Samples and Templates


Policy templates and sample language that can be used by agencies to develop or strengthen their internal policies, procedures and practices.

These samples should be modified to best meet the agency's business needs. It is recommended that the policy language be developed in consultation with your Legal Office, Human Resources, Labor Relations, Equal Employment Opportunity Office, Executive Management, Information Security Officer, Chief Information Officer, and Information Technology staff.

Topics on this page

Sample Asset Management Forms

Sample Agreements and Contract Language

Sample agreements and model language to include in contracts that require information security provisions provided by the California Office of Information Security and other government agencies.

Sample Request for Proposals (RFPs) and Request for Offers (RFOs)

Sample RFPs for seeking assistance with information security functions (such as risk assessments, and network scanning and penetration testing) provided by the State Information Security Office and other state agencies.

Information Security Policy Templates

Policy development templates provided by the State Information Security Office and other California state agencies.

Outline of Security Policy Components Acceptable Use Employee Acknowledgement Banner Language (Provided by California Office of Attorney General)

Other Resources for Information Security Policy Development

Policy Development Projects and Resources (Provided by various non-profit organizations)

Incident Management

Sample incident management related forms and tools provided by the State Information Security Office and other California state agencies.

Other Resources for Incident Management

Incident Management Resources (Provided by various non-profit organizations)
  • The NIST Federal Agency Security Practices (FASP) website was initiated as a result of the success of the Federal CIO Council's Federal Best Security Practices (BSP) pilot effort to identify, evaluate, and disseminate best practices for CIP and security. With the support of the Federal Computer Security Program Managers' Forum, NIST offers information sharing and collaborative endeavor as an educational resource for Federal security professionals. The FASP web site contains information on:
    • Agency Policies and Procedures
    • Public / Private / Academia Practices
    • Helpful Resources - CIO Pilot BSPs, Implementation Guides, FASP Contacts
    • List of Frequently Asked Questions
  • The Computer Forensics & Digital Evidence Toolkit (links to Computer-Forensics, Privacy Resources website)

The California Office of Information Security (Office) web site contains links to other sites that are not owned or controlled by us. The information provided at these sites does not reflect the views of this Office or indicate an endorsement of a particular company or product. Please be aware that our Office is not responsible for the security and privacy practices of such other sites.


Last Updated: Friday, September 09, 2016