There are some basic elements that your policy has to contain. Of course, it should be about what you do with the information that your client gives you.
You can write something around these lines: "Information collected by you or you company will only be used by yourself or by your company." and confirm that this information will not be sold/distributed/disclosed to any other business or third-party or partner, etc.
Also, make sure to include in which cases you would actually breach this non-disclosure agreement. ex: request from a government agency or if you need to disclose "x" information to provide a certain service.
If someone wants you to sign an NDA, let them provide it for you. Most NDA's are difficult to enforce and not nearly as binding as people think. See what they send you, and if you are comfortable with it just sign it.
If a client came to me and said 'we want an NDA and you have to prepare it' I would find that kind of silly. If they want the protection of the NDA, let them put it together. In so many cases, NDA's are more important to amateurs than experienced professionals. For example, in the startup world I get asked to sign NDA's by unfunded startups with nothing but an idea, but the VC's with the killer apps never bother with it.
The fewer our wants, the nearer we resemble the gods. — Socrates