Õ:nagu üldine turvapoliitikagi, taotleb see ta osa eelkõige turvalisust, mitte turvet (ideaalne oleks ju turvalisus ilma turbe vajaduseta), seega mitte "infoturbepoliitika"

olemus
organisatsiooni turvapoliitika osa:
- määratleb
----- üldeesmärgid teabe turvalisusele ja infoturbele
----- infoturbe halduse süsteemi struktuuri
- on infoturbe esmane alusdokument

ülevaateid
https://www.slideshare.net/SaqibRaza21/12-security-policies-84046434

https://advisera.com/27001academy/blog/2016/05/30/what-should-you-write-in-your-information-security-policy-according-to-iso-27001/

https://www.slideshare.net/shubh7777/information-security-policy-55694114

https://www.csoonline.com/article/2124114/it-strategy/strategic-planning-erm-how-to-write-an-information-security-policy.html

näiteid
https://info.lse.ac.uk/staff/services/Policies-and-procedures/Assets/Documents/infSecPol.pdf

https://www.sans.org/security-resources/policies

https://www.csoonline.com/article/3019126/security/security-policy-samples-templates-and-tools.html

https://www.healthit.gov/sites/default/files/info_security_policy_template_v1_0.docx