© 2019 IsecT Limited, New Zealand      Get in touch

3½-page generic information security policy about IT systems.


Information risks relating to information/IT systems (i.e. computer hardware and software plus the operations, usage, management, maintenance and other associated processes, the operating environment and essential supplies, the network connections, and of course the business data being communicated, processed and stored) must be identified, assessed and treated.  Securing an information system therefore goes beyond merely securing the computer itself (the 'cybersecurity' elements), although that is if course a major part.


Delivered as an editable MS Word document, easily customized for your organization's specific needs.

Information systems security policy

  • Template policy on IT systems security


    See also the security policies on:

    • Information governance
    • Information ownership
    • Information risk management
    • Information classification
    • Cybersecurity
    • Databases
    • Information security architecture and design
    • Network security
    • Malware
    • Information integrity
    • Access control
    • Cryptography
    • Identification and authentication
    • Backups and archives
    • Email and interpersonal messaging
    • BYOD security
    • IoT security
    • IT systems development and acquisition
    • IT systems implementation
    • Change and configuration management
    • Assurance
    • IT audit