Security policies are the documented standards that serve as the foundation for any organization’s information security program. These documents reflect the intent of senior executives and communicate the organization’s specific goals for protecting the organization’s information. While policies on a web portal will not directly stop a cyber attack, the guidance documented in these guides gives direction to an organization implementing an architecture for defense.

One of the resources that provides are information security policy templates that organization’s can use as the foundation of their own information security programs. We have created proven security policy templates mapped to standards such as the CIS Critical Security Controls, NIST Cybersecurity Framework, PCI DSS, HIPAA, ISO 27002, the NIST 800 series, and many others. Certainly every organization will want to customize these policies to be specific to their organization. However these industry-proven templates will help organizations to ensure they have a solid baseline for their security efforts.

Available Information Security Policies

Introduction to Our Policy Documents
Access Control and Authorization Policy
Account and Identity Management Policy
End Point Protection Policy
Auditing and Assessment Policy
Authentication Policy
Business Applications Security Policy
Business Continuity and Disaster Recovery Policy
Charter Document for Information Assurance
Certification Policy
Configuration Management and Change Management Policy
Cloud and Third-Party Service Providers Policy
Control Exception Policy
Data Retention, Backup Archive Policy
Data Protection and Classification Policy
Database Security Policy
Email Security and Acceptable Use Policy
Encryption Policy
Ethics Policy
Governance Policy
Green Policy
Incident Management Policy
Internet Security and Acceptable Use Policy
Logging and Monitoring Policy
Mobile Device and Acceptable Use Policy
Network Policy
Penetration Testing Policy
Personnel Policy
Physical Security Policy
Personally Owned Devices (BYOD) Policy
Privacy Policy
Remote Access and Teleworking Policy
Removable Media Policy
Risk Management Policy
Server Policy
Social Media Policy
Software Development Policy
Software Update Policy
System Decommissioning and Data Destruction Policy
Training, Education, and Awareness Policy
Vulnerability Management Policy
Wireless Security Policy
Workstation Policy

Sample Policies

As a part of an AuditScripts subscription, members enjoy the benefit of having access to a number of documents which are meant to assist organizations in their audit efforts. We hope these documents help organizations so they do not need to create their own on their own. Reviewed by leading industry experts, these documents represent the collective experience of organizations facing similar challenges as you.

To get a better idea for the style and content of each of these documents, we have provided samples of the premium content below for your review. We hope this helps you to better understand the AuditScripts philosophy and the types of documents that are managed via this site.

 Sample Policy – Server Security Policy
 Sample Policy – Encryption Policy

The following are complete archives of all the security policies published on this site. To make it easier for users to download the entire archive of policies, please use the following links. As new versions of the policies are uploaded to the website we will continue to update these archives to allow users to download the most recent policies as a group or previous versions of the files via the website.

Comprehensive Policy Statements 2020 Q2 Excel File
Complete AuditScripts Policies v2021 Q1
Complete AuditScripts Policies v2020 Q1
Complete AuditScripts Policies v2.4
Complete AuditScripts Policies v2.3
Complete AuditScripts Policies v2.2
Complete AuditScripts Policies v2.1
Complete AuditScripts Policies v2.0