Written IT Policies

I'm putting together a general security policy along with an acceptable use policy. I was curious what, if any, other policies I should look at implementing.

TIA.

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

cacharo

Privacy?, Escalation (if applicable), Business Conduct (may not be your responsibility)

tiersten

Data protection

Privacy

Data retention

SLAs

Change control

User privileges/access

snadam

While they pretty much named the basics, have you seen this place?

http://www.sans.org/resources/policies/

I used this for my policy templates. The SANS institute is a Great place for IT policy resources, or at least I think it is.

dynamik

snadam wrote:

While they pretty much named the basics, have you seen this place?

http://www.sans.org/resources/policies/

I used this for my policy templates. The SANS institute is a Great place for IT policy resources, or at least I think it is.

For sure. Somehow I missed the huge list of all the other ones. I only had their security policy.

Thanks for the suggestions everyone. For a follow-up question, I'd like to ask which ones of those do you actually use? Or did you lump a lot of those together in a broad security policy?

snadam

dynamik wrote:

snadam wrote:

While they pretty much named the basics, have you seen this place?

http://www.sans.org/resources/policies/

I used this for my policy templates. The SANS institute is a Great place for IT policy resources, or at least I think it is.

For sure. Somehow I missed the huge list of all the other ones. I only had their security policy.

Thanks for the suggestions everyone. For a follow-up question, I'd like to ask which ones of those do you actually use? Or did you lump a lot of those together in a broad security policy?

the latter, smaller company needed something, but nothing extremely specific.