About EZ Security Policy
Trusted IT security policy documents since 1995.
EZSecurityPolicy.com helps small and mid-sized organizations build a complete, audit-ready security policy program without hiring a six-figure consulting firm. Our Bronze, Silver, and Gold packages are written by information security professionals with more than 30 years of experience serving businesses from five employees to tens of thousands.
We have delivered policies to organizations in all 50 U.S. states and more than 55 countries. Customers include city and state governments, defense contractors, healthcare providers, payment processors, and fast-growing SaaS companies that need documented security controls for auditors, partners, and regulators.
Why customers choose us
- Instant delivery — download your policy pack immediately after purchase
- Editable documents — customize in Microsoft Word for your company
- 30-day money-back guarantee — if you are not satisfied, we refund your purchase
- BBB Accredited Business — veteran-owned, U.S.-based support
- Phone support — call (917) 765-0342 with questions
Our packages
Bronze ($149) includes four foundational policies. Silver ($329) adds governance policies, remote access, VPN, wireless, and incident response plus two evidence forms. Gold ($849) is the full suite with 52 policies and 25 standard compliance forms — designed for ISO 27001 and SOC 2 Security readiness, with HIPAA, PCI, and GDPR coverage where applicable.
Defense contractors pursuing CMMC Level 2 can purchase our Complete CMMC Pro Policy Package ($799) — 41 editable documents including SSP and POA&M templates.
Questions? Contact us or email info@ezsecuritypolicy.com.
What is in the Gold package?
52 policies and 25 standard forms — 77 editable Word documents delivered instantly after purchase.
Show all 52 policies and 25 forms
Policies
- Acceptable Use Encryption Policy
- Acceptable Use Policy
- Accountability for Assets Policy
- AI Security Policy
- Application Access Control Policy
- Backup Policy
- Business Continuity & Disaster Recovery Policy
- Change Management Policy
- Confidential Data Policy
- Cloud Computing Policy
- Cloud Security Policy
- Data Classification Policy
- Data Protection Policy
- Data Retention Policy
- Data Security Policy
- Email Policy
- Encryption Policy
- Equipment Security Policy
- Exception to Policy
- External Communications Policy
- External Party Information Disclosure Policy
- Firewall Policy
- Guest Access Policy
- Incident Response Policy
- Information Ownership Policy
- Information Security Infrastructure Policy
- Information Security Policy
- Mobile Device Policy
- Monitoring System Access and Use Policy
- Network Access Policy
- Network Security Policy
- Notifying Employees of Change Policy
- Operating System Access Control Policy
- Organizational Security Policy
- Outsourcing Policy
- Password Policy
- Personal Computer Policy
- Physical Security Policy
- Ransomware Policy
- Remote Access Policy
- Risk Assessment Policy
- Retention Policy
- Secure Areas Security Policy
- Secure Software Development Policy
- Telecommuting and Mobile Computer Security Policy
- Third Party Connection Policy
- User Training Policy
- Vulnerability & Patch Management Policy
- VPN Policy
- Wireless Access Policy
- Wireless Security Policy
- Network Access & Authentication
Standard forms
- Policy Acceptance Page
- Guest Network Access Request
- Security Incident Report
- Noncompliance Notice
- Policy Amendment Form
- Request for Account Setup
- Request for Policy Exception
- Visitor Log
- Risk Register
- Risk Treatment Plan
- Access Recertification Log
- Vendor Security Assessment
- Change Request Form
- BCP DR Test Results
- SOC 2 Security Control Matrix
- ISO 27001 Statement of Applicability
- Security Training Log
- Penetration Test Summary
- Termination Access Checklist
- ISMS Scope Statement
- Internal Audit Procedure
- Management Review Record
- Privacy Impact Assessment (DPIA)
- Asset Inventory Attestation
- CAPA Remediation Tracker