What should be included in a written security policy?

Depending on the industry that you are in, and the data security and compliance regulations that may apply to you, a security policy can be quite involved.

At a minimum, every business should have a written security policy to demonstrate that the company takes data privacy and security seriously and has systems in place to protect it.

Without having a policy in place, that all employees have seen and agree to abide by, it may be problematic should a problem develop in the future.

A basic security policy should include:

      • Password policy  (click HERE for password policy tips)
      • Acceptable Use Policy for email, internet browsing, social media, etc. (click HERE for AUP tips)
      • Access and control of proprietary data and client data
      • Access to company data from remote locations, or on non-corporate devices
      • Physical security protocols for doors, dealing with visitors, etc.
      • Understanding data classification, what is critical and private data?
      • How to deal with and report lost or stolen devices
      • How to handle and report a suspected security breach or data loss
      • Requirements and expectations for Security Awareness Training  (click HERE for cybersecurity training tips)
      • Use of third party cloud or file sync services such as Gmail, Dropbox, etc.
      • Requirements for encryption and computer locking procedures

There are very specific requirements that your business may need to adhere to, and there are tools and templates available to help get started. If you would like to see some sample policies and talk about how we may be able to help you put a plan in place, give us a call today!

At White Mountain, we make changing IT vendors EASY!whitemtn contactus sm

Thanks for visiting, we look forward to hearing from you.

CO signature

Onsite Service Coverage Area

Although we provide remote services and support to businesses in over 20 states, onsite services are limited to within reasonable driving distance from our offices in NH.  We will manage a local vendor for locations outside of our service area to provide onsite assistance when needed.


Onsite Computer Support Services are available to businesses within 60 miles of Nashua New Hampshire. We have excellent onsite coverage from Concord NH, south through Manchester NH, and then down into Boston. From Northern and Central Mass, we cover from Worcester, east to the North Shore, including the Salem and Portsmouth NH area.

White Mountain IT Services


33 Main St, Suite 302
Nashua, NH 03064


121 Riverfront Drive
Manchester, NH 03102


Client Help Desk


Open Positions