimination in FY 2023 and recovered over $665 million for victims. Having well-documented, consistently enforced policies is a key element of an employer's affirmative defense in harassment and discrimination claims, as established in the landmark Faragher v. City of Boca Raton and Burlington Industries v. Ellerth Supreme Court decisions. In practical terms, if you can't show that you had a policy, communicated it, and enforced it, your legal position weakens dramatically.

Culture and engagement. Gallup's State of the Global Workplace report found that only 23% of employees worldwide are engaged at work. Clear policies contribute to psychological safety and trust, two foundational elements of engagement. When employees understand the rules, know they'll be applied fairly, and trust that there's a process for raising concerns, they're far more likely to bring their best work every day.

Common Company Policy Examples

Equal Employment Opportunity (EEO) Policy

An EEO policy is the bedrock of your compliance framework. It must reference the key federal statutes: Title VII of the Civil Rights Act of 1964, the Americans with Disabilities Act (ADA), the Age Discrimination in Employment Act (ADEA), and the Genetic Information Nondiscrimination Act (GINA). The EEOC's small business guidance recommends that employers with 15 or more employees (20 or more for ADEA coverage) maintain a written EEO policy.

Your policy language should explicitly affirm the organization's commitment to non-discrimination in hiring, promotion, compensation, training, and termination. Don't just list protected classes. State clearly that employment decisions are based on qualifications, merit, and business needs. Also be aware that state laws often expand federal protections. California's Fair Employment and Housing Act (FEHA), for example, covers employers with five or more employees and includes additional protected classes such as marital status, gender identity, and military/veteran status. If you operate in multiple states, your EEO policy needs to account for the broadest applicable protections.

Anti-Harassment and Anti-Discrimination Policy

EEOC guidance is specific about what makes an anti-harassment policy effective: a clear definition of prohibited conduct, multiple reporting channels (not just one supervisor), assurance of non-retaliation, and a prompt, thorough investigation process. Your policy should cover all forms of harassment based on protected characteristics, not just sexual harassment. Racial harassment, religious harassment, disability-based harassment, and harassment based on age or national origin all fall under the same legal umbrella.

Practically speaking, provide at least two or three reporting paths. An employee who's being harassed by their direct manager won't report to that manager. Offer options like HR, a skip-level leader, an ethics hotline, or an anonymous reporting tool. Include explicit language that retaliation against anyone who reports in good faith or participates in an investigation is itself a terminable offense. The ECI's 2023 Global Business Ethics Survey found that pressure to compromise ethical standards rose to 30% of employees, the highest in over a decade. That makes robust reporting protections more important than ever.

Code of Conduct and Ethics Policy

Your code of conduct sets the behavioral expectations that shape company culture. It should address conflicts of interest (requiring disclosure when personal financial interests could influence business decisions), gifts and entertainment (with specific dollar thresholds, such as a $50 or $100 limit), confidentiality obligations, and social media conduct. Many organizations also include guidance on political activity, outside employment, and relationships with competitors.

The key to an effective code of conduct is specificity. "Act with integrity" is a nice sentiment, but it doesn't tell an employee whether they can accept a $200 dinner from a vendor. Provide concrete examples and scenarios. State clearly what's acceptable, what requires approval, and what's prohibited. And make sure leadership visibly adheres to the same standards. Nothing undermines a code of conduct faster than a C-suite that treats it as optional.

Workplace Safety Policy

OSHA's General Duty Clause (Section 5(a)(1) of the OSH Act of 1970) requires employers to provide a workplace free from recognized hazards that are causing or likely to cause death or serious physical harm. Bureau of Labor Statistics data shows there were 5,486 fatal workplace injuries in 2022. Even in office environments, safety policies matter. Your policy should cover hazard communication, personal protective equipment (PPE) requirements where applicable, incident reporting procedures, and ergonomic guidelines for workstation setup.

Don't overlook the procedural side. Employees need to know exactly how to report a safety concern or near-miss, who to contact in an emergency, and where to find first aid supplies. For organizations with field workers, warehouse staff, or manufacturing operations, the policy should also address lockout/tagout procedures, fall protection, and heat illness prevention. Regular safety training and documented inspections aren't just best practice. They're your evidence of compliance if OSHA comes knocking.

Attendance, Punctuality, and Remote Work Policy

Attendance policies seem straightforward until they collide with federal law. Any attendance or punctuality policy must include exceptions for FMLA-qualifying leave for employers with 50 or more employees within a 75-mile radius. It should also account for ADA reasonable accommodations (such as modified schedules for employees with disabilities) and state-specific leave laws like California's Paid Family Leave or New York's Paid Family Leave.

For hybrid and remote work arrangements, define expectations clearly. Specify core working hours, notification timelines for absences, documentation requirements for extended leave, and the process for requesting schedule changes. With remote work now a permanent fixture for many organizations, your policy should also address workspace requirements, equipment provisions, and how performance will be measured for remote employees. Consider including guidelines around time zone expectations, communication response times, and eligibility criteria for remote or hybrid arrangements so that managers apply the policy consistently across teams.

Confidentiality and Data Protection Policy

This policy should reference the Defend Trade Secrets Act (DTSA) of 2016 at the federal level and applicable state laws like the California Consumer Privacy Act (CCPA/CPRA). Outline employee obligations regarding proprietary information, client data, and electronic records both during and after employment. Include specific provisions about what happens to company data on personal devices, how employees should handle sensitive documents, and the consequences of unauthorized disclosure. With IBM's 2023 Cost of a Data Breach Report pegging the average breach cost at $4.45 million globally, this isn't a policy you can afford to leave vague.

Be sure to address practical scenarios employees encounter daily. For example, specify whether employees may use personal email to send work documents, how to handle confidential information when working from a public location, and what steps to take if a company device is lost or stolen. Clearly define data retention and destruction timelines so employees understand when and how to dispose of records that are no longer needed. These details transform a generic confidentiality statement into a policy employees can actually follow.

Key Company Procedure Examples

Employee Onboarding Procedure

According to SHRM, organizations with a structured onboarding process experience 50% greater new-hire retention. A solid onboarding procedure follows a clear sequence: offer letter and pre-boarding paperwork (tax forms, benefits elections, emergency contacts), Day 1 orientation (policy acknowledgment, IT setup, workspace tour, team introductions), a structured 30/60/90-day check-in cadence, and a formal probationary review.

The policy acknowledgment step is critical. Every new hire should review and sign off on key policies, including your EEO policy, anti-harassment policy, code of conduct, and confidentiality agreement. Digital employee handbook platforms like AirMason allow HR teams to distribute policies during onboarding with built-in electronic signature tracking, automatic reminders, and a full audit trail (timestamp and IP address). This eliminates the paper chase and gives you defensible proof that employees received and acknowledged your policies.

Progressive Discipline Procedure

A typical progressive discipline procedure follows this sequence: verbal warning (documented in writing), written warning, final written warning or performance improvement plan (PIP), and termination. Documentation at every stage is non-negotiable. It's your primary defense against wrongful termination claims. Note that at-will employment, applicable in 49 states (Montana is the exception under the Montana Wrongful Discharge from Employment Act), does not eliminate the need for consistent procedures. Inconsistent application of discipline is one of the fastest paths to a discrimination claim.

When documenting each step, include the date of the conversation, the specific behavior or performance issue observed, the expected standard, the corrective action agreed upon, and the timeline for improvement. Have the employee sign the documentation to confirm receipt, even if they disagree with the content. If an employee refuses to sign, note the refusal and have a witness present. This level of documentation rigor may feel burdensome in the moment, but it becomes invaluable if the matter escalates to litigation or an agency complaint.

IT Security and Acceptable Use Procedure

Reference the National Institute of Standards and Technology (NIST) Cybersecurity Framework as your best-practice benchmark. Your procedure should cover password requirements (minimum length, complexity, rotation), VPN usage for remote access, approved software lists, incident response steps (who to contact, how to preserve evidence), and BYOD rules. Be specific about what monitoring the company performs on company-owned devices and networks, as employees have a right to know.

Include clear escalation paths for suspected security incidents. For example, if an employee clicks a suspicious link or notices unusual activity on their account, they should know to immediately contact the IT security team (provide a specific email address or phone number), refrain from attempting to fix the issue themselves, and preserve any evidence such as screenshots or email headers. Regularly scheduled phishing simulations and cybersecurity awareness training reinforce these procedures and help reduce the human error that accounts for the majority of data breaches.

Regulatory Considerations: A Compliance Checklist

Federal and State Laws HR Professionals Must Know

The following table summarizes the key federal statutes that intersect with your company policies. Use it as a quick-reference checklist when auditing your policy framework.

Don't forget the NLRA angle. The National Labor Relations Board has scrutinized workplace policies, including social media policies, confidentiality clauses, and even civility rules, for language that could discourage employees from exercising their right to discuss wages, working conditions, or organize. Even non-union employers are subject to the NLRA. Have legal counsel review any policy that restricts employee communication.

Frequently Asked Questions

Q: How often should company policies and procedures be reviewed and updated in an employee handbook?

A: At minimum, conduct a full policy audit annually, ideally timed before the start of a new fiscal or calendar year. However, you should also trigger reviews whenever there's a significant legal change (new state law, updated EEOC guidance, court ruling), an organizational shift (merger, new state of operations, remote work expansion), or after an incident that exposes a gap. Platforms like AirMason offer AI-powered policy update alerts reviewed by SHRM-certified HR legal professionals, which can help you stay ahead of changes without relying solely on annual reviews.

Q: Can an at-will employer skip progressive discipline and terminate immediately?

A: Legally, yes, in most cases. At-will employment allows termination for any lawful reason. However, if your employee handbook or policy documents describe a progressive discipline process, employees (and courts) may argue that you've created an implied contract. The bigger risk is inconsistency. If you use progressive discipline for some employees but not others in similar situations, you're exposed to discrimination claims. Either follow your documented procedure consistently or include clear at-will disclaimers stating that the company reserves the right to skip steps based on the severity of the offense.

Q: How should multi-state employers handle conflicting state and federal policy requirements in their employee handbook?

A: The safest approach is to draft a core set of federal policies that apply company-wide, then create state-specific addenda or supplements for jurisdictions with additional requirements. For example, your base attendance policy should reference FMLA, but a California supplement would add CFRA, PDL, and paid sick leave provisions. Using employee groups within your handbook platform allows you to distribute the right policies to the right employees based on location, reducing confusion and compliance risk.

Q: What's the minimum set of policies a small employer (under 50 employees) should have documented?

A: Even if you're below the FMLA threshold, you still need an EEO policy (required for employers with 15+ employees under Title VII), an anti-harassment policy with reporting procedures, an at-will employment statement, a workplace safety policy (OSHA applies to nearly all private employers), and a confidentiality/data protection policy. Add a code of conduct, attendance policy, and PTO policy to round out the essentials. As you grow past 50 employees, you'll need to layer in FMLA leave provisions, ACA compliance documentation, and potentially affirmative action plans if you become a federal contractor.

Q: How do you ensure employees actually read and understand company policies rather than just signing an acknowledgment?

A: Signature collection is necessary but not sufficient. Pair it with onboarding walkthroughs where a manager or HR representative discusses key policies in plain language. Use scenario-based training (e.g., "What would you do if...") rather than just reading policies aloud. Some organizations quiz employees on critical policies like anti-harassment or safety procedures. Digital handbook platforms that track read time and engagement metrics can also help you identify which sections employees are skipping, so you can target those areas in training sessions.