SecAware materials

SecAware logo

~4-page information security policy template on complliance.


Given the potential impacts of non-compliance with information security-related legal, regulatory and contractual obligations, this policy specifies a three-pronged approach:

  • Proactively monitor and assess applicable information security and privacy-related obligations;
  • Fulfil the obligations through compliance, reinforcement and enforcement actions as appropriate; and
  • Insist that third-parties comply with their obligations to protect information disclosed or provided to them, through further compliance actions.


Compliance enforcement and reinforcement are complementary approaches: as well as penalising non-compliance, how about encouraging and rewarding compliance?  Carrot and stick!


Supplied as an MS Word document, readily customised for your organisation's specific situation.

Compliance policy