Information Security Policy for a medium sized organisation.

Recently our team was asked to update a policy document for a medium sized charity, they had used a donated template from a much larger enterprise and were finding it too unwieldy.

It was overly complicated having been made using an enterprise level control framework designed for government agencies.

In the end the original version was not cost effective and significantly delayed because it failed to consider human factors, in many organisations there is no dedicated IT or IS lead so it hits the ‘too hard basket’ and tension then sets in between the operation areas and the board.

In the spirit of community collaboration one of our senior consultants has pulled a version together that is aimed more at medium sized charities who have a governing board.

This document isn’t recommended for incorporated associations but can be easily adapted, in the FAQ on our site we also provide an adapted guide from the ACNC which is more in line with the resourcing and capacity of incorporated associations.

The template is adapted from ACNC & AICD guidance and aligns to the Essential 8, you can find it here