Leitfaden zur Informationssicherheit Teil 2 - ISMS, Dokumente und Vorlagen

VDMA 2013
82 pages
PDF download
VDMA members: Free of charge

Situation:
The introduction of an information security management system, or ISMS for short, is often difficult for medium-sized companies to master. The demands placed in particular on IT or the person responsible for security tasks are immense. Where do you start, what must be implemented as a minimum and what does a standard strategy look like?

Several companies involved in the VDMA's Information Security Working Group have already faced the problem of introducing an ISMS. The guidelines, solutions and examples developed in this process are part of this guide.

Objective:
The reader of this guide can use the documents and examples to quickly and specifically introduce the topic of information security in their own company. With the help of the guidelines and appendices in this guide, IT/IS security officers can find widely used formulations from various machine and plant manufacturers for complex security tasks.

Target group :
Employees of medium-sized companies who are responsible for IT security or information security and are looking for documents for the rapid introduction of a standardized security organization.

Content:
In this guide you will find sample documents for the rapid and targeted introduction of guidelines within an ISMS. The documents are based on the experience and systems of medium-sized mechanical and plant engineering companies.

Guideline on information security Practical section
Guideline for employees
Guideline for IT system administrators
Guideline on data protection
Guideline for external service providers
Template for commissioned data processing in accordance with Section 11 BDSG
Guideline for local administration rights
Protection class definitions
Confidentiality declaration and
Template for internal audits based on ISO 27000 and
Mapping of BSI basic protection to ISO 27000