Information security policies

NB policy pyramidPolicies are the mechanism through which management formally defines and places various information security obligations on workers including themselves and sometimes third parties.  They are related to other obligations, requirements and expectations, ranging from laws and regulations to ethics.

While most organizations have something in place, few have truly effective information security policies.


Do these policy issues seem curiously familiar to you?

  1. Limited scope e.g. cybersecurity only
  2. Poor quality (badly written, hard to read)
  3. Internal and external inconsistencies
  4. Little awareness
  5. Limited accountability
  6. Insufficient compliance
  7. Inadequate/missing policy management process

Find out more in the security policy FAQ.



There has to be a better way! If that litany of policy issues rings true, we recommend an altogether more professional approach, based around the NoticeBored policy pyramid structure shown here.

Corporate information security policy

In just 5 pages, our Corporate Information Security Policy at the peak of the pyramid lays out 7 guiding principles (broadly-applicable information security design principles) plus 35 axioms (succinct policy statements derived from the controls in annex A of ISO/IEC 27001). The policy is a vehicle for senior management to give the corporation overall, high-level guidance on how its information risks are to be managed.

Topic-based information security policy templates

To cover the full breadth of information risk, security and related matters, we offer a suite of model policies covering nearly 70  topics:

NB policies


NIST SP800-35 calls most of these ‘issue-specific policies’. Since they were all written and maintained by the same professional author, they consistently adopt the same formal yet readable style.  A happy customer told us, “We really like how easily your policies read - simple and concise.”

Information security procedures, guidelines and other awareness materials

Aside from the policies, we offer procedures, guidelines, briefings, seminar presentations and a wealth of other supporting materials through the NoticeBored security awareness subscription service. Inform, engage and motivate employees to comply with your policies.


The entire policy suite costs just US$517.50*, a 50% package discount. If you don’t need them all, individual policies are a bargain at just US$15* each.

Alternatively, estimate how long it would take you to research and prepare just one policy then multiply that by your hourly rate and again by the number of policies you need (assuming you already have a structure in mind).  If DIY is more economic, go ahead: set aside the time you need and get on with it! Good luck tackling those policy issues.

When you subscribe to the NoticeBored security awareness service, the policy set is provided free of charge as a welcome gift, along with the Information Security 101 orientation module.  Through NoticeBored, individual policies are updated most months according to the awareness topic, encouraging subscribers to maintain their policies and related materials systematically throughout the year.

Shop for policies onlineHow to purchase

Visit our eShop to purchase and download the policies instantly

* Note: New Zealand-based customers will be charged GST in addition to the price shown. Export sales are sales-tax-free.
Contact us for a quote or invoice if you would prefer to pay in another currency.

Home > Policies >

Copyright © 2019 IsecT Ltd.