New and Updated Sample Security Policy Templates

Information Security Policies Made Easy, Version 14 contains these updates:

Security Policy Template Library Update for the Common Policy Library (CPL)

ISPME Version 14 includes over 60 new security policy samples mapped to the Common Policy Library (CPL). The CPL is a set of common information security policies that enable organizations to comply with multiple data protection laws including ISO 27002, PCI-DSS and HIPAA/HiTECH. 

Areas of focus for this update include Privileged Account Management, Third Party Security and Data Privacy Governance for the General Data Protection Regulation (GDPR).  All sample security policies are mapped to common frameworks such as ISO 27002, HIPAA, PCI-DSS and HIPAA/HiTECH.

Updated Security Policy Mappings

Version 14 contains updated mappings between the ISPME policy documents and leading regulatory frameworks.   Mappings include:

  1. ISO 27002:2013
  2. NIST 800-53 Revision 5
  3. PCI-DSS 3.2
  4. US Cyber Security Framework V 1.1
  6. FFIEC (Financial Services)
  7. New York State DFS

40 Updated “Ready-to-Go” Sample Security Policy Templates

Version 14 now contains 40 complete, pre-written sample information policy documents in MS-Word format, including:

  1. Sample High-Level Information Security Policy
  2. Sample IT Risk Management Security Policy
  3. Sample Information Security Program Policy
  4. Sample Information Security Organization Policy
  5. Sample Audit and Compliance Assessment Policy
  6. Sample Asset Management Policy
  7. Sample Acceptable Use of Assets Policy
  8. Sample Acceptable Use of Social Networking Policy
  9. Sample Cloud Computing Security Policy
  10. Sample Mobile Computing Security Policy
  11. Sample Remote Working (Telecommuting) Security Policy
  12. Sample Personally Owned Devices (BYOD) Security Policy
  13. Sample Information Classification Policy
  14. Sample Information Exchange Policy
  15. Sample Information Storage and Retention Policy
  16. Sample Information and Media Disposal Policy
  17. Sample Third Party Security Management Policy
  18. Sample  Personnel Security Management Policy
  19. Sample Security Awareness and Training Policy
  20. Sample Access Control Security Policy
  21. Sample Account and Privilege Management Policy
  22. Sample Remote Access Security Policy
  23. Sample Network Security Management Policy
  24. Sample Firewall Security Policy
  25. Sample Wireless Network Security Policy
  26. Sample Physical Access Security Policy
  27. Sample Data Center Security Policy
  28. Sample IT Operations Security Policy
  29. Sample System Configuration Management Policy
  30. Sample Change Management Policy
  31. Sample Malicious Software Management Policy
  32. Sample Encryption and Key Management Policy
  33. Sample Application Development Security Policy
  34. Sample Security Incident Response Policy
  35. Sample Data Breach Response Policy
  36. Sample Backup and Recovery Policy
  37. Sample IT Business Continuity Policy
  38. Sample Log Management and Monitoring Policy
  39. Sample Customer Data Privacy Policy
  40. Sample Privacy Governance Policy

New Policy Compliance Tools

The updated Master Policy List allows easy gap-analysis for your existing policies. A newly-added Best Practices Policy Template enables your organization to easily reference existing policies to compliance frameworks such as HIPAA, COBIT or PCI-DSS.

  1. Information Security Policy Compliance Agreement
  2. Management Risk Acceptance Memo
  3. Two-Page Simple Non-Disclosure Agreement
  4. Sample Data Classification Quick Reference Table
  5. Sample Identity Token Responsibility Statement
  6. Sample Employment Termination Procedure
  7. Sample Security Incident Reporting Form
  8. Sample Information Security Policy Glossary


60+ New Information Security Policy Sample Statements

Version 14 contains 60+ additional pre-written information security policy statements with expert commentary covering the latest security threats and technologies, including:

  • Audit Logging
  • BYOD (Bring Your Own Device)
  • Cloud Computing
  • Corporate governance
  • Data Breaches Response
  • Disposal of equipment
  • Email security including phishing
  • Instant messaging
  • Information Security Coordination
  • USB storage
  • Mobile device security
  • Personnel Security
  • Physical Security
  • Risk Management
  • Social Networking
  • Supply Chain Security
  • Security Department coordination
  • Remote Access and Teleworking
  • FAX and office machine security
  • Third-Party Software Development
  • Third-Party Service Management
  • Third-Party Information Disclosure
  • And much more…

Easy Policy Subscription Updates

Upgrade easily from previous versions to the new ComplianceShield Subscription Service and keep your security policies updated against the latest threats.