Computers Security Policy Sample Policies
These are examples of computer security policies. Some are policies which have been created and implemented by specific organizations, others are simply samples to provide guidance to those writing their own policies. You may like to use these as templates or donor documents for your own, subject to any copyright restrictions on the originals.

Related categories 1

Acceptable Use of Computing and Electronic Resources Policy
From the University of North Carolina. Specifies responsibilities and prohibited activities in relation to IT use.
Acceptable Use Policy
Template policy clarifying the acceptable use of IT devices and networks. [MS Word]
Acceptable Use Policy Template
A basic acceptable use policy, from the State of California Office of Information Security. [MS Word]
Accidental Disclosure of Confidential Information Policy
An example policy from a dentistry company concerning the inadvertent disclosure of personal information. [PDF]
Antivirus Policy
From the State of Vermont Agency of Administration. Mandates the use of antivirus software on applicable systems. [PDF]
Awareness and Training Policy
From Georgia Perimeter College. Mandates an ongoing and creative general security awareness program supplemented with more specific training where needed.
Backup Policy
Sample policy requires a cycle of daily and weekly backups (although monthly backups are also advisable!).
Blogging Policy
From the State of Vermont Agency of Administration. Policy re blogging and microblogging (e.g. on Twitter).
Campus Security Policy
An overarching security policy from Berkeley University includes links to more specific and detailed policies.
Campus Security Policy
A high level information security policy from Washington University.
Copyright Compliance Policy
From the University of North Carolina. Covers compliance with copyright law when using information belonging to others.
Copyright Ownership and Use Policy
From the University of North Carolina. Policy on protecting the organization's own intellectual property through copyright.
Data Classification Policy
From the University of North Carolina. Deliberately simple: defines just two classification levels. Includes responsibilities.
Development or Revision and Posting of Policies, Procedures and Forms Policy
Formalities around the development or update and publication of policies, procedures and forms. From Yale University.
Digital Media and Hardware Disposal Policy
From the State of Vermont Agency of Administration. Policy on disposing of IT systems and media securely, without carelessly discarding confidential data. [PDF]
Disaster Recovery Policy
Basic DR policy in just over one side. [PDF]
eCommerce Privacy Policy
Policy concerning privacy of visitors to websites, covering logs, cookies and information volunteered.
Electronic Communications Policy
Formal policy from the University of California covering email and other electronic communications mechanisms [PDF]
Electronic Communications Policy
Policy from the University of Colorado on the use of email and other means of electronic communication for official purposes.
Electronic Records Retention Policy
From the University of North Carolina. Covers the retention of various data files, including those subject to litigation.
Electronic Signatures and Records Policy
Concerns what systems can be used for electronic signatures, and under what conditions. From Yale University.
Email Forwarding Policy
Email must not be forwarded automatically to an external destination without prior approval from the appropriate manager. [PDF]
Email Policy
Policy from Northern Illinois University's IT Services group. Outlines some unacceptable uses.
FIPS 140-2 Security Policy
Security policy for the OpenSSL FIPS software object module, required for validation against FIPS (Federal Information Processing Standard) 140-2. [PDF]
Governance Policies Handbook
Corporate governance policies for Connexis, a power company [PDF]
HIPAA Compliance Policy
From the University of North Carolina. Policy on compliance with the Health Insurance Portability and Accountability Act.
Identity Theft Prevention Program Policy
From the University of North Carolina. Lays out controls for detecting and reacting to 'red flag' situations linked to identity theft.
Incident Management Policy
From Herriot-Watt University. Clarifies the respective roles of students, faculty and administrators in reporting and dealing with information security incidents. [PDF]
Incident Response Policy
From the State of Vermont Agency of Administration. Policy defining the essential elements of the process for responding to security incidents. [PDF]
Information Security Policies
Policies from CSPO Tools Inc., some of which are available without charge as PDF files or for an annual subscription as MS Word files, along with additional content.
Information Security Policies
SANS consensus research project offering around 30 editable information security policies.
Information Security Policies
An extensive set of ISO27k-based policies for universities from UCISA (University Colleges and Information Systems Association) [PDF]
Information Security Policy
High-level information security policy statement for the Childhood Cancer Research Group at Oxford University.
Information Security Policy
From the New School university in New York. Includes a set of 21 high level principles, cross-referenced to ISO/IEC 27002:2005. [PDF]
Information Security Policy
From the University of North Carolina. Very succinct - just 5 policy goals.
Information Technology Appropriate Use Policy
Lays down the rules concerning acceptable ways of using the institution's IT facilities. From Yale University.
Internet Acceptable Use Policy
One page Acceptable Use Policy example. [PDF]
Intrusion Detection and Prevention Policy
From the State of Vermont Agency of Administration. Policy on specifying, installing and using IDS/IPS. [PDF]
IP Network Security Policy
Example security policy to demonstrate policy writing techniques introduced in three earlier articles.
ISO/IEC 27001 Policies
Typical headings for a security policy aligned broadly with the ISO/IEC 27002 standard for information security management systems.
ISO27k Toolkit
Collection of information security policies, procedures etc. aligned with the ISO/IEC 27000-series standards and provided under the Creative Commons license.
Laptop Security Policy
From the National Health Service. [MS Word]
Media disposal policy
Succinct policy from Oregon State University requires that a competent person signs a release form before disposing of storage media from which the data have been securely erased (e.g. by 7x overwrite) [PDF]
Network Security Policy Guide
Watchguard's guide to creating an overarching network information security policy, supported by subsidiary policies. [PDF]
Personal Information Security Breach Notification Policy
From the University of North Carolina. Policy about mandatory notification of breaches involving the disclosure of personal information.
Personnel Security Policy
Example policy covering pre-employment screening, security policy training etc. [PDF]
Physical Security for Computer Protection Policy
From the State of Vermont Agency of Administration. Covers physical access controls and the secure provision of power etc. to a computer room. [PDF]
Privacy Policy
Concise policy (just 3 paragraphs) published by the School of Graduate Studies at Norwich University.
Providing and Using Information Technology Policy
Concerns ownership and rights over corporate IT equipment, in the University of Colorado. This policy includes an explanatory FAQ section.
Records Preservation Policy
Concerns the need to retain formal records associated with ongoing legal actions. From Yale University.
Retention Policy
Covers retention of documents/information for business and compliance purposes. From Yale University
Server Security Policy
Defines standards for minimal security configuration for servers inside the organization's production network, or used in a production capacity.
Social Security Numbers Confidentiality Policy
Controls to maintain the secrecy of SSNs. From Yale University.
Social Security Numbers Policy
From the University of North Carolina. Specifies security controls to protect SSNs.
Standard Practice Guide
Policy covering appropriate use of information resources and IT at the University of Michigan.
Telecommuting/Teleworking Policy
Sample policy on teleworking covering employment as well as information security issues.
Teleworking Policy
From the University of North Carolina. Covers health and safety and employment issues as well as IT security aspects of home working.
Third Party Connectivity Policy
From the State of Vermont Agency of Administration. Connections require business cases, audits etc. [PDF]
University Information Security Policies
Electronic resource usage and security policies from the University of Pennsylvania.
University Information Security Policies
A set of information security policies from the University of Louisville.
Whistleblower policy
By Euronext N.V. Requires employees to report serious noncompliance incidents, offering whistleblowers protection against disadvantage. [PDF]
Wireless Communication Policy
Concerns the use of wireless networking devices. [PDF]
Wireless Communications Policy
From the University of North Carolina. Prohibits wireless devices that may interfere with authorized wireless systems.
[WWW Mozilla]
Category editor:
Last update:
March 23, 2016 at 12:45:45 UTC
All Languages