With the new design of our Policies page, visitors can conveniently locate, search, and preview our office’s policies, standards, and guidelines. Along with a contemporary design, the three terms each include a brief definition. Understanding their differences can prevent confusion and help you find the information you need to carry out your work securely. So, what are the differences between policies, standards, and guidelines?
Simply put, policies are high-level statements of management intent. Each policy identifies our office’s security objectives, goals, and requirements without getting into their exact implementation. Policies are the foundation for standards and guidelines.
Standards cover the roles, procedures, and technologies for implementing policies in various situations. They specify which technologies we use to implement our policies and how we configure those technologies. Bad actors would love to have access to this information, so we do not make standards publicly accessible. For this reason, our standards are in Box, behind a WUSTL Key login.
Guidelines provide recommended directions for meeting policies and standards. They are not mandatory and provide general guidance where standards do not apply. As with standards, we keep the entire guideline in WUSTL Box. In summary, policies, standards, and guidelines provide a framework for ensuring the confidentiality, integrity, and availability of WashU systems. Knowing where to find these resources and understanding the differences between their components will make it easy to find what you need to help keep WashU secure.