How to write a social media policy that will protect your business

11 June 2020

So you have your social media account up and running – but how do you keep it on the right path and working in the best interests of your organisation?


For any business operating social media channels we’ve prepared our social media policy 101 to give you an overview of what a social media policy does, what it should cover and how to implement it.


What is a social media policy?

A good social media policy will cover the dos and don’ts for any employee, from those managing your social media pages, through to those simply active on social media personally.


Your social media policy will:

  • ensure consistent use of social media across all platforms;
  • promote the responsible use of social media by all employees; and
  • provide a roadmap for managing challenging online and public facing interactions with your online community.


What to include in your social media policy:

1. Clarify who can represent your company on social media and assign responsibilities including:

  • Strategy and planning
  • Security and passwords
  • Day to day posts, monitoring and listening
  • Daily customer service responses
  • Advertising
  • Review and approval processes
  • Crisis response
  • Social media training for other employees


2. Provide a plan for dealing with feedback – the good and the bad!

Engagement on social media is valuable. It can help you develop a better relationship with your clients and customers and opens up two-way communication between you and your stakeholders. However, it also exposes you to comments, questions and other public commentary you need to be prepared to respond to (and quickly).

Your policy should outline the processes required to respond to various kinds of feedback, questions and complaints in a timely manner. We also recommend preparing a bank of responses that are ready to go, or can be quickly tailored, to cut down on response time.

Sauce tip: Acknowledge negative posts or comments publicly and invite the conversation to be taken to a private channel, such as Facebook Messenger or Instagram Direct Messages, to resolve the matter.

It may be appropriate to add your own code of conduct to the account page to assist with how feedback, complaints and engagement is managed. Many customer facing businesses also include the hours the page is monitored in their code of conduct to manage expectations of response time.


3. Assess and manage your legal risks

Your social media policy should be aligned with your company’s code of conduct, observe industry regulations and customer and commercial confidentiality.

Legal cases have indicated that providers of digital forums and platforms, such as businesses with a Facebook page, could be liable for defamatory content authored by other people if it appears on their page and they fail to act. This means if another user is making defamatory comments on your posts or page, it is your responsibility to remove them.

Account security should also be factored in, including how access to accounts is shared, and what the process is in the event of a breach. Social media planning tools such as Hootsuite or Sprout Social allow multiple employees to securely access accounts so long as one employee has connected the relevant accounts to these services. They also have helpful listening, reporting and scheduling functions.

A good rule of thumb: Never share confidential, proprietary or other information not yet publicly released.


4. Your brand tone of voice and content guidelines

To serve as a reminder for employees when referring to the policy in the face of complex issues, your brand tone of voice, values and the type of content your business shares should be clearly outlined.


5. Personal account guidelines in your social media policy for all employees

This is an optional inclusion but helpful for large businesses with many employees who may be active on their personal social media accounts. This section should encourage your team to share updates about the company with their network but prevent inadvertent use of confidential information or misinformation from spreading. It should also clearly state whether employees may speak on behalf of the company and how they are representing themselves if they are commenting on posts about the company.