Security Policy Draft

Create an information security policy document

🧪 Tested by a human Intermediate 👤 Cybersecurity 👤 It Admin 👤 Compliance
Draft an information security policy for [POLICY AREA — acceptable use / remote work / BYOD / data classification / password / incident reporting]. Include: (1) Purpose and scope, (2) Policy statements with clear rules, (3) User responsibilities, (4) Monitoring and enforcement, (5) Exceptions process, (6) Compliance requirements referenced. Write for a non-technical audience.

Works on

⭐ M365 Copilot (Best) 🟢 ChatGPT 🟠 Claude

Copy & Open in

🟢 ChatGPT 🟠 Claude

Prompt is copied to your clipboard when you click

Tips for Best Results

  • Keep language simple — policies only work if people understand them
  • Map to a framework like CIS or NIST for credibility
  • Set annual review dates

📎 More Prompts

Cybersecurity Risk Register

●●
Create a cybersecurity risk register for [ORGANISATION/PROJECT]. Include columns: (1) Risk ID, (2) Risk description, (3) Category (technical, human, process), (4) Likelihood (1-5), (5) Impact (1-5), (6) Risk score, (7) Current controls, (8) Residual risk, (9) Treatment plan, (10) Owner, (11) Review date. Pre-populate with the top 10 common risks for [INDUSTRY].
⭐ M365 🟢 GPT 🟠 Claude

Data Breach Notification Draft

●●●
Draft breach notification communications for a [BREACH TYPE — data leak / unauthorized access / ransomware] affecting [NUMBER] records. Create: (1) Internal notification to leadership (immediate), (2) Employee communication (within 24 hours), (3) Customer notification (compliant with [REGULATION — GDPR / Privacy Act / state law]), (4) Media statement (if needed). Each communication should be factual, empathetic, and include next steps.
⚡ M365 🟢 GPT ⭐ Claude

Incident Response Plan

●●●
Draft an incident response plan for [INCIDENT TYPE — ransomware / data breach / phishing compromise / account takeover]. Include: (1) Detection indicators, (2) Immediate containment steps, (3) Eradication procedures, (4) Recovery timeline, (5) Communication plan (internal and external), (6) Post-incident review process, (7) Roles and responsibilities matrix.
⚡ M365 🟢 GPT ⭐ Claude
💬