A 5½-page overarching information security policy based on ISO/IEC 27001.
This is the peak of the classical policy pyramid, a high-level policy mandated by senior management which sets the scene and bolsters all the remaining information security policies and related materials.
We have used ISO/IEC 27001:2013 as the basis for this policy, including the Information Security Management System concept and a set of 'axioms' (generic policy statements) derived primarily from the control objectives identified in Annex A of the standard. These are elaborated-on in ISO/IEC 27002:2013 and other good practice sources, forming a sound foundation for a number of information security policies, procedures and guidelines.
Delivered as an editable MS Word document, easily customized for your organization's specific needs.
Corporate information security policy
A high-level overarching information security policy template.
See also the full range of supporting policies in the policy suite that expand on specific risk and control elements.
