Policy Templates

Practical, NIST-mapped policy templates ready to adapt for your organisation.

These are not 50-page compliance documents. They are working policies designed to be read in 15 minutes, adapted in an afternoon, and reviewed by legal before publication. Every section references specific NIST 800-53 Rev 5 controls.

Available in Markdown format, free for registered users. Convert to Word or PDF with Pandoc or your preferred tool. Released under CC BY 4.0.

Information Security Policy

The overarching security policy for your organisation

20 sections 71+ NIST controls

Governance, classification, access control, authentication, network security, cryptography, data protection, cloud, third-party risk, physical security, BC/DR, incident management, awareness, logging, AI usage, compliance, and exceptions.

View template →

Acceptable Use Policy

User-facing policy for staff and third parties

10 sections 34+ NIST controls

Email, internet, devices, BYOD, passwords, cloud services, AI tools, social media, remote working, software development, prohibited activities, and reporting.

View template →

Design Principles

Concise

15 minutes to read

NIST-mapped

800-53 Rev 5 inline

Modern

AI, cloud, BYOD, remote

Sector-neutral

Adapt to any industry

Practical

Real defaults, not vague