not mobile

Information Security and ePrivacy

Policy and Compliance Management

Print friendly Modified July 18, 2013

A policy is typically a concise document that outlines specific requirements, business rules or company stance that must be met. The policy is the organization’s stance on an issue, program or system. It is a rule that everyone must meet. A standard is a requirement that supports a policy and a guideline is a document that suggests a path or guidance on how to achieve or reach compliance with a policy.There are three phases in the USG policy development cycle:

  1. Formulate
  2. Refine
  3. Formalize
In the information and network security realm, policies are usually point-specific, covering a single area. Polices can be:
  • Program policies
  • Issue Specific polices
  • System policies

The USG follows the [Association of College and University Policy Administrators](http://www.acupa.org) (ACUPA) model for policy development, modified for our environment. 

Read More: USG Information Security and ePrivacy Policies and Standards