Policies & Concepts

We effectively create target group- and practice-orientated policies and directives for you that reflect the state of the art. Our aim is to create documents that support your employees in their daily work and are tried and tested in practice.

Discover offer

Tasks

We take care

The security concept according to §166 TKG results in different requirements for policies. We effectively create target group- and practice-orientated policies for you in line with the current state of the art. Thanks to our standardised coordination process, we avoid time-consuming internal coordination rounds and at the same time keep an eye on the effects of the decisions made.

Benefits

At a glance

Practice orientated

At nGENn GmbH, we put people first. Because for us, the most important thing when creating policies and concepts is to support day-to-day work quickly and effectively with practical documents.

Reduced overall effort

As a member of DIN e.V. and an expert in the Requirements, Services and Policies for IT Security Systems working group, we always have an eye on the latest changes in the area of ISO/IEC 27001 and can adapt/align your documents accordingly.

Futureproof

nGENn GmbH is involved in commenting on new legislative proposals. This enables us to assess the impact on our customers at a very early stage.

Information

Background and details

Policies are a written consensus within a company on a topic area. It is not only necessary to bring together the opinions within the company, but also to identify and incorporate all external influences. External influences can arise from the following areas:

Legal requirements (e.g. Telecommunications Act, data protection)
Requirements from certification frameworks (e.g. BSI basic protection or ISO 27001)
Requirements from customer contracts

Once all external influences have been worked out, the company can be led to a consensus.

Depending on the subject area of the policy, reaching a consensus can be simple or complex. For example, consensus can be reached quickly for a policy on cryptography, as the specifications of the Federal Office for Information Security are very clear and unambiguous. [BSI TR-02102 cryptographic procedures: recommendations and key lengths] In contrast, a travel policy requires more consensus (e.g. who is allowed to fly business class?).

As soon as a directive comes into force, it must be regularly reviewed to ensure that it still fulfils the current requirements.

Security policies play a central role in the information security process. The information security officer of a company typically has sovereignty over these special policies.

"What" and "who" questions are answered and basic terms are introduced.

"What": Tasks are operationalised at a medium level of concretisation, thus supporting systematic and consistent processing in line with the protection goals, specifications, resources and framework conditions.
"Who": Those responsible, processors and other parties involved are named transparently.

This is where the distinction to a concept arises. Detailed security measures, which describe how specific aspects of the general policy are to be implemented, are contained in a more comprehensive security concept.

Policies develop from the company's safety policy and are broken down into corresponding fields of action. A policy thus defines the framework conditions for the field of action and makes them transparent for all those involved. The fields of action are presented here in their entirety, justified and interrelationships are shown. Policies can be located in different phases of the safety process and address different target groups.

Team

Reliable contacts

From the initial consultation to the finalised security concept, we are at your side and ensure that you are optimally positioned in accordance with the legal requirements at a low effort.