While social media represents a broad range of benefits to organisations and institutions, such as enhanced brand engagement, it also presents challenges and risks to reputation and security, such as confidentiality breaches. Employee use of popular social media platforms, such as Facebook and Twitter, both at work and about work has resulted in organisations developing social media policies and guidelines as part of contemporary governance practice. This paper investigates this recent approach to corporate governance by examining 20 social media policies and guidelines from a sample of corporate, government and third sector organisations that are active social media users. It develops a basic framework for social media governance based on the 13 common themes that emerge from the sample, including confidentiality, disclosure and the public-private divide of social media usage. It draws on social contract theory and considers its importance to the field of social media governance. Key implications for managers who are tasked with developing and implementing social media policies and guidelines are discussed.