Welcome to Simply-Docs

IT Security Policy Template

IT Security Policy


This IT Security Policy has been designed for use by a range of businesses and can serve not only as a policy for IT security matters but may also serve as a useful guide to the important IT security points that a business should consider.

This document has been designed to assist in compliance with the UK's data protection legislation (including the UK GDPR and the Data Protection Act 2018). It has been updated for compatibility with the UK GDPR and is ready for use from the start of 2021.

Optional references to a Data Protection Officer are included in this document. If your business does not have a DPO, these references may be altered to refer to the appropriate individual or be removed; but it is important to ensure that questions, concerns, and breaches relating to personal data are properly addressed.

Addressing key aspects of IT security such as the use of anti-virus and internet security software, the updating / patching of operating systems and application software, physical security measures for hardware, access privileges, passwords and security procedures, this policy can be an invaluable tool for any business in operating and protecting its IT infrastructure.

Additional provisions in this template cross-refer to other policy documents available from Simply-Docs including the Data Protection Policy, and the Communications, Email and Internet Policy. The inclusion of these references is not essential, however use of all three documents together is recommended to ensure the safe and efficient use of IT systems and data handling within a business.

Optional phrases / clauses are enclosed in square brackets. These should be read carefully and selected so as to be compatible with one another. Unused options should be removed from the document.

This document is also available in the UK GDPR & Data Protection Group.

This IT Security Policy includes the following sections:

1. Introduction
2. Key Principles
3. IT Department Responsibilities
4. Users’ Responsibilities
5. Software Security Measures
6. Anti-Virus Security Measures
7. Hardware Security Measures
8. Access Security
9. Data Storage Security
10. Data Protection
11. Internet and Email Use
12. Reporting IT Security Breaches
13. Policy Review
14. Implementation of Policy

This document is in open format. Either enter the requisite details in the highlighted fields or adjust the wording to suit your purposes.

Once you have purchased access to the appropriate document folder click on the “Download Document” button below. You will be asked what you want to do with the file. It is recommended that you save the document to a location of your choice prior to viewing.

This same document can also be downloaded at:-

Simply-Docs uses cookies to ensure that you get the best experience on our website. Learn more