Policies, Procedures, Standards, and Guidelines should be the heart of any information security program. They are rules that layout the foundation of technology use, infrastructure, facilities, data, programs, authorized users, outside users, and dictate to the employees what is acceptable behavior in the business. They tell employees the process on how to complete a task with the technical information they need to do that task. These documents are giving to employees to read and acknowledge that they accept the rules of the organization.

No organization should be without these important documents! These will help greatly help the organization in a legal battle.


Policies are what govern the organization and ensure the employees agree to follow the rules. We can set up your initial set of policies and help you evolve the over time. Policies are a living documents that change when something dictates they need to be updated.


Procedures are repeatable, agreed upon, and documented way of completing a task in the organization. These are setup to ensure employees are following the correct steps for their job function. Every department needs a set of procedures to follow from human resources to a simple warehouse task.


Standards contain all of the the technical specifications or other critical information needed to complete a procedure so it is done exactly as needed.


Guidelines are general recommendations on how to do something but not a requirement.