Skip to main content

Quick Links

  • Share your knowledge
  • Jobs & RFP's
  • Log in
Legal Services National Technology Assistance Project
  • Forum
  • Events
  • Topics

    Topics

    Go to Topics Overview
    • Client Facing
      • Artificial Intelligence (AI)
      • Diversity, Equity, & Inclusion (DEI)
      • Social Media
      • UX / Design
      • Accessibility
      • Websites
      • Call Centers
      • Self Representative Litigation
    • Organization
      • Tech Initiative Grant (TIG)
      • Project Management
      • Tech Policies
      • Training
      • Data & Evaluation
      • Remote Work
      • Security
      • Disasters
  • Tools & Resources

    Tools & Resources

    Go to Tools & Resources Overview
    • DATA Analysis Tool for All
      • Data Overview
      • Data Resources
      • DATA Origins
      • DATA FAQ
      • Analysis Guide
      • Tips & Recommendations
      • Location Quotient
      • Partnerships
      • Give Feedback
    • Other Resources
      • Toolkits
      • Articles
      • AI & Legal Information Database
      • Legal Aid Tech Stack
      • Consumer Self-Help Solutions
  • Tech Assistance

    Tech Assistance

    Go to Tech Assistance Overview
    • Tech Assistance Program
    • Legal Aid Tech Vendors & Service Providers
  • About

    About

    Go to About Overview
    • News
  • Share your Knowledge
  • Jobs & RFPs
Search

Breadcrumb

  1. Home
  2. Tools & Resources
  3. Toolkits
  4. 5. Security Toolkit: Security Policies

2022 Legal Aid Security Toolkit

yellow, green, and blue angled lines

Explore This Toolkit

5. Security Toolkit: Security Policies

Last Updated: 2/17/25

Download Toolkit
Facebook
X
Security Policy

5. Security Toolkit: Security Policies

What to Include?


Security policies may cover a wide variety of topics. You should have policies dedicated to specific security topics.  Below is a list of common policies needed in legal aid organizations:

  • Account Management and Password policy: guidance on what kinds of passwords to use and how often to change them.
     
  • Acceptable use policy (AUP): help staff and volunteers understand what they should and should not do with the organization's technology, systems, and data.  AUP’s may include requirements with respect to training, specifically security awareness training and testing.
     
  • Remote work and remote access policies: what devices can/cannot be used; who can and cannot use a work device; how to create a secure remote environment; how to properly access organization networks remotely; and data handling practices to prevent data leakage.
     
  • Data classification: clear descriptions of what kinds of data your organization retains and what security should be used for each kind of data. This may include which systems to use and whether/when encryption must be used.
     
  • Data retention: schedules for how long your organization keeps data and in what forms, distinguishing between on-site data, backups, and off-site backups.
    Security breach and incident response plans: guidance on how to respond when the organization becomes aware of a possible breach (see the materials on what to do when you experience a breach below).
     
  • Disaster Recovery Plan Policy: detailed plans on how to keep critical IT services and data available in the event of disaster and/or how to restore critical services in an acceptable time frame.
     
  • Physical security: protect against property damage or theft by establishing rules for granting access to equipment, identifying sensitive areas, authorized personnel, the removal of equipment from the premises, and any required locks and/or video surveillance.


Security policies, like most policies, require sufficient staff and volunteer training as well as designating a role within the organization to be responsible for maintaining the policy, integrating the policy into practice, and driving compliance. Most security policies should be reviewed annually to make sure they are still applicable, that they conform with current good practices, and that they are otherwise sufficient.  There may be circumstances that arise that may call for an earlier review such as when the organization does a security assessment or suffers a security breach that highlights one or more weaknesses in current policies.


Sample Security Policies


Company Cyber Security Policy Template
Security Policy Templates
IT security policies
30 Free IT Security Policy Templates for Businesses

Contents

Toolkit chapter traversal links for 5. Security Toolkit: Security Policies

  • Previous
    4.8 Security Toolkit: Other Tips on Technology Setup
  • Next
    6. Security Toolkit: Training
Join the Community! It's your best resource to get the answers you need.
Sign up today
dark purple dots
Legal Services National Technology Assistance Project

Key Resources

  • Browse by Topic
  • Tech Assistance
  • Tools & Resources
  • Log in

Get Involved

  • Share Your Knowledge
  • Events
  • Give us Feedback

Connect with us

Like on Facebook
Follow on Twitter
Subscribe on YouTube
Legal Services National Technology Assistance Project can leverage technology for better client service with LSNTAP's training, resources, and online community. Empowering them to serve their communities more effectively.

Our Partners

Logo for Michigan Advocacy Program white logo for Legal Services Corporation