It is intended that this will ultimately comprise a set of high level, ISO 27002 aligned, security policies.

As such, a reasonable starting point is to lay out the framework to map these on to ISO 27002 itself. The following segmentation would appear therefore to be a sensible approach:

-Security Organization

-Asset Classification and Control

-Personnel Security

-Physical and Environmental Security

-Communications and Operations Management

-Access Control

-System Development and Maintenance

-Business Continuity Management

-Compliance

Please feel free to add your policy statements within these headings. These will be periodically re-organized and re-mapped for readability and practical use.