A comprehensive, coherent suite of information security policy templates, comprising:
- The overarching corporate information security policy - a high-level management perspective on information risk and security based on ISO/IEC 27001, supported by ...
- The topic-based policies - a mesh of policies covering a deliberately wide variety of information security, risk, privacy and related matters (77 of them!);
- A cross-reference matrix showing relationships between the topic-based policies (spreadsheet);
- The Acceptable Use Policies - less formal, more accessible guidance aimed at general employees, using examples to contrast acceptable against unacceptable activities (standard and mobile editions).
The entire suite was conceived, written and maintained by a single professional. It has evolved over decades, gradually expanding in scope and changing in line with developments in the field. It is unique - not available elsewhere.
- Comprise the top two layers of the classical 'policy pyramid' shown;
- Specify typical control objectives and good practice controls, inspired by ISO27k and other standards;
- Share the same consistent structure, layout, format and tone;
- Are essentially 'camera-ready' aside from any amendments required for your particular organisation;
- Use MS Word styles, facilitating formatting changes to suit your corporate policy style guide and preferences;
- Form an interlocking mesh: they are designed to work together, supporting each other.
Review and consider the templates carefully, adapting them where appropriate to suit your organisation's unique needs (e.g. your compliance obligations, risks and controls) and situation (e.g. to align with policies in related areas such as risk, IT and HR).
SecAware policy suite (package deal)
A full suite of Information security policy templates on a wide range of topics
CURRENTLY on SPECIAL at 75% off!