A comprehensive, coherent suite of information security policy templates, comprising:
- The overarching corporate information security policy - a high-level management perspective on information risk and security based on ISO/IEC 27001, supported by ...
- The topic-based policies - an integrated mesh of policies covering a deliberately wide variety of information security, risk, privacy and related matters (83 of them!);
- A cross-reference matrix showing relationships between the topic-based policies (spreadsheet);
- Acceptable Use Policies - less formal, more accessible guidance aimed at general employees, using examples to contrast acceptable against unacceptable activities (desktop and mobile editions).
The entire suite was conceived, written and maintained by a single professional. It has evolved over decades, gradually expanding in scope and changing in line with developments in the field. It is unique and exclusive to SecAware - not available elsewhere.
The policy templates:
- Comprise the top two layers of the classical 'policy pyramid' shown;
- Specify typical/good practice controls, inspired by ISO27k and other standards;
- Share the same consistent structure, layout, format and tone;
- Are essentially 'camera-ready' aside from any amendments required for your particular organisation;
- Use MS Word styles, making it easy to change the formatting to suit your corporate guidance or preferences;
- Form an interlocking mesh: they are designed to work together as a suite, supporting each other.
While some policies may not be applicable or relevant to your organisation, most of them probably are. Developing such a comprehensive, consistent and mature suite of polices from scratch would cost you much more than this, even taking account of any customisation, review and authorisation activities you may need.
Review and consider the templates carefully, adapting them where appropriate to suit your organisation's unique needs (e.g. your compliance obligations, risks and controls) and situation (e.g. to align with policies in related areas such as risk, IT and HR).
SecAware policy suite (discounted)
A full suite of Information security policy templates on a wide range of topics
CURRENTLY on SPECIAL!