Often, it is useful to see how other organizations execute their policies. The following sites show you how the National Institute of Heath (http://cio.berkeley.edu/policies.html) and Berkeley University (http://irm.cit.nih.gov/security/sec_policy.html) created their policies.
The following links provide an extensive bouquet of information and examples pertaining to policies:
The following site will point you to a relatively inexpensive tool for policy creation http://www.network-and-it-security-policies.com.
NIST develops a majority of the standards embodied in the industry. At the following Web site, you can find a wealth of information on checklists, guidelines and procedures from topics ranging from incident response, wireless security, HIPPA, Voice over IP and much more. This should be a familiar Web site to anyone in the security field http://csrc.nist.gov/publications/nistpubs.
For security checklists there are a number of sites to visit, depending upon what you need to evaluate.
This was first published in September 2005