A ~3-page overarching corporate information security policy template based on ISO/IEC 27001.
This is the peak of the classical policy pyramid, a high-level policy setting the scene for all the remaining/supporting information security policies and related materials.
According to ISO/IEC 27001, top management must establish an information security policy.
The SecAware template lays out a succinct set of 7 information risk and security principles or objectives. It formalises the overall architecture for an Information Security Management System supporting and enabling achievement of the objectives.
Rather than attempt to explain everything in one massive document, the brief corporate policy is typically supplemented by a comprehensive suite of topic-specific policies covering the details.
Supplied as an editable MS Word document, readily customised for your organisation's specific situation. Incorporate terms and concepts familiar to workers. Talk it through with senior management. Make it 'yours', so it resonates with your people and motivates them to play their parts.
Corporate information security policy
Information security policy template
See also the full range of supporting 'topic specific' policies in the SecAware policy suite that expand on specific risk and control aspects.