A 5½-page overarching information security policy based on ISO/IEC 27001.
This is the peak of the classical policy pyramid, a high-level policy mandated by senior management which sets the scene and bolsters all the remaining information security policies and related materials.
We have used ISO/IEC 27001:2013 as the basis for this policy, including the Information Security Management System concept and a set of 'axioms' (generic policy statements) derived primarily from the control objectives identified in Annex A of the standard. These are elaborated-on in ISO/IEC 27002:2013 and other good practice sources, forming a sound foundation for a number of information security policies, procedures and guidelines.
Delivered as an editable MS Word document, easily customized for your organization's specific needs.
Corporate information security policy
A high-level overarching information security policy template.
See also the full range of supporting policies in the policy suite that expand on specific risk and control elements.
The license covers internal use within a single organisation. Please get in touch if you'd like to incorporate the SecAware content in your systems or services provided to third parties.