WISP | ISO 27002 – Policies & Standards


A Written Information Security Program (WISP) based on the ISO 27002:2013 framework. It contains cybersecurity policies and standards that align with ISO 27001/27002.



The ISO 27002 Written Information Security Program (WISP) is our leading set of cyber security policies and standards based on ISO 27002:2013. This is a comprehensive, customizable, easily implemented document that contains the policies, control objectives, standards, and guidelines that your company needs to establish data security and meet compliance regulations.

Our ISO 27002 WISP is a customizable document that you can adjust to fit the needs or compliance requirements of your organization. It’s a fraction of the cost of writing one yourself or hiring an outside consultant to write one for you.

Written Information Security Program (WISP) ISO 27002 contains fourteen information security policies:

  • Information Security Program Policy
  • Information Security Organization Policy
  • Human Resource Security Policy
  • Asset Management Policy
  • Access Control Policy
  • Cryptography Policy
  • Physical & Environmental Security Policy
  • Operations Security Policy
  • Communications Security Policy
  • System Acquisition, Development & Maintenance Policy
  • Vendor Management Policy
  • Information Security Incident Management Policy
  • Business Continuity Management Policy
  • Compliance Policy

Additional Bonus Resources:

  • Excel spreadsheet that maps the standards to multiple statutory, regulatory, and contractual frameworks
  • User acknowledgment form
  • User equipment receipt of the issue
  • Service provider non-disclosure agreement form
  • Incident response form
  • Information Security Officer (ISO) appointment orders
  • Administrator account request form
  • Change Control Board (CCB) meeting documentation template
  • Plan of Action & Milestones (POA&M) documentation template
  • Ports, protocols & services documentation template
  • Statutory, Regulatory & Legal compliance checklist
  • Incident Response Plan (IRP) template
  • Business Impact Analysis (BIA) template
  • Disaster Recovery Plan (DRP) template
  • Business Continuity Plan (BCP) template
  • Privacy Impact Assessment (PIA) template
  • Electronic discovery (e-discovery) guidelines

Benefits of an ISO 27002 WISP:

  • Decreased costs – less reactive IT support
  • Compliance coverage
  • Improved productivity – decreased distractions
  • Less virus & malware outbreaks – decreased downtime & expense
  • More efficient operations – better performing network & computers
  • Increased accountability of assets & resources
  • Educated & trained employees
  • Proper documentation to remove liability