Last Chance: MacBook Air, Dell XPS 13 or $600 off with SANS Online Training Ends December 7

Information Security Policy Templates


General Policy Templates


Acceptable Encryption Policy

Outlines the requirement around which encryption algorithms (e.g. received substantial public review and have been proven to work effectively) are acceptable for use within the enterprise.

Download Policy Template


Acceptable Use Policy

Defines acceptable use of equipment and computing services, and the appropriate employee security measures to protect the organization's corporate resources and proprietary information.

Download Policy Template


Clean Desk Policy

Defines the minimum requirements for maintaining a "clean desk" - where sensitive/critical information about our employees, our intellectual property, our customers and our vendors is secure in locked areas and out of sight.

Download Policy Template


Data Breach Response Policy

Defines the goals and the vision for the breach response process. This policy defines to whom it applies and under what circumstances, and it will include the definition of a breach, staff roles and responsibilities, standards and metrics (e.g., to enable prioritization of the incidents), as well as reporting, remediation, and feedback mechanisms.

Download Policy Template


Disaster Recovery Plan Policy

Defines the requirement for a baseline disaster recovery plan to be developed and implemented by the company, which describes the process to recover IT Systems, Applications and Data from any type of disaster that causes a major outage.

Download Policy Template


Digital Signature Acceptance Policy

Defines the requirements for when a digital signature is considered an accepted means of validating the identity of a signer in electronic documents and correspondence, and thus a substitute for traditional "wet" signatures, within the organization.

Download Policy Template


Email Policy

Defines the requirements for proper use of the company email system and make users aware of what is considered acceptable and unacceptable use of its email system.

Download Policy Template


Ethics Policy

Defines the guidelines and expectations of individuals within the company to demonstrate fair business practices and encourage a culture of openness and trust.

Download Policy Template


Pandemic Response Planning Policy

Defines the requirements for planning, preparation and performing exercises for pandemic disease outbreak over and above the normal business continuity and disaster recovery planning process.

Download Policy Template


Password Construction Guidelines

Defines the guidelines and best practices for the creation of strong passwords.

Download Policy Template


Password Protection Policy

Defines the standard for the creation of strong passwords, the protection of those passwords, and the frequency of change.

Download Policy Template


Security Response Plan Policy

Defines the requirement for business units supported by the Infosec Team to develop and maintain a security response plan.

Download Policy Template


End User Encryption Key Protection Policy

Defines the requirements for protecting encryption keys that are under the control of end users.f

Download Policy Template