Internal IT Policy Templates

by | 8th December 2022

The Challenge:

With every department having different IT priorities, how do you design an Internal IT policy?

Chalkline recommends you review our previous articles on the importance of an Internal IT policy:

Remote working: The importance of cybersecurity recommends you should evaluate your IT cybersecurity policies and processes making sure your business is ready for anything.

Data security policy: how to protect your financial clients explains data security policy is the way to a business plan achieving data privacy and security, through training, methods, use-cases and plans implemented on a regular basis to secure sensitive data.

The Solution:

In What is data security? What your finance firm needs to know, Chalkline said focus on preventing unauthorised access to data, prevent data breaches, detect, respond and have policy procedures maintaining complete data security from threats including:

  • Malware viruses
  • Hackers
  • Cybercrime and IP theft
  • On and offline scams and Phishing
  • Advanced and sophisticated attacks
  • Third-party services
  • Internal data security issues

Comply with GDPR through the following principles:

  • Storage limitation
  • Purpose limitation
  • Lawfulness, fairness and transparency
  • Minimisation
  • Accuracy
  • Integrity and confidentiality
  • Accountability

In Data security policy: how to protect your financial clients Chalkline said:

  • Create a data security culture
  • Back-up your data regularly
  • Make a security breach plan
  • Detail permission levels and role-based access
  • Implement consistent cyber security training
  • Protect data with a password policy
  • Limit the volume of digital data
  • Encrypt your data
  • Use multi-factor authentication


The United Kingdom Government’s Department for Digital, Culture, Media & Sport’s Cyber Security Breaches Survey 2021 asked businesses about plans they had to cover cybersecurity.

Formal policy or policies covering cybersecurity risks:

  • micro firms 27%
  • small firms 53%
  • medium firms 75%
  • large firms 75%

Business continuity plans covering cybersecurity:

  • micro firms 26%
  • small firms 51%
  • medium firms 69%
  • large firms 72%

Cybersecurity policies last reviewed:

  • last 3 months 23%
  • last 3 to 6 months 19%
  • last 6 to 12 months 41%
  • last 12 to 24 months 12%
  • last 24 months or earlier 2%
  • Don’t know 4%

Themes covered in cybersecurity policies:

  • How data is supposed to be stored 80%
  • What staff are permitted to do on organisation’s IT devices 76%
  • Remote or mobile working 70%
  • What can be stored on removable devices (e.g. USB sticks) 65%
  • Use of cloud computing 64%
  • Use of network-connected devices 63%
  • Use of personally-owned devices for business activities 54%
  • Use of Software as a Service 36%

The Outcome: 

You can select the most flexible, streamlined Internal IT Policy suiting your unique IT requirements, keeping you cybersecure.


Call Chalkline today on 020 3819 3300 or review our IT Security Packages for SMBs page and book a meeting with us, we can help with all elements of cyber hygiene and answer any questions you might have.

Other Posts from Chalkline