A ~3-page overarching corporate information security policy template based on ISO/IEC 27001.
This is the peak of the classical policy pyramid, a high-level policy setting the scene for all the remaining/supporting information security policies and related materials.
According to ISO/IEC 27001, top management must establish an information security policy.
The SecAware template lays out a succinct set of 7 information risk and security principles or objectives. It formalises the overall architecture for an Information Security Management System supporting and enabling achievement of the objectives.
Rather than attempt to explain everything in one massive document, the brief corporate policy is typically supplemented by a comprehensive suite of topic-specific policies covering the details.
Supplied as an editable MS Word document, readily customised for your organisation's specific situation.
top of page
bottom of page