How to write an information security policy

In October’s Toolkit Insider Series, we will be looking at templates from our ISO27001 2013 ISMS Standalone Documentation Toolkit. In the first week, we discuss the Information Security Policy.

Information is a valuable asset, and protecting their information must be a top priority for all organisations. An important step in keeping your organisation’s information safe is to ensure that your staff are following best practices for information security – an information security policy can help with this.

Receive a 20% discount off this toolkit when you use the discount code, ‘ISMS20’.

Information security policy

This policy is a mandatory component of ISO 27001, and will set out the requirements for your ISMS (information security management system).
A good policy should identify the information being protected, recognise the key risks to your organisation and offer solutions for dealing with them. It should also provide information on how the policy is monitored to ensure that it is successfully enforced.

Why you need an information security policy

The best approach to ensure that your staff understand your information security policy is to create a clear and concise document stating your organisation’s principles.

With an information security policy, you can:

• Assign clear roles and responsibilities for your staff;
• Determine information security objectives appropriate to your organisation;
• Detect the misuse of data, networks and computer systems;
• Protect the reputation of your organisation; and
• Provide the best service possible to your customers.

Our Information Security Policy

The sample below shows how you could define the confidentiality, integrity and availability of your organisation’s information:

Click on the image to view a sample of our Information Security Policy.

Want our Information Security Policy template?

Produce your ISO 27001-compliant information security policy in minutes with our easy-to-use and customisable template. For more information on this template, visit our website.

Next week

Now that we’ve taken a closer look at the Information Security Policy, we will discuss the Responding to Information Security Reports template next week.

ISO27001 2013 ISMS Standalone Documentation Toolkit

Created by expert practitioners, the ISO27001 2013 ISMS Standalone Documentation Toolkit provides you with a comprehensive set of ISMS templates, saving your organisation time, effort and money.

Use the code “ISMS20” and receive a 20% discount on the ISMS toolkit.