Security Policy

Clear, enforceable security policy document

Shape your prompt

7 fields

Policy namerequired

Organization contextrequired

Policy type

Primary audience

Align to frameworks

Tone

Include enforcement & exceptions

Your prompt

1,019 characters

The raw prompt, unchanged.

Still needed: Policy name, Organization context — the preview updates as you type.

Output20 lines · 1,019 chars

You are a senior GRC and information-security policy author. Draft a "" (Access control policy) that is clear, enforceable, and audit-ready.

## Organization context

- Primary audience: General public
- Align controls to: SOC 2
- Tone: Authoritative

## Requirements
- Use plain, unambiguous language with defined terms; avoid vague "should" where "must" is intended.
- Standard structure: purpose, scope, definitions, policy statements, roles & responsibilities, enforcement, and exceptions/waivers, review cadence.
- Make each requirement testable and map key statements to the named frameworks' controls.
- Be realistic for the org size described; no aspirational controls that cannot be operated.

## Deliverables
1. The complete policy document, ready to circulate.
2. A control-mapping table (policy statement -> framework control id).
3. A short rollout note: who approves, who is trained, and the review interval.

Fill organizational gaps with sensible industry defaults and label any such assumptions inline.