In collaboration with information security subject-matter experts and leaders who volunteered their security policy know-how and time, SANS has developed and posted here a set of security policy templates for your use.
The policy templates SANS has developed are designed to provide organizations with a starting point or framework for the creation of an information security policy based on industry best practices. The templates are broken down into sections, each of which covers a different aspect of security and is tailored to specific areas. This ensures that organizations have comprehensive policy documents covering all aspects of their security program, allowing them to identify potential risks and mitigate them appropriately.
The policy templates include guidance on classification and user access controls, incident response and reporting procedures, physical security measures, mobile device management guidelines, threat management protocols, system hardening procedures and more. Each template is written in plain language and contains step-by-step instructions for implementation as well as detailed references to key industry standards. Additionally, these policies may be customized to fit the unique needs of an organization.