Information Security Policies are the cornerstone of information security effectiveness. The Security Policy is intended to define what is expected from an organization with respect to security of Information Systems. The overall objective is to control or guide human behavior in an attempt to reduce the risk to information assets by accidental or deliberate actions. Information security policies underpin the security and well being of information resources. They are the foundation, the bottom line, of information security within an organization.

This policy should covers all information and information resources, including computers and communication devices owned or operated by organizations as well as information stored on a remote system operated by an outside entity. This policy should also cover any computer or communications device that is present on organizations premises and/or use organization communication infrastructure, but which may not be owned or operated by organizations. Information includes data stored on magnetic or other electronic media, data stored in computer memory, data displayed on a monitor, projector system or other output, data being transmitted over communication lines or verbal, written or printed documents

IT Policy documentation broadly covers following policies

Policy for Classifying Information and Data
Policy for controlling Access to Information and Systems
Policy for Processing Information and Documents
Policy for Document Handling
Policy for Securing Data
Policy for Other Information Handling and Processing
Policy for purchasing and maintaining commercial software
Policy for Purchasing and Installing Software
Policy for Software Maintenance & Upgrade
Policy for Software Issues reporting
Policy for Disposing of Software
Policy for securing hardware, perpherails and other equipments
Policy for Cabling, UPS, Printers and Modems
Policy for Using Secure Storage
Policy for Documenting Hardware
Policy for Other Hardware Issues
Policy for combating Cyber Crime
Policy for E-Commerce Issues
Policy for developing and maintaining inhouse software
Policy for Controlling Software Code
Policy for Software Development
Policy for Testing & Training
Policy for Documentation
Policy for Documenting New and Enhanced Systems
Policy for Acquiring Vendor Developed Software
Policy for Premises Security
Policy for Data Stores
Policy for addressing personnel issues relating to security
Policy for Confidential Personnel Data
Policy for Personnel Information Security Responsibilities
Policy for HR Management
Policy for HR Issues Other
Policy for Awareness
Policy for Training
Policy for complying with legal and policy requirements
Policy for Planning business Continuity