Please enable JavaScript.
Coggle requires JavaScript to display documents.
Policies, Standard, guidelines, Procedures (Policies identifies “what to…
Policies, Standard, guidelines, Procedures
Policies
identifies “what to protect”
to identify a topic of concern containing particular risks
for the purpose of preventing or avoiding it
a chief executive mandate
a particular high-level
control
objective
#
provide a
general control
covering activities within the organization by staff, vendors, and clients.
Requirements for policy implementation
Compliance
is mandatory when a policy is officially mandated.
#
:check:
A policy will state the objective, who will be responsible for decisions, administration,and penalties for noncompliance.
The
authority of the person
mandating a policy will determine the
scope of implementation.
A missing policy indicates an executive control failure.
Standards
Measurement Control Point
list of specific measurement points to obtain
compliance
#
1.Management reviews,
2.peer reviews,
3.testing, and
4.audits
Used to compare a subject with standard (Subject vs. Standard)
To ensure uniform level of compliance exists.
Essentials
Standards do not contain the workflow for compliance.
Standards :red_cross: Procedures
Management’s job is to
use individual points from each standard
to create appropriate
procedures in a complete workflow in order to obtain compliance within the Organization
A
missing standard indicates negligence
by failing to define the requirements.
Guidelines
=
General Instructions
A guideline provides vague direction of
“do this, not that”
to provide
very limited advice
pertaining to how organizational objectives might be obtained
Essentials
Guidelines are
discretionary
because the directions provided are usually incomplete.
The user
has to adapt or discard portions
of the information to fit the intended use.
Relying on guidelines without creating real step-by-step
procedures
is a control failure
#
Procedures
=
"How-to" Instructions for Success
providing a
workflow
of specific tasks necessary to achieve minimum compliance to a
standard
.
#
Step by Step format containing Common troubleshooting Steps.
Essentials
The purpose of a procedure is to maintain the highest possible control over the Outcome
Compliance with established procedures
is mandatory to ensure consistency and accuracy
With a policy and standards, the lack of written procedures represents dereliction of Duty
Control Objective :fencer:
A
statement of the desired result or purpose
to be achieved by implementing control procedures in a
particular process
control objectives may relate to the following concepts
• Effectiveness
• Efficiency
• Confidentiality
• Integrity
• Availability
• Compliance
• Reliability
