Policies
Ready-to-use policy templates, customised for your organisation.
Live preview Export DOCX / PDF
Information Security Policy
Northwind Logistics GmbH · Version 1.3 · Owner: Chief Information Security Officer
1. Purpose
This policy establishes the principles and responsibilities for protecting the confidentiality, integrity and availability of information processed by Northwind Logistics GmbH, in line with NIS2 and ISO/IEC 27001.
2. Scope
This policy applies to all employees, contractors and third parties who access Northwind systems, data or facilities.
3. Principles
- Information is classified and handled according to its sensitivity.
- Access is granted on a least-privilege, need-to-know basis.
- All critical systems require multi-factor authentication.
- Security risks are assessed and treated through the risk-management process.
4. Responsibilities
| Role | Responsibility |
|---|---|
| Management | Provide resources and set the risk appetite |
| CISO | Maintain the ISMS and report on its performance |
| All staff | Complete security-awareness training and report incidents |
5. Incident Reporting
Suspected security incidents must be reported to the security team without delay. Significant incidents are reported to the relevant CSIRT in line with the NIS2 24-hour early-warning requirement.