The Best Cybersecurity Training in the World - No Travel Required! Learn More

Information Security Policy Templates

Subscribe to SANS Newsletters

Join the SANS Community to receive the latest curated cyber security news, vulnerabilities and mitigations, training opportunities, and our webcast schedule.

General Policy Templates

Acceptable Encryption Policy

Outlines the requirement around which encryption algorithms (e.g. received substantial public review and have been proven to work effectively) are acceptable for use within the enterprise.

Download Policy Template

Acceptable Use Policy

Defines acceptable use of equipment and computing services, and the appropriate employee security measures to protect the organization's corporate resources and proprietary information.

Download Policy Template

Clean Desk Policy

Defines the minimum requirements for maintaining a "clean desk" - where sensitive/critical information about our employees, our intellectual property, our customers and our vendors is secure in locked areas and out of sight.

Download Policy Template

Data Breach Response Policy

Defines the goals and the vision for the breach response process. This policy defines to whom it applies and under what circumstances, and it will include the definition of a breach, staff roles and responsibilities, standards and metrics (e.g., to enable prioritization of the incidents), as well as reporting, remediation, and feedback mechanisms.

Download Policy Template

Disaster Recovery Plan Policy

Defines the requirement for a baseline disaster recovery plan to be developed and implemented by the company, which describes the process to recover IT Systems, Applications and Data from any type of disaster that causes a major outage.

Download Policy Template

Digital Signature Acceptance Policy

Defines the requirements for when a digital signature is considered an accepted means of validating the identity of a signer in electronic documents and correspondence, and thus a substitute for traditional "wet" signatures, within the organization.

Download Policy Template

Email Policy

Defines the requirements for proper use of the company email system and make users aware of what is considered acceptable and unacceptable use of its email system.

Download Policy Template

Ethics Policy

Defines the guidelines and expectations of individuals within the company to demonstrate fair business practices and encourage a culture of openness and trust.

Download Policy Template

Pandemic Response Planning Policy

Defines the requirements for planning, preparation and performing exercises for pandemic disease outbreak over and above the normal business continuity and disaster recovery planning process.

Download Policy Template

Password Construction Guidelines

Defines the guidelines and best practices for the creation of strong passwords.

Download Policy Template

Password Protection Policy

Defines the standard for the creation of strong passwords, the protection of those passwords, and the frequency of change.

Download Policy Template

Security Response Plan Policy

Defines the requirement for business units supported by the Infosec Team to develop and maintain a security response plan.

Download Policy Template

End User Encryption Key Protection Policy

Defines the requirements for protecting encryption keys that are under the control of end users.f

Download Policy Template