top of page


Information Secuity Policy Guide
An Information Security Policy is the cornerstone of your Information Security Program, the foundation of effective cyber security practice and the most critical element of reducing organizational risk and liability.   
Writing an Information Security Policy that meets your specific needs and will protect you, your employees and your business can be overwhelming and time consuming exercise.    
Birch Cline understands each component of an effective Information Security Policy. We will utilize our extensive experience to craft policy according to your business needs that you can rely upon to guide technology decisions and minimize your technology risk and liability.
Don't trust a template or "off the shelf" policy to be the cornerstone of your organization's information security program.  

Let Birch Cline help you create policy and practice you can trust.    

services > practice > information security policy services

Define Information Security Policy


Your Information Security Policy should define a framework of guidelines under which your organization should operate. It should define the expected behavior and procedures your users, vendors, management teams, and technology administrators should follow.

Birch Cline will understand your specific business requirements and define policy based on protecting your specific organizational needs.   

Information Security Policy to Protect


Your Information Security Policy will protect you, your employees, your customers, your sensitive and ultimately your business. If you are required to maintain compliance like HIPAA, PCI-DSS or CJIS your security policy will play a pivotal role not only in becoming compliant but potential the level of liability your organization holds.

Protect your people, your data and your business with a policy you can trust.


InformationSecurity Policy Enforcement


Your policy will ultimately define the methods in which the people, processes and technology prevent, detect and recover damage to the confidentiality, integrity and availability of your critical data and systems. And unless you have a policy appropriate for your business needs and requirements, the enforcement of those processes, rules and regulations will a challenge from both a resource and legal perspective. 

Examples of security policy and guidelines you should consider:

  • Governance and Risk Management

    • ISO 27002:2013 Section 6 Organization of Information Security

    • ISO 27005:2005 Risk Management

    • NIST SP 800-30 Risk Management Guide for Information Technology Systems

    • NIST SP 800-39 Managing Information Security Risk: Organization, Mission, and Information System View

  • Asset Management Policy

    • NIST SP 800-60 Guide for Mapping Types of Information and Information Systems to Security Categories

    • NIST SP 800-88 Guidelines for Media Sanitization

  • Human Resources Policy

    • NIST SP 800-16 Information Technology Security Training Requirements: A Role- and Performance-Based Model

    • NIST SP 800-50 Building an Information Technology Security Awareness and Training Program

  • Physical and Environmental Security Policy

    • NIST SP 800-14 Generally Accepted Principles and Practices for Securing Information Technology Systems

    • NIST SP 800-88 Guidelines for Media Sanitization

  • Communications and Operations Security Policy

    • NIST SP 800-40 Creating a Patch and Vulnerability Management Program

    • NIST SP 800-83 Guide to Malware Incident Prevention and Handling for Desktops and Laptops

    • NIST SP 800-45 Guidelines on Electronic Mail Security

    • NIST SP 800-92 Guide to Computer Security Log Management

    • NIST SP 800-42 Guideline on Network Security Testing

  • Access Control Policy

    • NIST SP 800-40 Creating a Patch and Vulnerability Management Program

    • NIST SP 800-83 Guide to Malware Incident Prevention and Handling for Desktops and Laptops

    • NIST SP 800-94 Guide to Intrusion Detection and Prevention Systems

    • NIST SP 800-41 R1 Guidelines on Firewalls and Firewall Policy

    • NIST SP 800-46 R1 Guide to Enterprise Telework and Remote Access Security

    • NIST SP 800-77 Guide to IPsec VPNs

    • NIST SP 800-114 User’s Guide to Securing External Devices for Telework and Remote Access

    • NIST SP 800-113 Guide to SSL VPNs

    • NIST SP 880-114 User’s Guide to Securing External Devices for Telework and Remote Access

    • NIST SP 800-153 Guidelines for Securing Wireless Local Area Networks (WLANs)

  • Information Systems Acquisition, Development and Maintenance

    • NIST SP 880-57 Recommendations for Key Management

    • NIST SP 800-64 Security Considerations in the System Development Lifecycle

    • NIST SP 800-111 Guide to Storage Encryption Technologies for End Users

  • Incident Management Policy

    • NIST SP 880-61 Computer Security Incident Handling Guide

    • NIST SP 800-66 Guide to Integrating Forensic Techniques into Incident Response

  • Business Continuity Policy

    • NIST SP 880-34 Contingency Planning Guide for Information Technology Systems

    • NIST SP 800-84 Guide to Test, Training and Exercise Programs for Information Technology Plans and Capabilities

Additional security policies to consider for your organization:

  • Acceptable Encryption Policy

  • Acceptable Use Policy

  • Acquisition Assessment Policy

  • CJIS Workstation Security Policy

  • Clean Desk Policy

  • Media Communications Policy

  • Data Breach Policy

  • Database Credentials Policy

  • Digital Signature Acceptance Policy

  • Disaster Recover Plan Policy

  • Email Policy

  • Ethics Policy

  • HIPAA Workstation Security Policy

  • Information Logging Standard

  • Password Construction Policy

  • Password Policy

  • Remote Access Policy

  • Router And Switch Security Policy

  • Server Security Policy

  • Social Media Policy

  • Software Installation Policy

  • Technology Equipment Disposal Policy

  • Testing Environment and Lab Security Policy

  • Web Application Security Policy

  • Wireless Communication Policy

  • Workstation Security Policy



Contact Birch Cline for more information about Information Security Policy Writing and Design Services

1-833-Birch Cline or

bottom of page