A ~5-page overarching corporate information security policy template based on ISO/IEC 27001.
This is the peak of the classical policy pyramid, a high-level policy mandated by senior management which sets the scene and bolsters all the remaining/supporting information security policies and related materials.
ISO/IEC 27001:2013 is the basis for the policy, including the Information Security Management System concept and a set of 'axioms' (generic policy statements) derived primarily from the control objectives identified in Annex A of the standard. These form a sensible structure, setting the scene for the topic-specific information security policies, procedures, guidelines, training materials etc.
Supplied as an editable MS Word document, readily customised for your organisation's specific situation.
Corporate information security policy
Information security policy template
See also the full range of supporting 'topic specific' policies in the SecAware policy suite that expand on specific risk and control aspects.