The ACT Security Issues work group, in conjunction with IIABA created this sample cybersecurity policy to help agencies easily comply with the requirement to have a cybersecurity policy in place.    

This policy is directed toward "employees" throughout.  If the Agency uses independent contractors as well as employees, the Agency will need to broaden the policy to cover this group, such as by substituting "Agency Users" for "employees" wherever the term appears and defining "Agency Users" to include all categories of the Agency's workers.

For agencies doing business in the state of New York: You may qualify for the New York Regulation 23 NYCRR 500 "Limited Exemption." Visit The Big I of NY Cybersecurity webpage for more information. Even if you qualify for the "Limited Exemption", you will still have to comply with several requirements of the New York Regulation.

How to Use this Template

• Review each section of the policy and add your information to the yellow fields.
• You will notice several ^footnotes inserted throughout the document, marked by superscripted blue letters. These correspond to additional information (rollover to view or refer to blue boxes in footnote section) to help you customize the section, when needed.
• Delete pages 2-3 from your document, and if desired, delete pages 9-10as they are simply customization aides.
• Once customized: save the document in a safe place, print a copy for your records and review with staff.
• The agency must execute all of the items listed in the policy.

You must be logged in with your Big 'I' ID & password to download the CyberSecurity Policy Template, (Word Document)