Benchmarking of information security policies has two challenges: lack of communication between organizations and no two organizations are identical. In this paper, we attempt to propose an artifact for a benchmarking method of information security policy (BMISP), which can resolve the above challenges. We employ design science methodology, activity theory and international standards to design the artifact as a proof of concept. We illustrate the applicability of the artifact using our pilot data.