SecAware materials

SecAware logo

A ~5-page overarching corporate information security policy template based on ISO/IEC 27001.


This is the peak of the classical policy pyramid, a high-level policy mandated by senior management which sets the scene and bolsters all the remaining/supporting information security policies and related materials.


ISO/IEC 27001:2013 is the basis for the policy, including the Information Security Management System concept and a set of 'axioms' (generic policy statements) derived primarily from the control objectives identified in Annex A of the standard.  These form a sensible structure, setting the scene for the topic-specific information security policies, procedures, guidelines, training materials etc.


Supplied as an editable MS Word document, readily customised for your organisation's specific situation.

Corporate information security policy

  • Information security policy template


    See also the full range of supporting 'topic specific' policies in the SecAware policy suite that expand on specific risk and control aspects.