Template: Management Approval
Instructions
Documents the formal approval of risk management measures by management under §38(1) BSIG. Personal liability of management in case of breach — careful documentation is a protective mechanism.
Approval Master Data
| Field | Value |
|---|---|
| Approval ID | APP-NIS2-YYYY-XXX |
| Date | |
| Occasion | [ ] Initial approval [ ] Annual confirmation [ ] Event-driven (change) |
| Reporting period | [from – to] |
| Prepared by (CISO) |
Documents Submitted
| Document | Version / date |
|---|---|
| Risk register | |
| ISMS policy | |
| §30 No. 1–10 measures catalogue | |
| Effectiveness report | |
| Incident statistics for the period | |
| Audit reports (internal / external) | |
| Action plan for next year |
Approval of §30 Measures
| No. | Measure | Evidence submitted | Approved |
|---|---|---|---|
| 1 | Risk analysis & ISMS | [ ] | |
| 2 | Incident management | [ ] | |
| 3 | Business continuity | [ ] | |
| 4 | Supply chain | [ ] | |
| 5 | Vulnerabilities | [ ] | |
| 6 | Effectiveness review | [ ] | |
| 7 | Training | [ ] | |
| 8 | Cryptography | [ ] | |
| 9 | Access control | [ ] | |
| 10 | MFA & secure communication | [ ] |
Discussion and Adjustments
| Item | Management remark | Decision |
|---|---|---|
Resource Authorisation
| Measure | Budget (EUR) | Personnel resources | Target date | Owner |
|---|---|---|---|---|
§38(3) Training Confirmation
| Management member | Last training | Training ID |
|---|---|---|
Management Statement
The undersigned members of management confirm by their signature that they have reviewed and approved the submitted risk management measures under §30 BSIG. Management commits to overseeing proper implementation in accordance with §38(1) BSIG.
Signatures
| Management member | Function | Date | Signature |
|---|---|---|---|
Retention
- Indefinitely in the central compliance archive
- Original physically and digitally signed
- Next regular confirmation: +12 months after this date