Implementing InfoSec policies for a baseline level of protection is one of the key pillars in a healthy IT environment. An extensive set of InfoSec policies and the global implementation poses a challenge. The focus will be on choosing the baseline requirements, aligning them with the InfoSec policy framework, controlling the implementation timeline and aligning with the budget planning process.