https://securityboulevard.com/2021/05/ask-chloe-hackers-rights-and-women-in-infosec/
If overwhelmed with creating your own policies, I highly recommend checking out Disclose.io to start the process – it’s a cross-industry, vendor agnostic standardization project that sets out safe harbor best practices to enable good faith security research.