SecAware materials

SecAware logo 150 animated ezgif.gif

A 5½-page overarching information security policy based on ISO/IEC 27001.


This is the peak of the classical policy pyramid, a high-level policy mandated by senior management which sets the scene and bolsters all the remaining information security policies and related materials.


We have used ISO/IEC 27001:2013 as the basis for this policy, including the Information Security Management System concept and a set of 'axioms' (generic policy statements) derived primarily from the control objectives identified in Annex A of the standard.  These form a sensible structure and sound foundation for the topic-specific information security policies, procedures and guidelines.


Delivered as an editable MS Word document, easily customized for your organization's specific needs.

Corporate information security policy

  • A high-level overarching information security policy template.


    See also the full range of supporting policies in the policy suite that expand on specific risk and control elements.

  • The license covers internal use within a single organisation.  Please get in touch if you'd like to incorporate the SecAware content in your systems or services provided to third parties.