ISMS Policy Templates

Professional and comprehensive templates for security policies according to ISO 27001, TISAX®, KRITIS, ... multiple tested, state of the art, proven for years.

Nothing works in security without guidelines!

Guidelines and policies are like the road traffic regulations in information security. The various standards and laws (ISO 27001, TISAX, BSI IT-Grundschutz, KRITIS, ...) require a whole set of general as well as topic-specific guidelines. They define the rules within an organization, approve them and thus declare them to be binding. 

Isms Policies EN

ISMS Policy Templates

We have practical guidelines for almost all relevant areas that are lived in certified companies for years. There is no need to reinvent the wheel here. The efficient way is to use templates, shorten them and adapt them to company specifics. We offer the following policy templates as a part of our consulting services:


  • Scope-Document
  • Key figures
  • Management report
  • Document control
  • Security policy or guideline

Target group 'all employees'

  • Policy on the Acceptable Use of IT Systems
  • Information classification

Specific topics

  • Mobile working / home office
  • Physical security 
  • Prototype protection (TISAX)
  • Supplier security
  • Personal safety
IT specific
  • SIEM concept
  • IT-Admin-Policy or secure IT operations
  • Backup concept
  • IAM & Access Control
  • Secure software development
  • Security concept (KRITIS)
  • Process description Vulnerability Management
  • Cloud policy
Crisis Management
  • IT Emergency Management Manual
  • Crisis Management Manual
  • Emergency concept
  • Ransomware checklist

Our motto for guidelines: The defined rules are effective (achieve the desired level of security), economical (reasonable cost-benefit ratio) and attractive (are easy to understand and fit in with the corporate culture).