Relationship between a policy, standard, guideline, and procedure

May 16, 2009 by  

After a recent conversation explaining the relationship between a standard and guideline, I thought I’d post this diagram which clearly shows the relationship, at that of policies and procedures.


Source: CISA Certified Information Systems Auditor Study Guide


2 Responses to “Relationship between a policy, standard, guideline, and procedure”

  1. Kim on November 4th, 2009 2:46 am

    This model explains the relationship between a policy and procedure perfectly! Thanks.

  2. James Wilson on February 15th, 2011 8:23 am

    Intrinsically, it seems to me the a standard is a high order entity from which policy is derived, thus it was very interesting to review this diagram and reflect. Not sure that the particular arrows or flow in this diagram necessarily goes again my initial statement.

    I review standards established by my peers, the industry, and then from that establish our own internal policy. Based upon standards, here is our policy.

    I do think that from a communication perspective, it might make sense to reverse the order for clarity and consistency.

    “Here is the policy… it is derived from the following standard.”.

    Just a thought…

Feel free to leave a comment...
and oh, if you want a pic to show with your comment, go get a gravatar!


Warning: Unknown: open(/home/content/30/5076530/tmp/sess_5sjk69u5rr7o0ugdlvjbl6b930, O_RDWR) failed: No such file or directory (2) in Unknown on line 0

Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct () in Unknown on line 0