We faced the same issue, at ultimately ended up "borrowing" an IS policy from another local bank that had completed theirs and was willing to "share". We used their policy as a guide for writing ours, tweaking it to meet our needs. (plagerism is highly recommended in cases such as these!) We did, however, conduct a comprehensive bank-wide survey of all our IS practices, and worked our existing e-mail and computer access polcies into the final product. Ours ended up being about 40 pages long. Good luck!
_________________________
Being kind is more important than being important.