top of page

SecAware materials

SecAware logo

~4-page information security policy template on compliance and conformity.


Given the potential impacts of non-compliance with information security-related legal, regulatory and contractual obligations, or non-conformity with discretionary requirements, this policy specifies a three-pronged approach:

  1. Proactively monitor and assess applicable information security and privacy-related obligations;
  2. Fulfil the obligations through compliance/conformity, reinforcement and enforcement actions as appropriate; and
  3. Insist that third-parties comply with their obligations to protect information disclosed or provided to them, through further compliance actions.


Compliance enforcement and reinforcement are complementary approaches: as well as penalising non-compliance, we recommend encouraging and rewarding compliance.  Carrot and stick!


Supplied as an MS Word document, readily customised for your organisation's specific situation.

Compliance policy

bottom of page