Standards and procedures are two sets of documentation that support the policies and bring them to life.
Advantages of standards and procedures:
- Consistency
- Distribution of knowledge
- Setting expectations
- Regulatory compliance
- Management endorsement
-
Provide the “how” portion to a policy at a technology viewpoint without specific procedural detail.
-
Provides more detail as to what constitutes a password should accompany this policy statement
-
Separating this into two documents — three once we talk about procedures — provides several advantage
- Documents are easier to consume
- Lack of repetition
- Ease of maintenance
- Should be fairly simple, clear, and use words like “do,” “will,” “must,” and “shall.” They should not be ambiguous or use words and phrases such as “should,” “try,” or “mostly.”
- Take the step made from policies to standards and makes another similarly sized step further along the same trajectory
- Take the detail from standards
- Provide specific steps in order to achieve those standards.
- Revision control
- Owner/Approver
- Purpose/Overview
- Scope
- Policy statements
- Consistent naming convention
- Related documents