Cyber Safety provides industry best-practice template that can be customized based on your business needs. Every template has customizable fields that are highlighted and can be edited.
What security policy templates does Cyber Safety offer?
Cyber Safety has a set of common security policy templates to help you get started.
Acceptable Use Policy (AUP)
The AUP provides mandatory guidance for all employees on the appropriate use of IT resources like laptops and collaboration tools. It includes prohibited actions and is designed to help employees use resources securely.
Backup & Retention Policy
Backup & Retention is concerned with identifying data that is critical for your company's operations, and ensuring it is backed up, retained, and disposed of as needed.
Data Security Policy
Data Security comprises the classification and handling of data. This includes proper, legitimate use of the data and controls such as encryption to keep it secure.
Incident Response Policy
What happens when something goes wrong? If your business has a data breach or other security incident, this policy provides guidance to prepare, respond, and recover.
Network Security Policy
Data moves over the network and the Network Security Policy details how it is to be protected, including proper identification of users, activity logging, and other security mechanisms.
If you collect data from customers (specifically Personally Identifiable Information), this policy provides a template for communicating how your business secures that data and protects the privacy of customers.
Overarching Security Program
This document provides high-level details about your organization's information security program, including individuals with named responsibility like the CEO, as well as the process for continuous improvement of the program.
Risk Assessment & Management Policy
Risk Assessment & Management requires three activities: establishing a level of risk your business is willing to tolerate, identifying risks which could impact the business, and dealing with those risks.
SDLC and QA Policy
A System Development Lifecycle (SDLC) guides the process used by your business to build, buy, and integrate systems, while Quality Assurance ensures the systems are built to specifications. Both processes require security oversight and integration, which is described in this policy.
Third Party Security Policy
If third parties provide services to your business it is essential to identify and manage the risks present when sharing data outside the company.
What If I need something else?
If none of these policy templates apply, you can add your own custom security policy. See Creating Custom Security Policies article to learn more.