~2 page information security policy template about professional services.
 
‘Professional services’ are information-rich services, consultancy and advice provided by professional specialists in strategy, law, finance and accounting, engineering, HR, IT etc.  Service providers and clients may work for different organisations, or for different parts of the same one. 
 
Given the importance, value and sensitivity of the information, professional services engagements often involve significant information risks. Since they are quite diverse, this generic policy template stops short of requiring specific controls. Instead, management must identify, evaluate and treat the information risks throughout the engagements.  The template offers examples of typical information risks and security controls.
 
The policy is valuable for professional services providers and their clients.
 
Supplied as an MS Word document, readily customised for your organisation's specific situation.