If it might help anyone else doing this 201 CMR 17 WISP document, here are some examples that I found. It actually looks amazingly simpler than what I was at first anticipating. Easy read, less technical: http://nengroup.com/the-basics/products-and-services/ma-201-cmr-17/mass-201-cmr-17-comprehensive-information-security-program-example/ More technically written, but good: http://www.201cmr17.com/Sample%20Information%20Security%20Policy.htm An astute reader might note that some of these paragraph sections are exactly the same (borrowed perhaps from another location). Good luck to all involved in this, and please share back any good resources you have found that might help all of us trying to finish up by March 1. David