diff --git a/content/notes/14-policies-standards-practices.md b/content/notes/14-policies-standards-practices.md
new file mode 100644
index 000000000..bcbc90280
--- /dev/null
+++ b/content/notes/14-policies-standards-practices.md
@@ -0,0 +1,47 @@
+---
+title: "14-policies-standards-practices"
+aliases: 
+tags: 
+- comp210
+- lecture
+---
+
+# news
+- apple securit flaw for iphones ipads and macs
+- chrome patch actively exloited zero day
+- github blighted by researcher who created thousands of malicious projects
+- russian cyber attacks of lockheed martin
+	- armed forces hack into HIMARS
+
+# Policies
+Defn: a plan or course of action to influence and determine decisions
+
+- high level rules regarding operations of organisation
+- policies state the management intent and will
+- governments, businesses, political parties, universities etc
+
+provide roadmap for day-to-day operations
+- organisation internal law
+	- also comply with actual law
+- important for resolution of legal disputes
+	- provide accountability
+	- can protect org and employees
+- ensure consistency
+	- dont often change or deteriorate when staff changes
+- evidence of quality control, internal audits etc
+
+## good policies are
+- disseminated
+- read
+- understood
+- agreed-to
+- uniformly enforced
+
+# Procedures
+Defn: step by step descriptions of what employees must do to achieve a certain goal (as specified by a policy)
+
+- must be kept separate from policies
+- keeping them together will create a complex document that will (likely) not be read
+
+![policy and procedure p](https://i.imgur.com/rdQaLkh.png)
+