Information Security Policy Templates

Old/Retired Policy Templates


Analog/ISDN Line Security Policy

This document explains acceptable use of analog and ISDN lines and approval policies and procedures.

Download Policy Template


Anti-Virus Guidelines

Defines guidelines for effectively reducing the threat of computer viruses on the organization's network.

Download Policy Template


Server Audit Policy

Defines baseline configuration standards for servers installed on the company network. Relevant content was added to the new Workstation Configuration Standard.

Download Policy Template


Automatically Forwarded Email Policy

Documents the requirement that no email will be automatically forwarded to an external destination without prior approval from the appropriate manager or director.

Download Policy Template


Communications Equipment Policy

Defines the requirements for secure configurations of communication equipment.

Download Policy Template


Dial In Access Policy

Defines the requirement for Dial-in/remote access to company computing resources.

Download Policy Template


Extranet Policy

Defines the requirement that third party organizations requiring access to the organization's networks must sign a third-party connection agreement.

Download Policy Template


Internet DMZ Equipment Policy

Defines the standards to be met by all equipment owned and/or operated by the organization that is located outside the organization's Internet firewalls (the demilitarized zone or DMZ).

Download Policy Template


Internet Usage Policy

Define standards for systems that monitor and limit web use from any host within the company network.

Download Policy Template


Mobile Device Encryption Policy

Defines the requirements for encrypting data at rest on employee mobile endpoints.

Download Policy Template


Personal Communication Devices and Voicemail Policy

Defines the requirements for management personal communication devices and voicemail accounts.

Download Policy Template


Removable Media Policy

Defines the requirements for use of removable media.

Download Policy Template


Risk Assessment Policy

Defines the requirement that the Infosec Team has the authority to perform periodic information security risk assessments (RAs) for the purpose of determining areas of vulnerability, and to initiate appropriate remediation.

Download Policy Template


Server Malware Protectoin Policy

Defines the requirements for which server systems are required to have anti-virus and/or anti-spyware applications.

Download Policy Template


Social Engineering Awareness Policy

Defines guidelines to provide awareness around the threat of social engineering and defines procedures when dealing with social engineering threats. Relevant content was added to the Acceptable Use Policy.

Download Policy Template


DMZ Lab Security Policy

Documents the security requirements for all networks and equipment deployed in labs located on the "De-Militarized Zone" (DMZ) for the purpose of reducing or eliminating risks.

Download Policy Template


Email Retention Policy

Defines the guidance to help employees determine what information sent or received by email should be retained and for how long.

Download Policy Template


Employee Internet Use Monitoring and Filtering Policy

Defines the standards for systems that monitor and limit web use from any host within the companyâs network.

Download Policy Template


Lab Anti Virus Policy

Defines the requirements which must be met by all computers connected to company lab networks to ensure effective virus detection and prevention.

Download Policy Template


Mobile Employee Endpoint Responsibility Policy

Defines the requirements for employees to protect their laptop/mobile device that is used to conduct company business.

Download Policy Template


Remote Access Mobile Computing Storage

Defines authorized methods for controlling mobile computing and storage devices that contain or access information resources.

Download Policy Template


Virtual Private Network Policy

Defines the requirements to following when using for Remote Access IPSec or L2TP Virtual Private Network (VPN) to connect to the corporate network. Relevent content added to the general Network Access Policy.

Download Policy Template