Policies, Standards, Guidelines, Procedures/Processes
Saint Louis University has put in place numerous policies, guidelines, standards, standard operating procedures (SOPs), and processes to ensure the security of University information and faculty, staff and students' data.
IT Documentation Framework Definitions
Policy: A formal, brief, and high-level statement or plan that embraces an organization's general beliefs, goals, objectives, and acceptable procedures for a specified subject area. Policies always state required actions, and may include pointers to standards. Policy attributes include the following:
- Require compliance (mandatory)
- Failure to comply results in disciplinary action
- Focus on desired results, not on means of implementation
- Further defined by standards and guidelines
Standard: A mandatory action or rule designed to support and conform to a policy.
- A standard should make a policy more meaningful and effective.
- A standard must include one or more accepted specifications for hardware, software, or behavior.
Guideline: General statements, recommendations, or administrative instructions designed to achieve the policy's objectives by providing a framework within which to implement procedures.
- A guideline can change frequently based on the environment and should be reviewed more frequently than standards and policies.
- A guideline is not mandatory, rather a suggestion of a best practice. Hence "guidelines" and "best practice" are interchangeable
Procedures: Procedures describe the process: who does what, when they do it, and under what criteria. They can be text based or outlined in a process map. Represent implementation of Policy.
- A series of steps taken to accomplish an end goal.
- Procedures define "how" to protect resources and are the mechanisms to enforce policy.
- Procedures provide a quick reference in times of crisis.
- Procedures help eliminate the problem of a single point of failure.
- Also known as a SOP (Standard Operating Procedure)
Work Instructions: Describe how to accomplish a specific job. Visual aids, various forms of job aids, or specific assembly instructions are examples of work instructions. Work instructions are specific.
Forms and Other Documents: Forms are documentation that is used to create records, checklists, surveys, or other documentation used in the creation of a product or service. Records are a critical output of any procedure or work instruction and form the basis of process communication, audit material, and process improvement initiatives.