Information Security Management System (ISMS) policy template / Privacy Management System (PIMS) policy template

Estimated reading: 2 minutes 681 views

What is the Information Security Management System (ISMS) / Privacy Management System (PIMS) policy template?

The Information Security Management System (ISMS) and Privacy Management System (PIMS) policy is a high-level document that outlines an organization’s commitment to information security and privacy and sets the framework for its information security management system and privacy management system.

The ISMS or PIMS policy template provides a starting point to document an organization’s process for the development, implementation, maintenance, and continual improvement of its information security management system.

NOTE: This policy can be used for an ISMS, PIMS, or both.

How do I use it?

Read the document in its entirety and customize each section according to your unique environment. This exercise is expected to take time and effort; please do not simply change the organization name, as it will be clearly noticed during the audit and may result in non-conformities.

Value to the organization:

Use this template to document your ISMS or PIMS program and satisfy ISMS or PIMS control during the audit.

What control does it satisfy?

Completing this template helps satisfy the following controls:

BIZOPS-30 Information Security Management System An organization designs, implements, and maintains an ISMS consisting of a coherent set of policies, procedures, and processes to manage risk to its information assets.

Please download the template from here:

Join the conversation