<div>
I suggest your policy follows the ISO 27001 headings such as these but it may be quite non-trivial to cover all quickly - esp if you intend to make it simpler at the first place (for small set)<br />
<a href="http://www.27001-online.com/secpols.htm" rel="ugc">http://www.27001-online.com/secpols.htm</a><br />
<br />
Otherwise, go specific for a &quot;scoped&quot; policies in area of main concern. Here is one comprehensive coverage of samples and toolkit for the various IT &amp;&nbsp;cyber security scope <br />
<a href="https://www.dmoz.org/Computers/Security/Policy/Sample_Policies/" rel="ugc">https://www.dmoz.org/Computers/Security/Policy/Sample_Policies/</a><br />
<br />
Additional supplementary alternatives include <br />
-Clean desk policy<br />
-Computer and e-mail acceptable use policy<br />
-Internet acceptable use policy<br />
-Password protection policy<br />
-Social media and blogging policies<br />
-Personnel access/changes policy<br />
<a href="http://www.csoonline.com/article/3019126/security/security-policy-samples-templates-and-tools.html" rel="ugc">http://www.csoonline.com/article/3019126/security/security-policy-samples-templates-and-tools.html</a><br />
<br />
If you wanted a more clean cut to have small win or glimpse to poll the stakeholders, you may check out the attached (though can be quite old). It give some sensing on coverage and simple straight to the point mandates<br />
<a href="https://filedb.experts-exchange.com/incoming/2016/09_w36/1114721/NHS-CFH_Corporate-InfoSec-Policy-Tem.doc" target="_blank" class="file-inline" title="Sample of a health org ICT policy (98 KB)"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><path d="M67.508 468.467c-58.005-58.013-58.016-151.92 0-209.943l225.011-225.04c44.643-44.645 117.279-44.645 161.92 0 44.743 44.749 44.753 117.186 0 161.944l-189.465 189.49c-31.41 31.413-82.518 31.412-113.926.001-31.479-31.482-31.49-82.453 0-113.944L311.51 110.491c4.687-4.687 12.286-4.687 16.972 0l16.967 16.971c4.685 4.686 4.685 12.283 0 16.969L184.983 304.917c-12.724 12.724-12.73 33.328 0 46.058 12.696 12.697 33.356 12.699 46.054-.001l189.465-189.489c25.987-25.989 25.994-68.06.001-94.056-25.931-25.934-68.119-25.932-94.049 0l-225.01 225.039c-39.249 39.252-39.258 102.795-.001 142.057 39.285 39.29 102.885 39.287 142.162-.028A739446.174 739446.174 0 0 1 439.497 238.49c4.686-4.687 12.282-4.684 16.969.004l16.967 16.971c4.685 4.686 4.689 12.279.004 16.965a755654.128 755654.128 0 0 0-195.881 195.996c-58.034 58.092-152.004 58.093-210.048.041z"/></svg>NHS-CFH_Corporate-InfoSec-Policy-Tem.doc</a>
</div>


I suggest your policy follows the ISO 27001 headings such as these but it may be quite non-trivial to cover all quickly - esp if you intend to make it simpler at the first place (for small set)
http://www.27001-online.com/secpols.htm [http://www.27001-online.com/secpols.htm]

Otherwise, go specific for a "scoped" policies in area of main concern. Here is one comprehensive coverage of samples and toolkit for the various IT & cyber security scope
https://www.dmoz.org/Computers/Security/Policy/Sample_Policies/ [https://www.dmoz.org/Computers/Security/Policy/Sample_Policies/]

Additional supplementary alternatives include
-Clean desk policy
-Computer and e-mail acceptable use policy
-Internet acceptable use policy
-Password protection policy
-Social media and blogging policies
-Personnel access/changes policy
http://www.csoonline.com/article/3019126/security/security-policy-samples-templates-and-tools.html [http://www.csoonline.com/article/3019126/security/security-policy-samples-templates-and-tools.html]

If you wanted a more clean cut to have small win or glimpse to poll the stakeholders, you may check out the attached (though can be quite old). It give some sensing on coverage and simple straight to the point mandates
NHS-CFH_Corporate-InfoSec-Policy-Tem.doc [https://filedb.experts-exchange.com/incoming/2016/09_w36/1114721/NHS-CFH_Corporate-InfoSec-Policy-Tem.doc]

NHS-CFH_Corporate-InfoSec-Policy-Tem.doc

<div>
<div class="content wysiwyg-content">
I am looking for a security policy for a small business to use for their employees.<br />
Are there any good templates to start from?
</div>
</div>


I am looking for a security policy for a small business to use for their employees.
Are there any good templates to start from?

Security Policy for a small business

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection.  Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.

Security

Network security consists of the policies adopted to prevent and monitor authorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, and covers a variety of computer networks; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access.

Network Security

Windows Server 2008 and Windows Server 2008 R2, based on the Microsoft Vista codebase, is the last 32-bit server operating system released by Microsoft. It has a number of versions, including including Foundation, Standard, Enterprise, Datacenter, Web, HPC Server, Itanium and Storage; new features included server core installation and Hyper-V.