You can use it to outline and present your company’s general objectives regarding a security policy; it thus acts as an ‘umbrella’ document for all other security-related documentation.

In addition to providing a set of definitions and acronyms companies can use, it includes sections on: information security strategy, internal and external organisation of information security, mobile devices and teleworking, HR IT security, asset management and control, cryptographic control, physical and environmental security, and more.