Sample information security policy uk

Other Names: InfoSec Policy Cyber Security Policy Information Security Management System Policy Information Security Procedures Information Security and Management Policy ISP

What we'll cover

• About Information Security Policies
• Information Security Policy FAQs
• Information Security Policy checklist

What is an Information Security Policy?

An Information Security Policy details a business’ rules and procedures regarding information security (eg how any security measures are implemented and how compliance is monitored).

Information Security Policies act to protect sensitive business information and data from any unauthorised access. They are also used to ensure staff members know about the importance of information security and the steps they must take to ensure that any information held by a business is kept secure.

When should I use an Information Security Policy?

Use this Information Security Policy:

• to ensure any information held by your business is secure
• to comply with your obligations under the UK General Data Protection Regulation (GDPR) and Data Protection Act 2018 (DPA)
• to inform staff about information security
• to set out the consequences of failing to keep information secure
• only for staff based in England, Wales or Scotland

Sample Information Security Policy

The terms in your document will update based on the information you provide

Documents and communicates