The PolicyWizard Trademark wordmark logo.

Most people who review or write security policies were never taught how.

This course changes that. You'll learn to write policies that reflect the real conditions of your organisation, equip your team to act on them, and hold up when an auditor asks questions.

PolicyWizard has been training Information Security Practitioners for the last five years.

  • 600+ practitioners trained

  • 184 ⭐⭐⭐⭐⭐ ratings

“There is nothing like this available, so it greatly fills a need in the GRC space.”

Alana B: VP of Information Security Risk and Governance

Access the course - £575

Who this course is for

Stuart crafted this course for security managers, GRC practitioners, and policy leads who are responsible for policy outcomes and want to do the work properly.

That includes people who inherited a policy framework and need to understand it from the ground up, practitioners moving into a policy or GRC role for the first time, and security leaders who want the rigour and confidence to review and approve documents and to build something that holds up under scrutiny.

You do not need to be a technical specialist. You need to care about getting it right.

Access the course
CISPW Logo

The Certified Information Security Policy Writer (CISPW) exam is coming soon!

Meet the PolicyWizard™!

I'm Stuart Wedge, a security practitioner and PolicyWizard with nineteen years of experience in the military, physical, and information security.

My certifications include CRISC, ISO 27001 Lead Auditor and Implementer, ISO 27005 CIS RM, and many more topic-specific courses.

I've written hundreds of policies, developed security risk management functions, and implemented ISO 27001. I've coached and trained many members of the security community.

Now, I want to help you.

Mission Statement

Reduce the impact of malicious behaviour on global businesses by empowering thousands of Information Security practitioners with the confidence, knowledge, and tools to apply policies and advanced Governance, Risk Management, and Compliance (GRC) methodologies to fortify their organisations against unmitigated protection gaps.

Customer testimonial

When a Global Head of Information Security reviews your course 😍

Four security practitioners in circles. Two female and two male

184 ⭐⭐⭐⭐⭐ Ratings

Join Lupe, Alana, Richard, Kaz, and over 600 of your industry colleagues

  • £575

Information Security Policy Writer

  • Course
  • 66 Lessons

The ISPW course is for security managers, and GRC practitioners who want to use policy as a tool to build security programs. It's a complete solution for identifying, assessing, recording, communicating, and mitigating security risks. We focus on policies but teach all necessary GRC skills. You'll learn all you need to provide a defined, monitored, and controlled area where you can operate without interference.
Access the course. You're ready!
Aaron Strong profile picture

Aaron said this about the course…

“Thanks for your fantastic insights and also for creating the PolicyWizard course. It has helped make me better at my job!”

184 ⭐⭐⭐⭐⭐ Reviews

Roles that require policy development

Policy development is a great skill for any Information Security and Cyber Security practitioner. The roles below are just a few where you may be required to develop Security policies or collaborate with those who do. 

Auditors

Auditors are the people that ensure the controls we say are in place to mitigate security risk are in place, working as intended, and documented. They need to read and understand policies and procedures, gather evidence and then confirm their assurance of compliance.

Cyber security managers

Part of your responsibilities will require you to collaborate with GRC personnel to review and sign off on security policies and procedures. If you understand why the policy is necessary and how to ensure specific security controls are documented and implemented from the policies, you will be far more effective in your role. 

GRC practitioners

My market research proves that the majority of Governance, Risk and Compliance positions require candidates to understand the development process for security policies. Companies need policies to meet the requirements of security frameworks. If you can do that, the position is far more attainable. 

Security architects

As subject matter experts (and the people that designed the systems), you are best placed to be able to provide knowledge of the systems architecture. Your insight, expertly woven into the security policies and procedures, will ensure that your designs are used in the manner that they were intended to be. 

Security awareness & culture

As the people trying to bring security messaging to the company's staff, you will need to engage with the policy writers to ensure that the content within the policies meets the security team's needs but is also designed to fit within the company culture. 

Senior security analysts

As a senior team member, leadership will look to you to provide guidance to junior analysts and improve procedures and playbooks as the team's maturity improves over time. You will need to know how to write policies and procedures to do this. 

Students & transitioning

An employer will view anyone trying to break into the industry as more valuable if they can write great policies and reports. You instantly provide more ability than someone who does not have this skill, setting you above competitors for open cyber roles. 

Vulnerability managers

A considerable part of their job is to communicate with other departments. They ensure that system owners are fixing the vulnerabilities. To be effective, the Vulnerability teams need to collaborate with policy writers to implement the management controls that enforce the requirement for teams to remediate.  

Testimonials

We are great, but don't take our word for it. Here is what these fine folks have to say ⬇

Richard B

LinkedIn Profile

⭐⭐⭐⭐⭐  
Last night I completed the Security Policy course by the PolicyWizard 🧙‍♂️... and I'm feeling empowered! ✨✨... I highly recommend this course if you want to boost your cybersecurity skills and understanding.  

Alana B

LinkedIn Profile

⭐⭐⭐⭐⭐
I love the passion you bring to the policy world! For what many consider a boring topic, the way you present it shows how critical a function it is and all that's required to craft and maintain a well-built policy - as well as the impact that good policy has on an organization and as a foundation piece of an ISMS. Also, there is nothing like this available, so it greatly fills a need in the GRC space. Thank you for building this course!  

Kaz B

LinkedIn Profile

⭐⭐⭐⭐⭐
Learn about security policies without breaking the bank. Also, for the avoidance of doubt, you don't need to be an IT or Cyber guru to understand, appreciate, and implement the skills that Stuart teaches you. Policy writing is both an art and a science; set yourself up on a great trajectory by doing the course today! 

Robinson U

LinkedIn Profile

⭐⭐⭐⭐⭐
Excellent course. I learned a whole lot. my key takeaway is ensuring that policies are communicated clearer so non-techies can understand. 

Audrehona M

⭐⭐⭐⭐⭐
I went ahead and started binge-watching some of your content. Definitely useful information. Simple, concise, and easy to understand. I will be paying it forward by following along and sharing the knowledge.

Isabelle

⭐⭐⭐⭐⭐
The course did a great job of explaining the core subjects. I learn a lot better if I can read along. It helps keep me engaged, so I appreciated the content had audio and written instructions so I could follow along. 

Mohammed K

⭐⭐⭐⭐⭐
Excellent course; the practical labs helped me think about the policy's content & how to structure the policy. 

Tom C

⭐⭐⭐⭐
A great introduction to security policy writing, with a lot of considerations that might not be obvious, such as encouraging buy-in from the audience. 

Mark M

⭐⭐⭐⭐⭐ 
Well presented and kept nice and simple

Andreas K

⭐⭐⭐⭐⭐ 
Very good for beginners. And Stuart was right: even as an experienced policy writer, you will find your nuggets.

Arron

⭐⭐⭐⭐⭐
Easy to follow along and great 'real-world' information. I just started writing policies at work, and this has helped shape my writing... by monkeys ;) 

Kevin R

⭐⭐⭐⭐⭐
Very good and informative course, which I took a lot from. 

  • £575

Information Security Policy Writer

  • Course
  • 66 Lessons

What are you waiting for?

184 ⭐⭐⭐⭐⭐ Reviews

Frequently asked questions

You’ve got questions. We’ve got answers.

How long does it take?

4 hours of video training. Estimate the total time at 10 hours.

What language is the course delivered in?

English (United Kingdom)

Is it really lifetime access?

Absolutely! If the business is running, the course will always be here.

What if I need help?

Your course includes access to the PolicyWizard Discord. Feel free to ask questions in the community, send a message directly to me in the chat, or purchase a 1:1 coaching session.

How do I get a refund?

To discourage Intellectual Property (IP) theft, I do not offer refunds for training. Please read the Terms (Linked at the bottom of the page) before you purchase for full details.

I loved the course. What are you building next?

A coaching program and a certification are in the pipeline.