The CIO of a growing company would take the following steps to build an ethical IT policy: engage the CEO and other C-level executives to gain support for the initiative, as their buy-in is critical; form a cross-functional committee including representatives from IT, HR, legal and other departments to develop the policy and ensure it considers various perspectives; clearly communicate the new policy and ethics guidelines to all employees through multiple channels and trainings to establish expectations and gain feedback.