Information security policies (ISPs) are an essential type of formal control that must be designed in a manner that is easily understandable for employees. Prior studies have recommended the inclusion of actionable advice; however, it is unclear how such advice should be worded to minimize the scope for interpretation. Therefore, this study investigates existing ISPs to assess how clear the pieces of actionable advice are and provide suggestions on how actionable advice should be worded in order to be clear. A qualitative content analysis of 15 ISPs from public agencies in Sweden was conducted with the aid of Orange Data Mining Software. First, the findings revealed an unbalance between the ISPs, where one-third of the ISPs provide over 50% of the analyzed actionable advice. Second, around two-thirds offer advice that is ambiguous and does not provide advice that employees can act upon. We, therefore, recommended that ISP designers exercise caution when using words in the ISP and maintain consistency in their word choices throughout.