Your company’s information is extremely important, and writing an information security policy is paramount to keeping it secure. You will need to figure out how management views security, get a good framework, and then adapt it to the company. Decide on your mandates, sub-policies, and supplementary documents. Then you can design a policy with all the crucial elements, taking great care when writing and editing to ensure it is strong.
The first thing to be done is to find out how management views security. The security professional writing the policy has the job of being a good listener and understanding how management, as a whole, wants information to be protected. Key to this process is asking the right questions.