Scribd
Upload
91 views

Information Security 14- Policy Formation and Enforcement

The document outlines the importance of policies within an organization, defining them as plans that dictate acceptable behavior and provide a framework for decision-making. It discusses the relationship between policies, standards, practices, procedures, and guidelines, emphasizing their role in guiding compliance and governance. Additionally, it highlights the processes of policy formation and enforcement as essential for maintaining ethical behavior and organizational integrity.

Uploaded by

faiziikanwal47
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
91 views

Information Security 14- Policy Formation and Enforcement

The document outlines the importance of policies within an organization, defining them as plans that dictate acceptable behavior and provide a framework for decision-making. It discusses the relationship between policies, standards, practices, procedures, and guidelines, emphasizing their role in guiding compliance and governance. Additionally, it highlights the processes of policy formation and enforcement as essential for maintaining ethical behavior and organizational integrity.

Uploaded by

faiziikanwal47
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 11

Information Security

ArfanShahzad.com
Course Outline

ArfanShahzad.com
Policy

• A policy is a plan or course of action that conveys instructions from


an organization’s senior management to those who make decisions,
take actions, and perform other duties.

• Policies are organizational laws in that they dictate acceptable and


unacceptable behavior within the organization.

ArfanShahzad.com
Policy cont…

• Like laws, policies define what is right, what is wrong, what the
penalties are for violating policy, and what the appeal process is.

• To understand how policies are helpful in the growth and betterment


of the organization we have to understand few more concepts.

• There are discussed here:

ArfanShahzad.com
Policy cont…
Standards, Practices, Procedures and Guidelines
• Standards, on the other hand, are more detailed statements of what
must be done to comply with policy.

• Standards may be informal (organizational culture), as in de facto


standards, or standards may be published, scrutinized, formal, and
ratified by a group, as in de jure standards.

ArfanShahzad.com
Policy cont…
Standards, Practices, Procedures and Guidelines
• Finally, practices, procedures, and guidelines effectively explain how
to comply with policy.

• Following figure shows policies as the force that drives standards,


which in turn drive practices, procedures, and guidelines.

ArfanShahzad.com
Policy cont…
Standards, Practices, Procedures and Guidelines

ArfanShahzad.com
Policy Formation

• Policy formation is the process of creating, developing, and


establishing policies within an organization.

• These policies serve as a framework to guide employees,


management, and stakeholders in making consistent and compliant
choices in alignment with the organization's goals and values.

ArfanShahzad.com
Policy Formation cont…

ArfanShahzad.com
Policy Enforcement
• Policy enforcement is the process of ensuring that organizational policies,
rules, and regulations are adhered to by individuals, employees, and
stakeholders within an organization.

• Effective policy enforcement is a fundamental aspect of governance, risk


management, and compliance (GRC) and plays a crucial role in maintaining
ethical behavior, security, legal compliance, and the overall well-being of
an organization.

ArfanShahzad.com
Policy Enforcement cont…

• Policy enforcement could be applied in following 3 ways:

ArfanShahzad.com

You might also like