Following is a basic step-by-step checklist for creating a security policy:
Step 1.
Determine the general policy needed.
Step 2.
State the high-level purpose for the policy.
Step 3.
Perform risk assessment.
Collect assets.
Review threats.
Generate costs.
Step 4.
Present the risk assessment and proposed policy purpose to departmental managers.
Step 5.
Determine the policy structure (one large or several small ones).
Step 6.
Prepare the policy outline.
Purpose
Scope
Policy
Enforcement
Terms/glossary
Step 7.
Get the final signoff of the policy from all departmental managers.
Step 8.
Issue the policy to employees, and have them sign it if required.
Step 9.
Implement or activate the new policy.
Step 10.
Continually review the policy for flaws, and update it as required.