To carry out the design of an information security policy in the cloud oriented to micro-enterprises in the department of Huila, it is important to define a main objective that seeks to create a high level of responsibility regarding information security. The first stage of the project is aimed at finding the main elements for the implementation of the NTC-ISO/IEC 27001:2013 standard, such as: service providers, types of backups, cloud architecture, advantages of using the cloud etc After having defined the previous points, it is important to specify that the main objective of this project is to create and implement security policies establishing a high level of reliability, integrity and availability of information, through secure practices in the area of information technologies. information (IT) In the final stage, policies are designed that, when implemented, will improve access and availability of information and will reduce the inherent risks.