Directory Help Search only in Sample PoliciesSearch the Web

Sample Policies

Computers > Security > Policy > Sample Policies

Go to Directory Home

Related Category:
    Computers > Security > FAQs, Help, and Tutorials  (13)

Web Pages

Viewing in Google PageRank order               View in alphabetical order

	Information Security Policies - http://csrc.nist.gov/fasp/jump.html NIST's collection of well over 100 security policies and related awareness materials, mostly from US Government bodies.
	Electronic Communications Policy - http://www.ucop.edu/ucophome/coordrev/policy/PP081805ECP.pdf Formal policy from the University of California covering email and other electronic communications mechanisms
	Information Security Policies - http://www.sans.org/resources/policies/ SANS consensus research project offering around 30 editable information security policies.
	University Information Security Policies - http://www.upenn.edu/computing/policy/ Electronic resource usage and security policies from the University of Pennsylvania.
	HSPD-12 Privacy Policy - http://www.whitehouse.gov/omb/memoranda/fy2006/m06-06_att.doc Sample privacy policy including Privacy Act systems of records notices, Privacy Act statements and a privacy impact assessment, designed to satisfy the requirements of HSPD-12 “Policy for a Common Identification Standard for Federal Employees and Contractors”

	Network Security Policy - http://www.utoronto.ca/security/documentation/policies/policy_5.htm Example security policy for a data network from the University of Toronto.
	Standard Practice Guide - http://spg.umich.edu/pdf/601.07-0.pdf Policy covering appropriate use of information resources and IT at the University of Michigan.
	Campus Security Policy - http://www.wustl.edu/policies/infosecurity.html High level information security policy from Washington University.
	Server Security Policy - http://www.sans.org/resources/policies/Server_Security_Policy.pdf Defines standards for minimal security configuration for servers inside the organization's production network, or used in a production capacity.
	Wireless Communication Policy - http://www.sans.org/resources/policies/Wireless_Communication_Policy.pdf Sample policy concerning the use of unsecured wireless communications technology.

	Audit Policy - http://www.sans.org/resources/policies/Audit_Policy.pdf Defines requirements and provides authority for the information security team to conduct IT audits and risk assessments.
	Internet DMZ Equipment Policy - http://www.sans.org/resources/policies/Internet_DMZ_Equipment_Policy.pdf Sample policy defining the minimum requirement for all equipment located outside the corporate firewall.
	Information Sensitivity Policy - http://www.sans.org/resources/policies/Information_Sensitivity_Policy.pdf Sample policy defining the assignment of sensitivity levels to information.
	Backup Policy - http://bizsecurity.about.com/od/securitypolices/a/backupprimer.htm A primer to help small businesses write their own backup policies.
	Information Security Policies - http://www.ucisa.ac.uk/publications/ist.aspx The Information Security Toolkit from UCISA (University Colleges and Information Systems Association) contains a suite of security policy and guidance documents reflecting and cross-referenced against BS7799, intended for use in universities. [PDF documents]

	Database Password Policy - http://www.sans.org/resources/policies/DB_Credentials_Policy.doc Defines requirements for securely storing and retrieving database usernames and passwords. [MS Word]
	Risk Assessment Policy - http://www.sans.org/resources/policies/Risk_Assessment_Policy.doc Defines requirements and authorizes the information security team to identify, assess and remediate risks to the organization's information infrastructure. [MS Word]
	Remote Access Policy - http://www.sans.org/resources/policies/Remote_Access_Policy.doc Defines standards for connecting to a corporate network from any host. [MS Word]
	Router Security Policy - http://www.sans.org/resources/policies/Router_Security_Policy.doc Sample policy establishing the minimum security requirements for all routers and switches connecting to production networks. [MS Word]
	Dial-in Access Policy - http://www.sans.org/resources/policies/Dial-in_Access_Policy.doc Policy regarding the use of dial-in connections to corporate networks. [MS Word]

	DMZ Security Policy - http://www.sans.org/resources/policies/DMZ_Lab_Security_Policy.doc Sample policy establishing security requirements of equipment to be deployed in the corporate De-Militarized Zone. [MS Word]
	Password Policy - http://www.sans.org/resources/policies/Password_Policy.doc Defines standards for creating, protecting and changing strong passwords. [MS Word]
	Email Forwarding Policy - http://www.sans.org/resources/policies/Automatically_Forwarded_Email_Policy.pdf Email must not be forwarded automatically to an external destination without prior approval from the appropriate manager.
	Application Service Provider Policy - http://www.sans.org/resources/policies/Application_Service_Providers.pdf Security criteria for an ASP.
	Extranet Policy - http://www.sans.org/resources/policies/Extranet_Policy.doc Defines the requirement that third party organizations requiring access to the organization's networks must sign a third-party connection agreement. [MS Word]

	Ethics Policy - http://www.sans.org/resources/policies/Ethics_Policy.doc Sample policy intended to 'establish a culture of openness, trust and integrity'.
	Email Retention Policy - http://www.sans.org/resources/policies/email_retention.doc Sample policy to help employees determine which emails should be retained and for how long.
	Laboratory Security Policy - http://www.sans.org/resources/policies/Internal_Lab_Security_Policy.doc Policy to secure confidential information and technologies in the labs and protect production services and the rest of the organization from lab activities. [MS Word]
	Acquisition Assessment Policy - http://www.sans.org/resources/policies/Aquisition_Assessment_Policy.doc Defines responsibilities regarding corporate acquisitions and the minimum requirements of an acquisition assessment to be completed by the information security group. [MS Word]
	Anti-Virus Policy - http://www.sans.org/resources/policies/Lab_Anti-Virus_Policy.doc Requirements for effective virus detection and prevention. Written for a laboratory environment but easy to adapt for other settings. [MS Word]

	Analog/ISDN Line Policy - http://www.sans.org/resources/policies/Analog_Line_Policy.doc Defines policy for analog/ISDN lines used for FAXing and data connections.
	Acceptable Use Policy - http://www.sans.org/resources/policies/Acceptable_Use_Policy.doc Defines acceptable use of IT equipment and computing services, and the appropriate employee security measures to protect the organization's corporate resources and proprietary information. [MS Word]
	Encryption Policy - http://www.sans.org/resources/policies/Acceptable_Encryption_Policy.doc Defines encryption algorithms that are suitable for use within the organization. [MS Word]
	Security Policy Primer - http://www.sans.org/resources/policies/Policy_Primer.pdf General advice for those new to writing information security policies.
	Virtual Private Network Policy - http://www.sans.org/resources/policies/Virtual_Private_Network.pdf Defines the requirements for Remote Access IPSec or L2TP Virtual Private Network (VPN) connections to the organization's network.

	Third Party Connection Agreement - http://www.sans.org/resources/policies/Third_Party_Agreement.pdf Sample agreement for establishing a connection to an external party.
	ISO/IEC 27001 Policies - http://www.27001-online.com/secpols.htm Typical headings for a security policy aligned broadly with the ISO/IEC 27002 standard for information security management systems.
	Campus Security Policy - https://security.berkeley.edu/IT.sec.policy.html An overarching security policy from Berkeley University includes links to more specific and detailed policies.
	Information Security Policy - http://www.obfs.uillinois.edu/manual/central_p/sec19-5.html An information security policy from the University of Illinois.
	Backup Policy - http://its.uncg.edu/Policy_Manual/Computer_Backup/ Sample policy from the University of North Carolina requires daily, weekly and monthly backups (sometimes known as 'grandfather, father, son').

	IT Security Policy - http://www.murdoch.edu.au/admin/policies/itsecurity/policy.html Information technology security policy at Murdoch University, complete wth supporting standards and guidelines.
	Password Policy - http://www.umflint.edu/its/units/initiatives/publicity/password.htm A password policy presented in the form of a series of security awareness posters. "Passwords are like underwear ..."
	The ePolicy Institute - http://www.epolicyinstitute.com Provides policies and resources on information security and other related topics.
	ISO27k Toolkit - http://www.iso27001security.com/html/iso27k_toolkit.html Collection of information security policies, procedures etc. aligned with the ISO/IEC 27000-series standards and provided under the Creative Commons license.
	Information Security Policy - http://www.ccrg.ox.ac.uk/datasets/policystatement.htm High-level information security policy statement for the Childhood Cancer Research Group at Oxford University.

	Information Security Policies - http://www.securitydocs.com/Security_Policies/Sample_Policies An extensive collection of information security policy samples at SecurityDocs.
	IT Security Policy - http://www.enterprise-ireland.com/ebusinesssite/guides/internal_security/internal_security_index.asp IT security policy example/how-to guide from Enterprise Ireland.
	Backup Policy - http://www.comptechdoc.org/independent/security/policies/backup-policy.html Sample policy requires a cycle of daily and weekly backups (monthly backups are also advisable).
	K-20 Network Acceptable Use Policy - http://www.k12.wa.us/K-20/AUPSchBoardNetworkUse.aspx Policy on acceptable use of a school network, along with information for parents and an informed consent form. Developed in Washington State.
	Telecommuting/Teleworking Policy - http://www.womans-work.com/teleworking_policy.htm Sample policy on teleworking covering employment as well as information security issues.

	IP Network Security Policy - http://www.securityfocus.com/infocus/1497 Example security policy to demonstrate policy writing techniques introduced in three earlier articles.
	Disaster Recovery Policy - http://www.templatezone.com/pdfs/Disaster-Recovery-policy.pdf Basic DR policy in just over one side.
	Internet Acceptable Use Policy - http://www.ruskwig.com/docs/internet_policy.pdf One page Acceptable Use Policy example.
	Email Policy - http://www.its.niu.edu/its/Policies/email_pol.shtml Northern Illinois University email policy
	Modem Policy - http://www.sandstorm.net/products/phonesweep/modempolicy.php Sample policy from Sandstorm, designed as an addition to an existing Remote Access Policy, if one exists, or simply to stand alone.

	Network Security Policy Guide - http://www.watchguard.com/docs/whitepaper/securitypolicy_wp.pdf Watchguard's guide to creating an overarching network information security policy, supported by subsidiary policies.
	Information Security Policies - http://www.tess-llc.com/TESS-DOR-EXAMPLES.htm Templates for information security policies, guidelines, checklists and procedures by Walt Kobus.
	Privacy Policy - http://www.cbe.uidaho.edu/wegman/404/PRIVACY%20POLICY%20IVI%20Generic.htm Generic policy for websites offering goods and services, with an important warning to seek qualified legal advice in this area.
	Personnel Security Policy - http://www.datasecuritypolicies.com/wp-content/uploads/2007/04/generic-personnel-security-policy.pdf Example policy covering pre-employment screening, security policy training etc.
	Physical Security Policy - http://www.tess-llc.com/Physical%20Security%20PolicyV4.pdf Policy template by Walt Kobus defines requirements for physical access control to sensitive facilities and use of ID badges.

	Data Classification Policy - http://www.tess-llc.com/Data%20Classification%20PolicyV4.pdf Policy template by Walt Kobus describes the classification of information according to sensitivity (primarily confidentiality).
	Resource Utilization Policy - http://www.tess-llc.com/Resource Utilization PolicyV4.pdf Policy template by Walt Kobus defines requirements for resilience, redundancy and fault tolerance in information systems.
	Information Data Ownership Policy - http://www.tess-llc.com/Information%20Data-Ownership%20PolicyV4.pdf Policy template by Walt Kobus defines the roles and responsibilities of owners, custodians and users of information systems.
	User Data Protection Policy - http://www.tess-llc.com/User%20Data%20Protection%20PolicyV4.pdf Policy template by Walt Kobus defines requirements for access controls, least privilege, integrity etc. to secure personal data.
	Cryptography Policy - http://www.tess-llc.com/Cryptography%20PolicyV4.pdf Cryptographic policy template by Walt Kobus.

	Security Audit Policy - http://www.tess-llc.com/Security%20Audit%20PolicyV4.pdf Audit policy template by Walt Kobus.
	Security Management Policy - http://www.tess-llc.com/Security%20Mngt%20PolicyV4.pdf General information security policy template by Walt Kobus.
	Holistic Operational Security Readiness Evaluation - http://www.lazarusalliance.com/horsewiki/index.php/Documents Collaborative open project building a library of sample information security policies, supporting standards and other documents through a wiki.
	Information Security Policy - http://www.pdfku.com/download-pdf-828.html High level security policy/guideline from the Department of Health and Human Resources.
	Law Enforcement Data Security Standards - http://www.cleds.vic.gov.au/retrievemedia.asp?Media_ID=20338 IT security policy applicable to the Victoria Police in Australia. 93 pages based on ISO/IEC 27002 and related standards.

	University Information Security Policies - http://security.louisville.edu/PolStds A set of information security policies from the University of Louisville.
	Disaster Recovery Policy - http://www3.imperial.ac.uk/secretariat/policiesandpublications/disasterrecovery/policy/ Succinct DR policy from Imperial College, London.
	Government Security Policy - http://www.security.govt.nz/sigs/sigs.zip The New Zealand Government's information security policy, based on the 2000 version of ISO/IEC 17799. [ZIP file containing PDF and MS Word versions]
	Identification and Authentication Policy - http://www.tess-llc.com/Identification%20&%20Authentication%20PolicyV4.pdf I&A policy template by Walt Kobus defines requirements for access control.
	Certification and Accreditation Policy - http://www.tess-llc.com/Certification%20&%20Accreditation%20PolicyV4.pdf Policy template by Walt Kobus defines requirements and responsibilities for security assurance throughout the system development process.

	Privacy Policy - http://www.graduate.norwich.edu/privacy_policy.php Concise policy (just 3 paragraphs) published by the School of Graduate Studies at Norwich University.
	Communications Policy - http://www.tess-llc.com/Communications%20PolicyV4.pdf Datacommunications security policy template by Walt Kobus defines network security control requirements.
	Information Security Policies - http://www.gcio.nsw.gov.au/documents/Information%20Security%20Guideline%20V1.1.pdf 111-page security policy manual from the Australian New South Wales Department of Commerce, based on ISO/IEC 27001.
	Ethics Policy - http://www.spirent.com/about/technology.cfm?media=7&ws=324&ss=177 Ethical behavior underpins all procedural security controls. This ethics policy from Spirent is a useful model.
	Use of Electronic Mail - http://www.cusys.edu/~policies/General/email.html Policy from the University of Colorado on the use of, access to, and disclosure of electronic mail.

Help build the largest human-edited directory on the web. Submit a Site - Open Directory Project - Become an Editor

The content of the Google directory is based on the Open Directory and is enhanced using Google's own technology. The following Open Directory editors contributed to this category: garyhins

Modified by Google - ©2009 Google
Advertise with Us - Jobs, Press, Cool Stuff...