Share Post

Policy

  • A policy is a high level statement that reflects the intent and direction from the top management. Once published, it is mandatory for everyone within the organization to abide by the policy.
  • Policy is a statement of expectation that is enforced by standards and further implemented by procedures.
  • External influencers, such as statutory, regulatory, or contractual obligations, are commonly the root cause for a policy’s existence.

Standard

  • Standards are formally-established requirements in regard to processes, actions, and configurations.
  • A standard is nothing but an acceptable level of quality.
  • A standard can be used as a reference document for implementing a policy.
  • Exceptions are always to Standards and never to Policies. If a standard cannot be met, it is generally necessary to implement a compensating control to mitigate the risk associated with that deficiency.

Procedure

  • A procedure is a series of detailed steps to be followed for accomplishing a particular task.
  • Procedures are the responsibility of the asset custodian to build and maintain in support of standards and policies.  It is often implemented or referred to in the form of a standard operating procedure(SOP).

Guidelines

  • A guideline contains additional recommendations or suggestions that are not mandatory to follow. They are best practices that may or may not be followed depending on the context of the situation.
  • Guidelines are generally recommended practices that are based on industry-recognized practices or cultural norms within an organization.

Contact Us

cybercomply can help you to prepare the policy, procedure and standard through our service :  Cybersecurity Compliance Documentation, which is available as 1 Year or 3 Year package. This will help your companies’ journey to achieve, and maintain any international cybersecurity standard or compliance like ISO 27001, PCI DSS, NIST, NESA, NCA ECC etc.

Get in touch with one of our consultants and let us know what your business needs.


Share Post