Policies, Standard, guidelines, Procedures (Policies identifies “what to…
Policies, Standard, guidelines, Procedures
Measurement Control Point
list of specific measurement points to obtain
Used to compare a subject with standard (Subject vs. Standard)
To ensure uniform level of compliance exists.
Standards do not contain the workflow for compliance.
Standards :red_cross: Procedures
Management’s job is to
use individual points from each standard
to create appropriate
procedures in a complete workflow in order to obtain compliance within the Organization
missing standard indicates negligence
by failing to define the requirements.
identifies “what to protect”
Requirements for policy implementation
is mandatory when a policy is officially mandated.
A missing policy indicates an executive control failure.
authority of the person
mandating a policy will determine the
scope of implementation.
A policy will state the objective, who will be responsible for decisions, administration,and penalties for noncompliance.
a particular high-level
covering activities within the organization by staff, vendors, and clients.
a chief executive mandate
for the purpose of preventing or avoiding it
to identify a topic of concern containing particular risks
A guideline provides vague direction of
“do this, not that”
very limited advice
pertaining to how organizational objectives might be obtained
Relying on guidelines without creating real step-by-step
is a control failure
because the directions provided are usually incomplete.
has to adapt or discard portions
of the information to fit the intended use.
"How-to" Instructions for Success
With a policy and standards, the lack of written procedures represents dereliction of Duty
Compliance with established procedures
is mandatory to ensure consistency and accuracy
The purpose of a procedure is to maintain the highest possible control over the Outcome
of specific tasks necessary to achieve minimum compliance to a
Step by Step format containing Common troubleshooting Steps.
Control Objective :fencer:
control objectives may relate to the following concepts
to be achieved by implementing control procedures in a
statement of the desired result or purpose