~4-page information security policy template on compliance and conformity.
 
Given the potential impacts of non-compliance with information security-related legal, regulatory and contractual obligations, or non-conformity with discretionary requirements, this policy specifies a three-pronged approach:
Proactively monitor and assess applicable information security and privacy-related obligations;
Fulfil the obligations through compliance/conformity, reinforcement and enforcement actions as appropriate; and
Insist that third-parties comply with their obligations to protect information disclosed or provided to them, through further compliance actions.
 
Compliance enforcement and reinforcement are complementary approaches: as well as penalising non-compliance, we recommend encouraging and rewarding compliance.  Carrot and stick!
 
Supplied as an MS Word document, readily customised for your organisation's specific situation.