A comprehensive suite of model/template information risk and security-related policies.
A set of 65 individual topic-based policies covering a wide variety of information security, risk, privacy and related matters. These are about 3 or 4 pages each, quite formal yet readable.
Plus a set of 8 Acceptable Use Policies - less formalized, more accessible guidance materials aimed at general employees, using examples to contrast acceptable against unacceptable activities.
Plus an overarching corporate security policy for senior management to set the scene and mandate all the other policies, in the context of corporate governance, risk management and compliance. In just 5 pages it lays out 7 guiding principles and 35 succinct axioms (policy statements derived from the controls in annex A of ISO/IEC 27001).
Plus a cross-reference matrix mapping the relationships between the 65 topical policies (an MS Excel spreadsheet).
Plus an executive guide concerning Acceptable Use Policies and Codes of Conduct (a PDF).
Supplied as a ZIP file containing editable MS Word documents (except for one PDF), these are all generic: although they lay out typical control objectives and good practice controls addressing commonplace information risks, they need to be adapted to reflect your particular context, risks, security requirements, compliance obligations etc. It is much quicker and easier to modify a well-written consistent suite of policy materials than to start from scratch. If you already have security policies, check them against these for aspects that you haven't thought of, and decide for yourself whether the structure, style and content would suit your organization.
Please note: the suite covers the top two layers of the 'policy pyramid', as shown - the most important bits that should flow down to your corporate procedures etc.
A suite of template policies covering a wide range of information security topics.
SPECIAL PACKAGE DISCOUNT - buy the entire set at half price
May 2020 - minor updates to a few policies
March 2020 - all 65 topical policies have been checked and minor corrections made for consistency. We are providing the cross-reference matrix as well now.