This information security policy-procedure includes a large number of topic-specific information security policies including the following;

• Information Communication Technology (ICT) Equipment Policy
• Use of Own ICT Equipment / Bring Your Own Device (BYOD) Policy
• Clear Desk / Clear Screen Policy
• Password and Secure Authentication Policy
• Remote Working Policy
• Mobile Device Policy
• Cryptographic Policy
• Communications Policy
• Data Backup and Deletion Policy
• Anti-Malware Policy
• Software Installation Policy
• Access Control Policy
• Web Content Policy
• Internet / Electronic Messaging Policy
• Information Transfer Policy
• Technical Vulnerability Management Policy
• Secure Coding and Development Policy
• Cloud Computing Policy
• Identity Management / Authentication Information
• Supplier Security Policy
• Information Classification and Protection Policy
• ICT Continuity Policy
• Intellectual Property Policy

These topic-specific policies are essentially information security procedures but are named policies to ensure compliance with the requirements detailed in the ISO 27001:2022 - information security management systems standard where a number of Annex A controls stipulate that various topic-specific policies must be defined.

If you don't want a large number of policies (which are actually procedures) and would prefer a single procedure document which includes all the policies required for ISO 27001 compliance then this file is what you need!

Note: The file is named Policy-Procedure to ensure it's logical purpose (it's a procedure) and it's illogical-but-necessary-for-ISO-compliance purpose are both covered.

This policy-procedure file can be shared with all workers for training / awareness purposes and once acknowledged it will mean all required policies are covered with this one document. 

[Information Classification: Business Use]