Welcome to Simply-Docs

IT Security Policy


This IT Security Policy has been designed for use by a range of organisations and can serve not only as a policy for IT security matters but may also serve as a useful guide to the important IT security points that a business should consider.

This document has been designed to assist in compliance with the UK's data protection legislation (including the UK GDPR and the Data Protection Act 2018).

This IT policy template has been updated with new provisions which cross-refer to a new Access Control Policy and a new Anti-Malware Policy. In each case, the sections of this policy document offer two options – the first option is the cross reference to the more detailed separate policy; the second is a simplified set of provisions within this policy if the separate policies are not required to meet your business needs.

Optional references have been included to a Data Protection Officer. If your business does not have a DPO, these references may be altered to refer to the appropriate individual or be removed; but it is important to ensure that questions, concerns, and breaches relating to personal data are properly addressed.

Addressing key IT security issues such as the use of anti-malware and internet security software, the updating / patching of operating systems and application software, physical security measures for hardware, access privileges, passwords and security procedures, this policy can be an invaluable tool for any business in operating and protecting its IT infrastructure.

Additional provisions in this template cross-refer to other policy documents available from Simply-Docs including the Data Protection Policy, and the Communications, Email, Internet and Social Media Policy. The inclusion of these references is not essential, however use of all three documents together is recommended to ensure the safe and efficient use of IT systems and data handling within a business.

Optional phrases / clauses are enclosed in square brackets. These should be read carefully and selected so as to be compatible with one another. Unused options should be removed from the document.

This IT Security Policy includes the following sections:

1. Introduction
2. Key Principles
3. IT Department Responsibilities
4. Users’ Responsibilities
5. Software Security Measures
6. Anti-Malware Security Measures
7. Hardware Security Measures
8. Access Security
9. Data Storage Security
10. Data Protection
11. Internet and Email Use
12. Reporting IT Security Breaches
13. Policy Review
14. Implementation of Policy

This IT Security Policy is unlocked and in .doc format. Either enter the requisite details in the highlighted fields or adjust the wording to suit your purposes.

Once you have purchased access to the appropriate document folder click on the “Download Document” link below. You will be asked what you want to do with the file. It is recommended that you save the document to a location of your choice prior to viewing.

IT Security Policy is part of Business Documents. Just £35.00 + VAT provides unlimited downloads from Business Documents for 1 year.

This document can also be downloaded from:

Simply-4-Business Ltd Registered in England and Wales No. 4868909 Unit 100, Parkway House, Sheen Lane, London SW14 8LS