P|S|P|G – Simplified

We’ve all come across these terms in common parlance, but why not a refresher?

Policy

This is a set of high level statements across the business. A policy identifies the issue and the scope. It consists of the What? and the Why? Policies deal with rules related to key issues. A policy contains a statement of intent. A policy could also be said to be a set of rules to abide by. An information security policy of an organisation is the intent to maintain the Confidentiality, Integrity and Availability of its data.

Standard

It may assign a quantifiable measure of achievement. It could also mean something used as a measure, norm, or model in comparative evaluations. The ISO/IEC 27001 standard is the world’s leading standard for information security management. It provides requirements for establishing, implementing, maintaining and continually improving an information security management system. It is intended to be applicable to businesses of all sizes and types.

Process

A Process defines a series of actions taken to achieve a particular end. A process is a set of activities that interact to achieve a result.

Guideline

A guideline provides additional recommended guidance.This ia a piece of advice on how to act in a given situation. A guideline is a recomendation of good practice and is non-mandatory.

I hope that I have simplified the difference between the terms and made it a bit more easier to understand. In the next blog post, I will look at the elements of a good policy process.