The ISO/IEC 27001 standard has been adopted by worldwide organizations and companies. The main contribution of this paper is to systematically address all 21 requirements consisted of 7 mandatories and 14 categories in ISO/IEC 27001 standard when designing and developing information security management system (ISMS) policies. The PDCA model is adopted, and the statement of applicability is assessed. The 13 policies of ISMS are designed to address the individual requirement of ISO/IEC 27001 standard respectively and effectively.