An information security policy should ideally comply with ISO/IEC 27001. This standard provides best practice recommendations for information security management.

Below you will find a number of policies based on the ISO 27001 standard which can be used to build a security policy for your organisation. These security policies are from the 2000's.

Security Policy Template

The security policies here are based on this security policy template designed by Ruskwig.

Information Security Policy - 5.1

An ISO 27001 Information Security Policy. This is a high level security policy which is supplemented by additional security policy documents which provide detailed policies and guidelines relating to specific security controls.

Email Acceptable Use - 7.1.3

Guidelines for acceptable use of Email.

Internet Acceptable Use - 7.1.3

Guidelines for acceptable use of the Internet.

Secure Extranet Acceptable Usage - 7.1.3

Guidelines for using a secure extranet.

Working In A Foreign Country - 7.1.3

Guidelines for working in a Foreign Country.

Information Backups - 10.5.1

Defines the requirments for adequately backing up an oganisations data.

Infrastructure Hardening - 12.6.1

Defines the process and requirments for hardening the IT infrastructure.

Technical Vulnerability & Patch Management - 12.6.1

Defines the process for identifying vulnerabilities and apply patches.

Reporting Information Security Incidents - 13.1.1

Guidelines for identifying and reporting a security incident.