Which guidelines and concept documents typically accompany a security policy set — and why "Achtung!" when googling for examples?
User-facing Richtlinien (IT use, internet & e-mail, outsourcing, security advice for users and admins) plus topic concepts (virus protection, backup, emergency preparedness, archiving) — but raw Google templates need careful adaptation.
Typical Richtlinien / guidance documents:
- IT-Sicherheitsleitlinie
- Richtlinie zur IT-Nutzung
- Richtlinie zur Internet- und E-Mail-Nutzung
- Richtlinie zum Outsourcing
- Sicherheitshinweise für IT-Benutzer
- Sicherheitshinweise für Administratoren
Typical Konzepte:
- Viren-Schutzkonzept
- Datensicherungskonzept (backup)
- Notfallvorsorgekonzept (emergency preparedness)
- Archivierungskonzept
The "Achtung!": these names come from a Google search — found templates may be outdated, fit a different legal environment, or promise controls your company doesn't operate. Use them as checklists of what to cover, never as copy-paste policy: an unadapted template creates obligations you can't meet (audit finding) or misses risks you actually have.