• United States



by CSO staff

Security policy samples, templates and tools

Jan 25, 20163 mins
IT LeadershipPhysical SecuritySecurity

New threats and vulnerabilities are always emerging. Are your security policies keeping pace?

templates drafting tools
Credit: Thinkstock

“If you can’t translate your requirements into effective policy, then you’ve little hope of your requirements being met in an enforceable way,” says Rob McMillan, research director at Gartner. “But if you get it right, it will make a big difference in your organization’s ability to reduce risk.”

Not only that, getting your security policies right will also make a big difference in your organizations ability to do business. According to Gartner, “by 2018, 50 percent of organizations in supply chain relationships will use the effectiveness of their counterpart’s security policy to assess the risks in continuing the relationship, up from 5 percent [in 2015].”

The good news: You don’t need to reinvent the wheel.

The sample security policies, templates and tools provided here were contributed by the security community. Feel free to use or adapt them for your own organization (but not for re-publication or for-profit use).

Want to provide a policy or checklist? Contributions are welcome, as is expert commentary on any of the materials offered here. We will update this page as new resources become available, so check back often.

Sample policies, templates, and tools

Computer and internet

Physical security

  • Clean desk policy. The clean desk policy of a company with approximately 2,000 employees that offers human resource and administrative services to companies looking to outsources those functions. Read more.
  • Cell phone use while driving policy This sample cell phone usage policy pertains to employees who are on the road. The company, a large association that supports independent fuel distributors, has many employees who travel frequently for business. Read more.
  • Workplace violence prevention policy. This detailed violence prevention policy of a mid-sized company covers harassment, stalking, and domestic violence concerns. Read more.
  • Concealed weapon policy. This concealed weapons policy of a large hospital with 10,000+ employees is written to apply to not only employees, but also those visiting the hospital. Read more.


Planning and procedure

  • Bomb threat procedures. These are the detailed bomb threat procedures for a U.S.-based non-profit organization that promotes environmental activism and causes. It includes a list of questions to ask the caller. Read more.
  • A 10-question guide for pandemic planning. Business risk consultancy Control Risks identifies ten questions organizations can use to determine their level of preparedness in the event of a pandemic emergency. Read more.