http://www.isaca.org/Knowledge-Center/cobit/Pages/COBIT-Case-Study-Solo-Cup.aspx

Article on how you can develop a quick set of policies using COBIT as a guideline. You can use HIPAA, NIST or any other framework. For any first attempt, I recommend using COBIT since it is simple and covers most key IT controls.