A broad general statement saying you disallow social media goes here if you don't allow it at all. Otherwise, say that you permit the use of social media within certain guidelines. Specifically mention that people covered by this policy must protect themselves and the organization's shareholders, brand, reputation, and assets. Indicate what actions failure to comply with the policy might result in.
Briefly describe what social media is here. Cover blogs, message boards, wikis, Facebook, etc here.
Restate your organizations view on social media use here.
IMPORTANT - If you have any regulatory requirements or guidelines that impact your employees' use of social media, SPELL THOSE OUT HERE. You should check with your Legal, HR, and all relevant IT and business management to identify what applies to you. For examples, in some industries use of social media can be considered advertising if products or services are mentioned.
List our your DOs and DONTs:
1. Remind people of other related company policies here
2. Remind people that they are solely responsible for any legal liability arising from or related to what they post online. Remind official company spokepersons of their special requirements when speaking online.
3. Do say that if commenting on some aspect of the organization, identify yourself as an employee and include a disclaimer.
1. do not disclose confidential or proprietary information.
2. do not disparage other people (customers, coworkers, etc) or any other company (suppliers, business partners, etc)
3. do not use the organization's logos or trademarks without permission
Any closing legalese and a reminder that the policy has teeth can go here.
Some other good advice can be found in the links below:
[Online policy creation tool]: http://socialmedia.policytool.net/
email: david @ sharpesecurity.com