When writing a security policy you should include information regarding:
- Who is allowed to use the system and when they are allowed to use it
- What access different groups and users will be granted
- Access procedures including procedures for revoking access and remote access
- Training guidelines for users, administrator, and executives
- What constitutes acceptable use of the system
- What to do in the event of a security breach
- What the requirements are for a company’s servers
You should also include information such as resource classification, acceptable software and installation procedures, and system monitoring procedures.