Sample policy intended to 'establish a culture of openness, trust and integrity'.

Ethical behavior underpins all procedural security controls. This ethics policy from Spirent is a useful model.

Defines the requirement that third party organizations requiring access to the organization's networks must sign a third-party connection agreement. [MS Word]

Security policy for the OpenSSL FIPS software object module, required for validation against FIPS (Federal Information Processing Standard) 140-2.

The New Zealand Government's information security policy, based on the 2000 version of ISO/IEC 17799. [ZIP file containing PDF and MS Word versions]

Collaborative open project building a library of sample information security policies, supporting standards and other documents through a wiki.

Sample privacy policy including Privacy Act systems of records notices, Privacy Act statements and a privacy impact assessment, designed to satisfy the requirements of HSPD-12 “Policy for a Common Identification Standard for Federal Employees and Cont...

Yale University's policy regarding assessing IT security incidents, forming response teams and responding.

NIST's collection of well over 100 security policies and related awareness materials, mostly from US Government bodies.

The Information Security Toolkit from UCISA (University Colleges and Information Systems Association) contains a suite of security policy and guidance documents reflecting and cross-referenced against BS7799, intended for use in universities. [PDF doc...