The PolicyWizard Trademark wordmark logo.

The only training you will ever need on Security Policy

Discover how to use policy and GRC as a tool to close security gaps, implement change, reduce friction, and act strategically.

  • Learn about the source of all control

  • Influence security decisions confidently

  • Communicate risk in business-relevant ways

  • Get leadership support for your policy decisions

  • Implement security controls effectively

Access the course - £575

“Thanks for your fantastic insights and also for creating the PolicyWizard course. It has helped make me better at my job!”

CISPW Logo

Buy this course before the end of 2025 and get a free upgrade to include the Certified Information Security Policy Writer (CISPW) exam in 2026!

Policies are the North Star ⭐ for all security teams. They are a record of your decisions, how you want people to act, and the guidance for how to securely configure the protective controls of the operating environment.

Busy putting out fires?

GRC offers a structured approach for aligning Information Security with business objectives, mitigating risk, and ensuring regulatory compliance. For security leaders, it transforms security from a firefighting function with no time to build into a strategic asset that creates the procedures and processes your team will use to proactively mitigate security concerns.

Communicating expectations

Policy writing is essential to GRC, as it communicates security expectations and responsibilities to individuals within the business who manage the operational environment and information systems. Well-crafted policies turn complex requirements into practical guidance, ensuring consistency and accountability across the organisation.

Enhance your leadership credibility

Strong GRC and policy practices enhance leadership credibility and support a security-focused business. They demonstrate that risks are understood and effectively managed, enabling organisations to adapt to evolving threats and regulations.

Meet the PolicyWizard™!

I'm Stuart Wedge, a security practitioner and PolicyWizard with nineteen years of experience in the military, physical, and information security.

My certifications include CRISC, ISO 27001 Lead Auditor and Implementer, ISO 27005 CIS RM, and I've trained with Dr Richard Diston, learning the Real Security Management model.

I've written hundreds of policies, developed security risk management functions, and implemented ISO 27001. I've coached and trained many members of the security community.

Now, I want to help you.

Create effective Security Policy

Taking this Security Policy and GRC course will provide you with the knowledge you need to build an effective security program and implement security improvements in global organisations.

Your policy and governance decisions will target the most critical security risks while also reducing the risk of accidental data breaches. 

You'll also be able to help your team build customer trust in your business by meeting the requirements of ISO 27001, GDPR, SOC 2, PCI: DSS, and HIPAA, to name a few. 

Do your career a favour and sign up for the course today!  

Access the course
Customer testimonial

When a Global Head of Information Security reviews your course 😍

Four security practitioners in circles. Two female and two male

184 ⭐⭐⭐⭐⭐ Ratings

Join Lupe, Alana, Richard, Kaz, and over 600 of your industry colleagues

  • £575

Information Security Policy Writer

  • Course
  • 66 Lessons

The ISPW course is for security managers, and GRC practitioners who want to use policy as a tool to build security programs. It's a complete solution for identifying, assessing, recording, communicating, and mitigating security risks. We focus on policies but teach all necessary GRC skills. You'll learn all you need to provide a defined, monitored, and controlled area where you can operate without interference.
Access the course. You're ready!

Standard on all courses

Built for all learning styles

Lifetime access

Subtitles

Transcripts

Aaron Strong profile picture

Aaron said this about the course…

“Thanks for your fantastic insights and also for creating the PolicyWizard course. It has helped make me better at my job!”

184 ⭐⭐⭐⭐⭐ Reviews

Roles that require policy development

Policy development is a great skill for any Information Security and Cyber Security practitioner. The roles below are just a few where you may be required to develop Security policies or collaborate with those who do. 

Auditors

Auditors are the people that ensure the controls we say are in place to mitigate security risk are in place, working as intended, and documented. They need to read and understand policies and procedures, gather evidence and then confirm their assurance of compliance.

Cyber security managers

Part of your responsibilities will require you to collaborate with GRC personnel to review and sign off on security policies and procedures. If you understand why the policy is necessary and how to ensure specific security controls are documented and implemented from the policies, you will be far more effective in your role. 

GRC practitioners

My market research proves that the majority of Governance, Risk and Compliance positions require candidates to understand the development process for security policies. Companies need policies to meet the requirements of security frameworks. If you can do that, the position is far more attainable. 

Security architects

As subject matter experts (and the people that designed the systems), you are best placed to be able to provide knowledge of the systems architecture. Your insight, expertly woven into the security policies and procedures, will ensure that your designs are used in the manner that they were intended to be. 

Security awareness & culture

As the people trying to bring security messaging to the company's staff, you will need to engage with the policy writers to ensure that the content within the policies meets the security team's needs but is also designed to fit within the company culture. 

Senior security analysts

As a senior team member, leadership will look to you to provide guidance to junior analysts and improve procedures and playbooks as the team's maturity improves over time. You will need to know how to write policies and procedures to do this. 

Students & transitioning

An employer will view anyone trying to break into the industry as more valuable if they can write great policies and reports. You instantly provide more ability than someone who does not have this skill, setting you above competitors for open cyber roles. 

Vulnerability managers

A considerable part of their job is to communicate with other departments. They ensure that system owners are fixing the vulnerabilities. To be effective, the Vulnerability teams need to collaborate with policy writers to implement the management controls that enforce the requirement for teams to remediate.  

Testimonials

We are great, but don't take our word for it. Here is what these fine folks have to say ⬇

Richard B

LinkedIn Profile

⭐⭐⭐⭐⭐  
Last night I completed the Security Policy course by the PolicyWizard 🧙‍♂️... and I'm feeling empowered! ✨✨... I highly recommend this course if you want to boost your cybersecurity skills and understanding.  

Alana B

LinkedIn Profile

⭐⭐⭐⭐⭐
I love the passion you bring to the policy world! For what many consider a boring topic, the way you present it shows how critical a function it is and all that's required to craft and maintain a well-built policy - as well as the impact that good policy has on an organization and as a foundation piece of an ISMS. Also, there is nothing like this available, so it greatly fills a need in the GRC space. Thank you for building this course!  

Kaz B

LinkedIn Profile

⭐⭐⭐⭐⭐
Learn about security policies without breaking the bank. Also, for the avoidance of doubt, you don't need to be an IT or Cyber guru to understand, appreciate, and implement the skills that Stuart teaches you. Policy writing is both an art and a science; set yourself up on a great trajectory by doing the course today! 

Robinson U

LinkedIn Profile

⭐⭐⭐⭐⭐
Excellent course. I learned a whole lot. my key takeaway is ensuring that policies are communicated clearer so non-techies can understand. 

Audrehona M

⭐⭐⭐⭐⭐
I went ahead and started binge-watching some of your content. Definitely useful information. Simple, concise, and easy to understand. I will be paying it forward by following along and sharing the knowledge.

Isabelle

⭐⭐⭐⭐⭐
The course did a great job of explaining the core subjects. I learn a lot better if I can read along. It helps keep me engaged, so I appreciated the content had audio and written instructions so I could follow along. 

Mohammed K

⭐⭐⭐⭐⭐
Excellent course; the practical labs helped me think about the policy's content & how to structure the policy. 

Tom C

⭐⭐⭐⭐
A great introduction to security policy writing, with a lot of considerations that might not be obvious, such as encouraging buy-in from the audience. 

Mark M

⭐⭐⭐⭐⭐ 
Well presented and kept nice and simple

Andreas K

⭐⭐⭐⭐⭐ 
Very good for beginners. And Stuart was right: even as an experienced policy writer, you will find your nuggets.

Arron

⭐⭐⭐⭐⭐
Easy to follow along and great 'real-world' information. I just started writing policies at work, and this has helped shape my writing... by monkeys ;) 

Kevin R

⭐⭐⭐⭐⭐
Very good and informative course, which I took a lot from. 

Mission Statement

Reduce the impact of malicious behaviour on global businesses by empowering thousands of Information Security practitioners with the confidence, knowledge, and tools to apply policies and advanced Governance, Risk Management, and Compliance (GRC) methodologies to fortify their organisations against unmitigated protection gaps.

Linked_inYoutubeWebsiteMail
CISPW Logo

Don't forget to buy now and get your free upgrade to include the Certified Information Security Policy Writer (CISPW) exam in 2026!

  • £575

Information Security Policy Writer

  • Course
  • 66 Lessons

What are you waiting for?

184 ⭐⭐⭐⭐⭐ Reviews

Frequently asked questions

You’ve got questions. We’ve got answers.

How long does it take?

4 hours of video training. Estimate the total time at 10 hours.

What language is the course delivered in?

English (United Kingdom)

Is it really lifetime access?

Absolutely! If the business is running, the course will always be here.

What if I need help?

Your course includes access to the PolicyWizard Discord. Feel free to ask questions in the community, send a message directly to me in the chat, or purchase a 1:1 coaching session.

How do I get a refund?

To discourage Intellectual Property (IP) theft, I do not offer refunds for training. Please read the Terms (Linked at the bottom of the page) before you purchase for full details.

I loved the course. What are you building next?

A coaching program and a certification are in the pipeline.