---
title: "14-policies-standards-practices"
aliases: 
tags: 
- comp210
- lecture
---

# news
- apple securit flaw for iphones ipads and macs
- chrome patch actively exloited zero day
- github blighted by researcher who created thousands of malicious projects
- russian cyber attacks of lockheed martin
	- armed forces hack into HIMARS

# Policies
Defn: a plan or course of action to influence and determine decisions

- high level rules regarding operations of organisation
- policies state the management intent and will
- governments, businesses, political parties, universities etc

provide roadmap for day-to-day operations
- organisation internal law
	- also comply with actual law
- important for resolution of legal disputes
	- provide accountability
	- can protect org and employees
- ensure consistency
	- dont often change or deteriorate when staff changes
- evidence of quality control, internal audits etc

## good policies are
- disseminated
- read
- understood
- agreed-to
- uniformly enforced

# Procedures
Defn: step by step descriptions of what employees must do to achieve a certain goal (as specified by a policy)

- must be kept separate from policies
- keeping them together will create a complex document that will (likely) not be read

![policy and procedure p](https://i.imgur.com/rdQaLkh.png)