Home Compliance & Certification Cybersecurity Guidelines Guide

Cybersecurity Guidelines Guide

Last updated on Sep 25, 2025

1. Purpose of this Guide

This artefact shows your company has written cybersecurity guidelines for staff. Cyber compliance requires this because every knight (staff member) needs a rulebook — clear, simple instructions on how to stay safe in daily work. Without them, employees may accidentally leave the gates wide open to attackers.

2. What You Will Submit

You will need:

  • Your Cybersecurity Guidelines document (policy or handbook).

  • It should cover:

    • Password hygiene and multi-factor authentication.

    • Safe internet and email use (how to spot phishing).

    • Device protection (locking screens, patching, antivirus).

    • Secure handling of sensitive data (storage and sharing).

    • Role-based guidance (e.g. IT admins, finance staff, HR).

3. How to Collect / Obtain / Generate This Evidence

  • If starting from scratch:

    1. Open StrongKeep's Cybersecurity Guidelines Template

    2. Add your company name, logo, and version history.

    3. Write sections for:

      • Passwords & Access: Use MFA, avoid password reuse.

      • Email & Phishing: Don’t click suspicious links, report attempts.

      • Device Care: Keep software updated, lock devices, no personal USBs.

      • Data Handling: Share only with authorised staff, use secure platforms.

      • Role-Specific Rules: Tailor guidelines for high-risk groups like IT and Finance.

    4. Save as PDF/DOCX.

    5. Circulate to staff and confirm acknowledgement (e.g. email or HR system).

  • If you already have a cybersecurity policy or handbook:

    • Export it to PDF or Word.

    • Make sure it’s written in plain language staff can understand.

4. Evidence Format

  • Accepted file types: DOCX, PDF.

  • Suggested naming format:
    YourCompanyName_CybersecurityGuidelines_YYYY-MM-DD.pdf
    Example: AcmeCorp_CybersecurityGuidelines_2025-07-01.pdf

5. What “Good” Looks Like

  • Easy to read (plain language, no jargon).

  • Covers core cyber hygiene practices (passwords, phishing, device use).

  • Includes role-specific advice (different rules for admins vs general staff).

  • Shows version history — proving it’s updated, not abandoned.

Why it matters: auditors want to see staff aren’t left guessing — they have a written guide to follow.

6. Tips

  • Keep it short and usable (one pager or handbook, not 50 pages).

  • Update yearly or after major incidents.

  • Align with your training program so staff get consistent messages.