Professional Documents
Culture Documents
[Organization logo] Commented [EU GDPR1]: All fields in this document marked
by square brackets [ ] must be filled in.
[Organization name]
Date of version:
Created by:
Approved by:
Confidentiality level:
©2017 This template may be used by clients of Advisera Expert Solutions Ltd. www.advisera.com in accordance with the License
Agreement.
[organization name] [confidentiality level]
Change history
Date Version Created by Description of change
Table of contents
1. PURPOSE, SCOPE AND USERS ..............................................................................................................3
©2017 This template may be used by clients of Advisera Expert Solutions Ltd. www.advisera.com in accordance with the License
Agreement.
[organization name] [confidentiality level]
This document is applied to the entire Information Security Management System (ISMS) scope, and
to all personal data processing activities.
2. Reference documents
ISO/IEC 27001 standard, clauses A.9.2.1, A.9.2.2, A.9.2.4, A.9.3.1, A.9.4.3
EU GDPR Article 32
Information Security Policy
Statement of Acceptance of ISMS documents
3. User obligations Commented [EU GDPR4]: Delete this whole section if the
rules are already prescribed in the IT Security Policy.
Users must apply good security practices when selecting and using passwords: Commented [EU GDPR5]: Adapt these rules according to
assessed risks.
passwords must not be disclosed to other persons, including management and system
administrators
passwords must not be written down, unless a secure method has been approved by [job
title]
user-generated passwords must not be distributed through any channel (by oral, written or
electronic distribution, etc.); passwords must be changed if there are indications that
passwords or the system might be compromised – in that case a security incident must be
reported
strong passwords must be selected, in the following way:
©2017 This template may be used by clients of Advisera Expert Solutions Ltd. www.advisera.com in accordance with the License
Agreement.