SID-ORG-01 — Information Security Policy

Property	Value
Owner	operator
Category	policy
CSF Function	govern
Group	Governance and Policy Controls

Description

Establish, publish, and maintain an information security policy approved by management. Must cover wallet service scope, risk appetite, roles and responsibilities, and commitment to continuous improvement. Review annually or after significant changes.

Framework Requirements

EUDI Security Requirements: GEN-6.3-01

ISO 27001 Annex A: A.5.1, A.5.4

GDPR Checklist: Create an internal security policy