When to use this
Practical use
Use this as a working artifact. Fill it with real owners, dates, decisions, evidence locations, and review status.
Use this to track policy ownership, approval, version control, review, and acknowledgement requirements.
| Policy name | Owner | Approver | Version | Status | Audience | Classification | Last review | Next review | Acknowledgement required? |
|---|---|---|---|---|---|---|---|---|---|
| Information Security Policy | Approved/Draft | All personnel | Yes | ||||||
| Access Control Policy | IT, system owners | Yes/No | |||||||
| Acceptable Use Policy | All personnel | Yes | |||||||
| Supplier Security Policy | Procurement, vendors | Yes/No | |||||||
| Incident Management Policy | All personnel, IT, security | Yes |
- Template
- Policy
- A5 1
Note Metadata
Aliases: Policy Register
Source: 90 Templates/Policy Register.md
Related Notes
- ISO 27001 A.5.1 - Policies for Information Security
- ISO 27001 A.5.31 - Legal, Statutory, Regulatory and Contractual Requirements
- ISO 27001 A.5.32 - Intellectual Property Rights
- ISO 27001 A.5.37 - Documented Operating Procedures
- A.5.1 Audit Evidence Pack
- A.5 Organizational Controls Implementation Guide
- ISO 27002 Annex A Control Interpretation Map
- Operating Procedure Register
- Templates MOC