Open source information security policies
Here's a set of documents you can use under open source licensing to kickstart your information security policy and program work.
Every company needs rules of the road to help it's staff, contractors, interns, etc understand what to do and not do to ensure a consistent security posture.
These are written such that they can become part of your employee handbook with an annual refresh/attestation signature.
Feel free to use these policies as is, or tailor them to your environment.
Programs
As with policy, every company needs a base set of information security programs. Included here are starter kits for Vulnerability Management, Data Security and Incident Response programs.