What's the difference between Leitlinie, Richtlinie, and Verfahren — and how do they map to the English Policy, Standard, Guideline, Procedure?
Leitlinie (Policy) = high-level intent, Richtlinie (Standard / Guideline) = concrete rules, Verfahren (Procedures) = step-by-step instructions. German loses the Standard/Guideline distinction.
* Policy tower DE to EN: German collapses the mandatory Standard and the advisory Guideline into one word, Richtlinie — which is why audit consequences can differ. *
| English | German | Detail level |
|---|---|---|
| Policy | Leitlinie | Überblick (overview, "we will protect customer data") |
| Standard | Richtlinie | Konkreter (e.g., "passwords must be 12+ chars") |
| Guideline | Richtlinie | Konkreter (e.g., "we recommend Argon2id for new systems") |
| Procedures | Verfahren | Konkret (step-by-step playbook) |
"Es gibt leider immer einige Verwirrung um die Begriffe Leitlinie und Richtlinie" because German doesn't distinguish between mandatory standards and recommended guidelines — both become "Richtlinie."
Why this matters in audits: A control marked as "guideline" can be skipped with justification; a control marked as "standard" cannot. When translating between German and English ISMS docs, watch out — a German "Richtlinie" might be either, and the audit consequences differ.
Tip: Always state the binding force in the document itself ("Diese Richtlinie ist verbindlich für …") rather than rely on the term alone.