Corporate Security Policy Template
A strong policy can make a significant impact on security's ability to set, communicate, and enforce requirements for managing risk. The attached template, based on research conducted by the Security Executive Council, can help guide you as you write your next one.
Purpose / Statement of Intent
A clear statement of the rationale for the policy and what it intends to achieve. Be concise – a few sentences at most.
Executive Summary (optional)
If the policy has a long list of subsections or mandates, it may be useful to include this section up front. Shorter or less complex policies may not require an executive summary.
Background / Overview (optional)
Where appropriate, a brief explanation of the context that makes the policy necessary. This may include references to regulation or current events, or a description of how the policy supports the corporate mission or vision.
Scope / Application
To whom does this policy apply? Does it cover all employees at all locations, or does it apply only in certain geographies, business units, or at certain reporting levels? Be specific.
The details of the policy, broken into bulleted or numbered mandates. Categorize into subtopics where necessary.
Keep the language and the mandates broad and widely applicable. Remember that this is the policy (the what), not the procedures for implementing it (the how).
How and by whom is compliance monitored? Are any entities in the organization exempt from complying? What are the consequences of noncompliance?
Responsibilities / Getting Help
Who is the owner of this policy? What individual or business unit is responsible for reviewing the policy and monitoring compliance? To whom, specifically, should questions and concerns be addressed? Some policies include this statement under Overview or Compliance rather than in its own section, but it is a critical statement to include in some form.
If appropriate, use this space to link to relevant internal or external documents – standards and regulations, procedures for the implementation of this policy, other related corporate policies, etc.
Definitions and Terms
To Be Reviewed On:
Building effective corporate policies not only help your organization but they also provide security leaders with opportunities to build relationships with other business executives. The Security Executive Council helps advance your programs and career by applying our experience and knowledge to assist in strengthening your relationships with business function leaders. Contact Us to discuss how we can help.
Download a PDF of this page below: