Below is templates I have developed regarding different areas. When possible I will continue to gradually develop more.

Welcome to the SANS Security Policy Resource page, a consensus research project of the SANS community. The ultimate goal of the project is to offer everything you need for rapid development and implementation of information security policies. You'll find a great set of resources posted here already, including policy templates for twenty-seven important security requirements.

Information classification is a document in which organisations assess the data that they hold and the level of protection it should be given. Organisations usually classify information in terms of confidentiality, integrity and availability (CIA).

This review is to give a quick view of the current level of security. The reason can be to ensure the security level is sufficient or to see what can be improved. The different areas in the review is based on ISO27001.

The review can be performed by an external auditor or internally by the company/subcontractor. What solution that is best suitable is based on the history and/or the relationship with the subcontractor.