A 5½-page overarching information security policy based on ISO/IEC 27001.
This is the peak of the classical policy pyramid, a high-level policy mandated by senior management which sets the scene and bolsters all the remaining information security policies and related materials.
We have used ISO/IEC 27001:2013 as the basis for this policy, including the Information Security Management System concept and a set of 'axioms' (generic policy statements) derived primarily from the control objectives identified in Annex A of the standard. These form a sensible structure and sound foundation for the topic-specific information security policies, procedures and guidelines.
Delivered as an editable MS Word document, easily customized for your organization's specific needs.
Corporate information security policy
A high-level overarching information security policy template.
See also the full range of supporting policies in the policy suite that expand on specific risk and control elements.
The license covers internal use within a single organisation. Please get in touch if you'd like to incorporate the SecAware content in your systems or services provided to third parties.