Free Information Security Policy Template (No Legalese)

If your employees touch customer data, email, or company software, you need an Information Security Policy. The problem? Most templates are 40-page documents filled with dense legalese that nobody actually reads.

An ignored policy is completely useless during a security audit (or a breach).

Below, we provide a free, human-readable Information Security Policy template designed specifically for small-to-medium businesses. It covers the essentials—data classification, phishing, and safeguarding personal information—in plain English.

Download the Free Template

Click the link below to download the boilerplate template. It is provided in RTF (Rich Text Format) so you can easily open it in Microsoft Word, Google Docs, or Apple Pages to add your company name and distribute it to your team.

Download the Template (.rtf)

What is included in this template?

This streamlined policy focuses on actionable rules rather than legal jargon:

  1. Data Classification (DCM): A simple breakdown of Public vs. Internal vs. Confidential Personal Information, so employees know exactly what they are handling.
  2. Safeguarding Data: Clear rules on password hygiene, enabling 2FA, locking screens, and securing physical documents.
  3. Email Security & Phishing: How to spot a phishing attempt, what to do if you aren't sure, and the golden rule: "When in doubt, don't click."
  4. Device Policies: Basic expectations for using company-issued laptops vs. personal mobile devices (BYOD).
  5. Incident Reporting: Exactly who to contact (and how) if a laptop is lost or a suspicious email is clicked. (Hint: Quick reporting is praised, hiding a mistake is penalized).

How to Get Your Employees to Read and Sign This Policy

Drafting the policy is the easy part. The real challenge is getting every single employee to acknowledge and sign it, and keeping track of those signatures for an audit.

If you email the document to your team, they will probably ignore it. You will then spend weeks chasing people down and manually logging their electronic signatures in a spreadsheet.

The Ethica Way (Automated)

Instead of managing PDF signatures via email threads, you can automate the entire workflow using Ethica.

  1. Upload the Policy: Log into Ethica and upload your finalized policy document.
  2. Add Acknowledgment Text: Set a required acknowledgment (e.g., "I have read, understand, and agree to abide by the company's Information Security Policy").
  3. Assign it to the Team: Ethica will automatically email every employee a secure magic link. They do not need to log in or remember a password.
  4. One-Click Signature: Employees open the link, review the document on their phone or computer, and click "I Acknowledge."

Ethica immediately records the timestamp, IP address, and signature in an audit-ready dashboard. If they ignore the email, Ethica's built-in reminder system will automatically nudge them before the deadline.

Ready to put your policy acknowledgments on autopilot? Start your free 30-day Ethica trial today.

Ready to deliver your training?

Ethica sends SCORM training and policy documents straight to your team's inbox — no LMS, no logins, no setup headaches.

Start free trial See how it works