Quiz Entry - updated: 2026.07.05
Why should every company have a written information security policy?
Because it demonstrably anchors security at management level — showing the company takes security seriously, aligns it with leadership, and resources it properly.
A written IS policy demonstrates that:
- the company takes InfoSec and data protection seriously
- it maintains systems that protect these
- there is clear alignment between information security and the Geschäftsleitung
- a deliberate strategy is being pursued
- an effective organization is being built
- sufficient finances and resources must be provided
The key word is "demonstrate": the policy is the company's externally and internally visible commitment. Customers, auditors, regulators, courts, and insurers ask for it first. Internally, it's the document the CISO points to when a business unit asks "says who?" — the answer is "the CEO, here's the signature."
Go deeper:
Sicherheitsrichtlinie (Wikipedia DE) — Definition, Pflichtinhalte (Ziele, Organisation, Verantwortlichkeiten) und Bezug zu ISO 27002 / BSI.