UK: 0116 258 1200

NI: 028 3083 5588

ROI: 01 809 0080

Information Security Policy Templates

Template policies to help your firm demonstrate compliance with GDPR

The General Data Protection Regulation (GDPR) requires you to implement technical and organisational measures to show that you have considered and integrated data protection into your processing activities. Having internal policies catering for data security can help to demonstrate how your business is complying with the GDPR. But if you don’t currently have any such internal policies, where do you start?

Mercia has partnered with ADL Consulting to bring you a suite of 10 information security policy templates. These templates provide a useful start-point for any business looking to implement policies and procedures to ensure compliance with GDPR and help demonstrate your firm’s commitment to managing data safely and securely. All templates require tailoring to your business requirements and are provided in Microsoft Word to allow for full customisation.

The set contains:

Information Security Policy Statement
The purpose of this policy is to protect the company’s information assets from all threats, whether internal or external, deliberate or accidental.

Acceptable Use Policy
The purpose of this policy is to outline the acceptable use of computer equipment at your firm. These rules are in place to protect the employee and the business. Inappropriate use exposes the firm to risks including malware attacks, compromise of network systems and services, and legal issues.

Access Control Policy
The purpose of this policy is to ensure that both logical and physical access to information and systems is controlled and procedures are in place to ensure the protection of information systems and data.

Password Policy
The purpose of this policy is to establish a standard for creation of strong passwords, the protection of those passwords, and the frequency of change.

Malware Protection Policy
The purpose of this policy is to explain the measures that your firm has taken to protect the business from malware, how that affects staff, and what is expected from staff.

Firewall Policy
The purpose of this policy is to explain where firewalls exist, how they should be configured, and who should be able to make changes to them.

Clear Desk Clear Screen Policy
The purpose for this policy is to establish the minimum requirements for maintaining a “clean desk” – where sensitive/critical information about employees, intellectual property, customers and vendors is secure in locked areas and out of site. 

Bring Your Own Device (BYOD) Policy
The purpose of this policy is to explain your firm’s requirements where those within scope wish to connect to your firm’s systems, or hold your firm’s data. It also explains how those within scope are expected to behave with respect to mobile devices in the workplace.

Backup Policy
The purpose of this policy is to explain how backups are run and managed. It also described the process for recovery in the event of accidental change or deletion, or in the event of a disaster.

Account Justification and Creation Policy (including an Account Justification Form)
The purpose of this policy is to explain the account justification process.

Order individual policies    Order the whole suite


NOTE: These templates are for internal use only, and resale is strictly prohibited and a breach of copyright.




One template

£50 plus VAT each

Whole suite of 10 templates

£450 plus VAT

10% discount for Members. All prices are subject to VAT.


You can place an order by clicking the blue order button above. 

Alternatively call the Marketing Support team on 0116 258 1242 or email us at

Supplied in digital format and delivered to you by email within one working day of receipt of your order.

For more information on the GDPR, read our free download on What the GDPR means for businesses.

To enquire about or order the Information Security Policy Templates please submit the form below or call 0116 258 1200

Information Security Policy Templates

Contact Name



Firm Name