An information security policy should ideally comply with ISO/IEC 27002. This standard provides best practice recommendations for information security management. The security policy should be defined as part of an organisations ISO/IEC 27001 Information Security Management System (ISMS).
A security policy that complies with the standard ISO/IEC 27002 should contain the following contents.
The suggested contents for an Information Security Policy are can be found in the following document.
Security Policies © C.Stone 1996 - 2011