Related Websites

• State and Consumer Services Agency
• State Chief Information Officer
• CA Highway Patrol
• CA Office of HIPAA Implementation
• CA Office of Homeland Security
• CA Office of Emergency Services

Right Column

Samples and Templates

Overview

Policy templates and sample language that can be used by agencies to develop or strengthen their internal policies, procedures and practices.

These samples should be modified to best meet the agency's business needs. It is recommended that the policy language be developed in consultation with your Legal Office, Human Resources, Labor Relations, Equal Employment Opportunity Office, Executive Management, Information Security Officer, Chief Information Officer, and Information Technology staff.

Table of Contents

• Asset Management
• Contract Development
• Request for Proposal Development
• Policy Development

Sample Asset Management Forms

• Employee Appointment Checklist (.doc, 39K)
• Record of Property Issued to State Employee (.doc, 74k)
• Employee Exit Checklist (.doc, 120k)
• Management Directive and Procedures for Handling Confidential Documents (.doc, 43k)

Sample Contract Language

Sample and model language to include in contracts that require information security provisions provided by the State Information Security Office and other government agencies.

• BL-04-35 Contract Provisions (.doc, 31k)
• HIPAA Contract Provisions (.doc, 52k)
• Business Associate Agreements for HIPAA Privacy Rule (link to Department of Health Care Services website)
• Model Contract Language (link to Department of General Services website)

Sample Request for Proposals (RFPs) and Request for Offers (RFOs)

Sample RFPs for seeking assistance with information security functions (such as risk assessments, and network scanning and penetration testing) provided by the State Information Security Office and other state agencies.

• Sample Risk Assessment RFP (.doc, 260k)
• Sample Security Assessment RFO (.doc, 241k)
• Instructions and Considerations for Preparing a Statement of Work with Samples (.pdf)

Information Security Policy Templates

Policy development templates provided by the State Information Security Office and other California state agencies.

Outline of Security Policy Components

• Security Policy Outline (.doc, 29k)

Acceptable Use

• Acceptable Use Policy Template (.doc, 52k)

Employee Acknowledgement

• Employee Acknowledgement (.doc, 29k)

Banner Language (Provided by California Office of Attorney General)

• Simple Network Banner Language (.doc, 32k)
• Presentation on Computer Use Policies (.ppt, 76k)

Other Resources for Information Security Policy Development

Policy Development Projects and Resources (Provided by various non-profit organizations)

• EDUCAUSE - Security Policy Resources (link to EDUCAUSE website)
• National Institute of Standards and Technology (NIST) - Computer Security Policy Guidance (link to NIST website, Special Publication 800-12, Chapter 5)
• SysAdmin, Audit, Network, Security (SANS) Policy Project (link to SANS website)
• Open Directory Project (ODP) Policy Samples (link to ODP website)

---

The California Office of Information Security (Office) web site contains links to other sites that are not owned or controlled by us. The information provided at these sites does not reflect the views of this Office or indicate an endorsement of a particular company or product. Please be aware that our Office is not responsible for the security and privacy practices of such other sites.