LOGBOOK

HELP

Quiz Entry - updated: 2026.07.05

Why should every company have a written information security policy?

Because it demonstrably anchors security at management level — showing the company takes security seriously, aligns it with leadership, and resources it properly.

A written IS policy demonstrates that:

  • the company takes InfoSec and data protection seriously
  • it maintains systems that protect these
  • there is clear alignment between information security and the Geschäftsleitung
  • a deliberate strategy is being pursued
  • an effective organization is being built
  • sufficient finances and resources must be provided

The key word is "demonstrate": the policy is the company's externally and internally visible commitment. Customers, auditors, regulators, courts, and insurers ask for it first. Internally, it's the document the CISO points to when a business unit asks "says who?" — the answer is "the CEO, here's the signature."

Go deeper:

From Quiz: ISM / Policies, Concepts & Guidelines | Updated: Jul 05, 2026