3-page information security policy template on security architecture and design.
 
Information risks should be identified, analyzed and appropriate security architectures and controls specified in the course of designing information systems and business processes.
 
An 'architectural' view integrates information systems and services and business processes across the organisation, supporting a rational forward-thinking strategy for information governance and information risk management.  Information security should be an integral part of all that.
 
Security architecture and design makes sense even if the organisation does no software/systems development in-house: cloud computing services and commercial applications also need to be inherently secure, properly implemented and used.  Ad hoc patchworks of information systems and services are less likely to satisfy security, privacy and other business requirements.
 
Supplied as an MS Word document, readily customised for your organisation's specific situation.