There are Three Types of Policies

591 Words2 Pages
Policies are considered management instructions that indicate a predetermined course of action, or a way to handle a problems or even situations. They are high-level statements that provide guidance to the workers who must make present as well as future decisions. Policies are typically generalized requirements that must be written down and then communicated to certain groups of people inside, and in some cases outside, a particular organization. Policies can also be thought of as business rules. Although information security policy documents tend to vary from organization to organization, a typical policy document includes a statement of purpose, a description of the people that are affected, a breakdown of history of revisions, and a few definitions of special terms and specific policy instructions from management. Policies are mandatory and can be though of as equivalent or equal to that of organization-specific law. When a worker wishes to take a course of action that is not in compliance with policy, special approval is required. Because compliance is mandatory, policies use specific yet definitive words like "must not" or "you must." The words used to compose policies must convey both certainty and unquestionable management support.
Standards, unlike policies entail more detailed statements of what must be done to comply with a policy. Standards usually cover details such as the implementation steps; systems design concepts, specifications of software
Get Access