Security policy samples, templates and tools

“If you can’t translate your requirements into effective policy, then you’ve little hope of your requirements being met in an enforceable way," says Rob McMillan, research director at Gartner. "But if you get it right, it will make a big difference in your organization’s ability to reduce risk.”

Not only that, getting your security policies right will also make a big difference in your organizations ability to do business. According to Gartner, "by 2018, 50 percent of organizations in supply chain relationships will use the effectiveness of their counterpart’s security policy to assess the risks in continuing the relationship, up from 5 percent [in 2015]."

The good news: You don't need to reinvent the wheel.

The sample security policies, templates and tools provided here were contributed by the security community. Feel free to use or adapt them for your own organization (but not for re-publication or for-profit use).

Want to provide a policy or checklist Contributions are welcome, as is expert commentary on any of the materials offered here. We will update this page as new resources become available, so check back often. And if there's something you need that you can't find here, let us know. Send your thoughts to Amy Bennett (


CSO staff

Zur Startseite