Top

Relationship between a policy, standard, guideline, and procedure

May 16, 2009 by  

After a recent conversation explaining the relationship between a standard and guideline, I thought I’d post this diagram which clearly shows the relationship, at that of policies and procedures.

policy_standard_guideline_procedures

Source: CISA Certified Information Systems Auditor Study Guide

Filed Under: InfoSec
Tagged: , , ,

Comments

2 Responses to “Relationship between a policy, standard, guideline, and procedure”

  1. Kim on November 4th, 2009 2:46 am

    This model explains the relationship between a policy and procedure perfectly! Thanks.

  2. James Wilson on February 15th, 2011 8:23 am

    Intrinsically, it seems to me the a standard is a high order entity from which policy is derived, thus it was very interesting to review this diagram and reflect. Not sure that the particular arrows or flow in this diagram necessarily goes again my initial statement.

    I review standards established by my peers, the industry, and then from that establish our own internal policy. Based upon standards, here is our policy.

    I do think that from a communication perspective, it might make sense to reverse the order for clarity and consistency.

    “Here is the policy… it is derived from the following standard.”.

    Just a thought…

Feel free to leave a comment...
and oh, if you want a pic to show with your comment, go get a gravatar!





Bottom