What Is an IT Policy Framework?
An IT policy framework includes policies, standards, baselines, procedures, guidelines, and a taxonomy. Many frameworks resemble a hierarchy or tree. At the top of the tree is a charter or program framework policy, followed by additional policies. Then there are several standards. Under standards are many guidance and procedure documents. Getting the framework right is key to a successful security program.
NOTE
You will often hear the framework documents referred to as policies. In practice, the framework includes policies, standards, and other documents. Each type of document has a specific purpose.
Get Security Policies and Implementation Issues, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
