Information security policies are formal, documented guidelines and rules that outline an organization's approach to managing and protecting its sensitive information. These policies provide a framework for defining responsibilities, objectives, and security controls to safeguard data and ensure adherence.
At Munich Re Service GmbH, we have implemented the Information Security Management System (ISMS) certified according to the ISO27001 standard. In the scope of ISMS, our Information Security Policy is created and annually reviewed and approved by the company management.
Based on the Information Security Policy, we have developed comprehensive norms across all areas of the organization, including but not limited to:
- HR Security Guidelines
- Risk Management Guidelines
- Information classification Guideline
- IT Application Development Guideline
- Security Incident Management Work Instruction
- Third Party Management Guideline
- Audit Management Guideline
- User Guideline
- Policy Management Guideline
- Information Security Guideline
Norms are managed centrally and annually reviewed. Once new or updated Norms are published, all company employees are informed.