Menu
: Home : Terminology : Best Practice : : COBIT : : ISO 27002 (ISO 17799) : : ISO 27001 : : ISO 27000 Series : : ISO 20000 - ITIL : : COSO : : Info Security Policy : : Security Domains : SOX : Links : : Organisations : : Standards Orgs : : Audit Links : : Security Links : The News Page : Your IP Address : Contact : Legal Disclaimer
Search

Definitions and Terminology

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Policy

Generally, a document that provides a high-level principle or course of action. A policy’s intended purpose is to influence and guide both present and future decision making to be in line with the philosophy, objectives and strategic plans established by the enterprise’s management teams. In addition to policy content, policies need to describe the consequences of failing to comply with the policy, the means for handling exceptions, and the manner in which compliance with the policy will be checked and measured.

source: COBIT 4.0

overall intention and direction as formally expressed by management

source: ISO17799:2005 and ISO27002:2005

Management’s dictate of what should be done to effect control. A policy serves as the basis for procedures for its implementation.

source: COSO, 2004

Formally documented management expectations and intentions. Policies are used to direct decisions, and to ensure consistent and appropriate development and implementation of Processes, Standards, Roles, Activities, IT Infrastructure, etc.

source: ITIL v3, Service Operation, 2007

Formally documented management expectations and intentions. Policies are used to direct decisions, and to ensure consistent and appropriate development and implementation of Processes, Standards, Roles, Activities, IT infrastructure, etc.

source: ITIL v3, Service Strategy, 2007

Organization-wide rules governing acceptable use of computing resources, security practices, and guiding development of operational procedures

source: PCI DSS, 2008

Something missing on this page? Let us know