Policy Acknowledgement Sign-off Form
| Property | Value |
|---|---|
| Document ID | TPL-002 |
| Version | 1.0 |
| Status | Draft |
| Owner | Human Resources |
| Last Updated | 2026-01-11 |
| Next Review | 2027-01-11 |
| Related Controls | SOC 2: CC1.4, CC2.2 / ISO 27001: A.6.2, A.6.3 |
1. Purpose
This form documents employee acknowledgement and acceptance of organizational security policies. Signed acknowledgements demonstrate that personnel have received, read, and understood their security responsibilities.
2. When to Use
| Occasion | Required |
|---|---|
| New hire onboarding | Yes |
| Annual policy refresh | Yes |
| Major policy updates | Yes |
| Role change (significant) | As appropriate |
| After security incidents | As directed |
3. Policy Acknowledgement Form
Section A: Employee Information
| Field | Value |
|---|---|
| Employee Name | _________________________________ |
| Employee ID | _________________________________ |
| Department | _________________________________ |
| Job Title | _________________________________ |
| Manager Name | _________________________________ |
| Start Date | _________________________________ |
| Date of Acknowledgement | _________________________________ |
Section B: Policies Acknowledged
I acknowledge that I have received, read, and understood the following policies:
| # | Policy | Document ID | Acknowledged |
|---|---|---|---|
| 1 | Information Security Policy | POL-001 | ☐ |
| 2 | Access Control Policy | POL-002 | ☐ |
| 3 | Password & Authentication Policy | POL-003 | ☐ |
| 4 | Encryption & Key Management Policy | POL-004 | ☐ |
| 5 | Data Classification & Handling Policy | POL-005 | ☐ |
| 6 | Change Management Policy | POL-006 | ☐ |
| 7 | Logging & Monitoring Policy | POL-007 | ☐ |
| 8 | Incident Response Policy | POL-008 | ☐ |
| 9 | Backup & Recovery Policy | POL-009 | ☐ |
| 10 | Third-Party/Vendor Security Policy | POL-010 | ☐ |
| 11 | Acceptable Use Policy | [If applicable] | ☐ |
| 12 | Remote Work Policy | [If applicable] | ☐ |
Section C: Acknowledgement Statement
By signing below, I acknowledge and agree to the following:
I have received and read the security policies listed above and understand their contents.
I understand that these policies establish requirements for protecting company information and systems, and that compliance is a condition of my employment.
I agree to comply with all security policies, standards, and procedures, and to report any suspected security incidents or policy violations.
I understand that I am responsible for:
- Protecting company data and systems
- Using strong, unique passwords and enabling MFA
- Reporting security incidents or concerns immediately
- Completing required security training
- Not sharing credentials or access with unauthorized persons
- Following data handling and classification requirements
- Complying with acceptable use guidelines
I understand that violation of security policies may result in:
- Disciplinary action, up to and including termination
- Civil or criminal liability, where applicable
- Revocation of access privileges
I understand that security policies are subject to change, and I am responsible for staying informed of updates.
Section D: Signature
| Field | Value |
|---|---|
| Employee Signature | _________________________________ |
| Print Name | _________________________________ |
| Date | _________________________________ |
Section E: Witness/HR Verification
| Field | Value |
|---|---|
| HR Representative | _________________________________ |
| Signature | _________________________________ |
| Date | _________________________________ |
4. Electronic Acknowledgement Alternative
For digital acknowledgement (LMS or HR system):
┌─────────────────────────────────────────────────────────────────────┐
│ POLICY ACKNOWLEDGEMENT │
├─────────────────────────────────────────────────────────────────────┤
│ │
│ I, [EMPLOYEE NAME], acknowledge that I have received, read, │
│ and understood the company's security policies. I agree to │
│ comply with all policies and understand that violations may │
│ result in disciplinary action. │
│ │
│ ☐ I ACKNOWLEDGE AND AGREE │
│ │
│ Policies Acknowledged: │
│ • Information Security Policy (POL-001) │
│ • Access Control Policy (POL-002) │
│ • Password & Authentication Policy (POL-003) │
│ • [All applicable policies listed] │
│ │
│ Digital Signature: [ELECTRONIC SIGNATURE] │
│ Date/Time: [SYSTEM TIMESTAMP] │
│ IP Address: [LOGGED FOR VERIFICATION] │
│ │
└─────────────────────────────────────────────────────────────────────┘
5. Acknowledgement Tracking
5.1 Tracking Spreadsheet Template
| Employee | Employee ID | Department | Acknowledgement Date | Method | Due Date | Status |
|---|---|---|---|---|---|---|
| Paper/Electronic | Complete/Pending/Overdue | |||||
5.2 Status Definitions
| Status | Definition |
|---|---|
| Complete | Acknowledgement received and filed |
| Pending | Within grace period, not yet received |
| Overdue | Past due date, escalation required |
| Exempt | Exception approved (document reason) |
6. Annual Renewal Process
6.1 Annual Acknowledgement Timeline
| Activity | Timing | Owner |
|---|---|---|
| Notification sent | 30 days before due | HR |
| Reminder 1 | 14 days before due | HR |
| Reminder 2 | 7 days before due | HR |
| Due date | Annual from hire date | Employee |
| Escalation to manager | 3 days overdue | HR |
| Access restriction | 14 days overdue | IT/HR |
6.2 Non-Compliance Consequences
| Days Overdue | Action |
|---|---|
| 7 days | Manager notification |
| 14 days | System access warning |
| 30 days | Access suspension pending completion |
| 60 days | HR review for disciplinary action |
7. Special Acknowledgements
7.1 Confidentiality Agreement (NDA)
For employees with access to confidential information:
I acknowledge that in the course of my employment, I may have access
to confidential and proprietary information. I agree to:
• Keep all confidential information secure
• Not disclose confidential information to unauthorized parties
• Return all company information upon termination
• Report any unauthorized disclosure
This obligation survives the end of my employment.
Signature: _________________ Date: _________
7.2 Privileged Access Acknowledgement
For administrators and privileged users:
I acknowledge that I have been granted privileged access to systems.
I understand and agree to:
• Use privileged access only for authorized purposes
• Never share privileged credentials
• Follow all privileged access procedures
• Submit to enhanced monitoring and auditing
• Complete privileged access training
• Report any misuse or concerns
Signature: _________________ Date: _________
8. Record Retention
| Record Type | Retention Period | Location |
|---|---|---|
| Signed acknowledgements | Employment duration + 1 year | HR files |
| Electronic acknowledgements | Employment duration + 1 year | LMS/HRIS |
| NDA agreements | Employment duration + 7 years | Legal |
| Privileged access acknowledgements | Access duration + 3 years | Security |
9. Audit Evidence
For SOC 2/ISO 27001 audits, provide:
- Sample signed acknowledgement forms
- Electronic acknowledgement system screenshots
- Completion rate reports
- Tracking spreadsheet or dashboard
- Non-compliance escalation evidence
10. Version History
| Version | Date | Author | Changes |
|---|---|---|---|
| 1.0 | 2026-01-11 | HR/Security | Initial release |
This document is classified as INTERNAL. Unauthorized distribution is prohibited.