This IT Security Policy has been designed for use by a range of businesses
and can serve not only as a policy for IT security matters but may also
serve as a useful guide to the important IT security points that a business
This document has been designed to assist in compliance with the UK's data protection legislation (including the UK GDPR and the Data Protection Act 2018). It has been updated for compatibility with the UK GDPR and is ready for use from the start of 2021.
Optional references to a Data Protection Officer are included in this document. If your
business does not have a DPO, these references may be altered to refer to
the appropriate individual or be removed; but it is important to ensure
that questions, concerns, and breaches relating to personal data are
Addressing key aspects of IT security such as the use of anti-virus and
internet security software, the updating / patching of operating systems
and application software, physical security measures for hardware, access
privileges, passwords and security procedures, this policy can be an
invaluable tool for any business in operating and protecting its IT
Additional provisions in this template cross-refer to other policy
documents available from Simply-Docs including the Data Protection Policy,
and the Communications, Email and Internet Policy. The inclusion of these
references is not essential, however use of all three documents together is
recommended to ensure the safe and efficient use of IT systems and data
handling within a business.
Optional phrases / clauses are enclosed in square brackets. These should be
read carefully and selected so as to be compatible with one another. Unused
options should be removed from the document.
This document is also available in the UK GDPR & Data Protection Group.
This IT Security Policy includes the following sections:
2. Key Principles
3. IT Department Responsibilities
4. Users’ Responsibilities
5. Software Security Measures
6. Anti-Virus Security Measures
7. Hardware Security Measures
8. Access Security
9. Data Storage Security
10. Data Protection
11. Internet and Email Use
12. Reporting IT Security Breaches
13. Policy Review
14. Implementation of Policy
This document is in open format. Either enter the requisite details in the
highlighted fields or adjust the wording to suit your purposes.
Once you have purchased access to the appropriate document folder click on
the “Download Document” button below. You will be asked what you want to do
with the file. It is recommended that you save the document to a location
of your choice prior to viewing.