IT Security Policy (GDPR-Compliant)
This GDPR-Compliant IT Security Policy has been designed for use by a range of
organisations and can serve not only as a policy for IT security matters
but may also serve as a useful guide to the important IT security points
that a business should consider.
This document has been designed to assist in compliance with the GDPR.
Optional references have been included to a Data Protection Officer. If
your business does not have a DPO, these references may be altered to refer
to the appropriate individual or be removed; but it is important to ensure
that questions, concerns, and breaches relating to personal data are
Addressing key IT security issues such as the use of anti-virus and
internet security software, the updating / patching of operating systems
and application software, physical security measures for hardware, access
privileges, passwords and security procedures, this policy can be an
invaluable tool for any business in operating and protecting its IT
Additional provisions in this template cross-refer to other policy
documents available from Simply-Docs including the Data Protection Policy,
and the Communications, Email and Internet Policy. The inclusion of these
references is not essential, however use of all three documents together is
recommended to ensure the safe and efficient use of IT systems and data
handling within a business.
Optional phrases / clauses are enclosed in square brackets. These should be
read carefully and selected so as to be compatible with one another. Unused
options should be removed from the document.
This document is also available in the IT & Software Group.
This IT Security Policy includes the following sections:
2. Key Principles
3. IT Department Responsibilities
4. Users’ Responsibilities
5. Software Security Measures
6. Anti-Virus Security Measures
7. Hardware Security Measures
8. Access Security
9. Data Storage Security
10. Data Protection
11. Internet and Email Use
12. Reporting IT Security Breaches
13. Policy Review
14. Implementation of Policy
This document is in open format. Either enter the requisite details in the
highlighted fields or adjust the wording to suit your purposes.
Once you have purchased access to the appropriate document folder click on
the “Download Document” button below. You will be asked what you want to do
with the file. It is recommended that you save the document to a location
of your choice prior to viewing.