Policy and Compliance Management
A policy is typically a concise document that outlines specific requirements, business rules or company stance that must be met. The policy is the organization’s stance on an issue, program or system. It is a rule that everyone must meet.
A standard is a requirement that supports a policy and a guideline is a document that suggests a path or guidance on how to achieve or reach compliance with a policy.
There are three phases in the USG policy development cycle: Formulate, Refine, Formalize.
In the information and network security realm, policies are usually point-specific, covering a single area. Polices can be:
* Program policies
* Issue Specific polices
* System policies
The USG follows the [Association of College and University Policy Administrators](http://www.acupa.org) (ACUPA) model for policy development, modified for our environment.