Security policy samples, templates and tools

New threats and vulnerabilities are always emerging. Are your security policies keeping pace?

“If you can’t translate your requirements into effective policy, then you’ve little hope of your requirements being met in an enforceable way," says Rob McMillan, research director at Gartner. "But if you get it right, it will make a big difference in your organization’s ability to reduce risk.”

Not only that, getting your security policies right will also make a big difference in your organizations ability to do business. According to Gartner, "by 2018, 50 percent of organizations in supply chain relationships will use the effectiveness of their counterpart’s security policy to assess the risks in continuing the relationship, up from 5 percent [in 2015]."

The good news: You don't need to reinvent the wheel.

Also on CSO: How to write an information security policy: The critical first step, what to cover, and how make your information security policy - and program - effective

The sample security policies, templates and tools provided here were contributed by the security community. Feel free to use or adapt them for your own organization (but not for re-publication or for-profit use).

Want to provide a policy or checklist? Contributions are welcome, as is expert commentary on any of the materials offered here. We will update this page as new resources become available, so check back often. And if there's something you need that you can't find here, let us know. Send your thoughts to Amy Bennett (

Sample policies, templates, and tools

Computer & Internet
Computer and e-mail acceptable use policy
A one-page computer and email usage policy of a manufacturing company with fewer than 50 employees. Covers unauthorized access, software licenses, harrassment and pornography issues; establishes right to monitor. Read more
Internet acceptable use policy
The Internet usage policy of a mid-sized manufacturing company with fewer than 50 employees. Read more
Password protection policy
The password policy of a financial services company with more than 5,000 employees. Read more
Social media and blogging policies
Links to examples of the social media, internet posting and blogging policies of several large companies. Read more
Physical security
Clean desk policy
The clean desk policy of a company with approximately 2,000 employees that offers human resource and administrative services to companies looking to outsources those functions. Read more
Cell phone use while driving policy
This sample cell phone usage policy pertains to employees who are on the road. The company, a large association that supports independent fuel distributors, has many employees who travel frequently for business. Read more
Workplace violence prevention policy
This detailed violence prevention policy of a mid-sized company covers harassment, stalking, and domestic violence concerns. Read more
Concealed weapon policy
This concealed weapons policy of a large hospital with 10,000+ employees is written to apply to not only employees, but also those visiting the hospital. Read more
Personnel access/changes policy
This policy clarifies the use and access of an employee personnel file at a large private university with approximately 10,000 students and 4,000 employees. Read more.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

More about ClickCSOGartner

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by CSO staff

Latest Videos

More videos

Blog Posts