Information Security Policy

The information security policy constitutes the highest level of all security policies. According to ISO/IEC 27000, a policy describes the “intentions and direction of an organization as formally expressed by its top management”. The information security policy (according to ISO/IEC 27001) must support the purpose of the organization and should either include security objectives or provide a framework for establishing these objectives. Furthermore, it must make a commitment for the continual improvement of the ISMS (information security management system). According to the best practices of ISO/IEC 27002, the information security policy should define information security, describe principles for activities relating to information security and contain statements regarding the assignment of responsibilities as well as for handling deviations and exceptions.

Your contact for cyber emergencies

Your security is our top priority – our specialists provide you with professional support.

Don’t miss anything! Subscribe to our free newsletter.

Your security is our top priority – our specialists provide you with professional support.

Availability Monday to Friday 8:00 a.m. – 6:00 p.m (exception: customers with SLA – please call the 24/7 IRR emergency number).

Private individuals please contact your trusted IT service provider or the local police station.

What and who is affected?
Who discovered and reported the incident?
How and when was the incident noticed?
What did you observe?
What are you concerned about in connection with the incident?
What actions have already been taken?

For more information about our DFIR services here: