It is intended that this will ultimately comprise a set of high level, ISO 27002 aligned, security policies.
As such, a reasonable starting point is to lay out the framework to map these on to ISO 27002 itself. The following segmentation would appear therefore to be a sensible approach:
-Asset Classification and Control
-Physical and Environmental Security
-Communications and Operations Management
-System Development and Maintenance
-Business Continuity Management
Please feel free to add your policy statements within these headings. These will be periodically re-organized and re-mapped for readability and practical use.
Security Policies mailing list
ISO 17799 Guide
Hints and Tips
Accredited Certification Body
risk treatment plan