Policies, Standards, Guidelines & Procedures

Last Updated 17 February 2020

Policies, Standards, Guidelines & Procedures

Part of the management of any security programme is determining and defining how security will be maintained in the organisation.  Ensuring proportionate policies, standards, guidelines and procedures are in place that are understood and consistently enforced is critical in any insider risk programme.  They should provide clarity to the reader when dealing with accountability issues or activities that are of importance to the organisation. Knowing where a policy, standard, guideline or procedure is required should be defined by the role based risk assessment process.  A key stakeholder in producing effective policies will be the organisation's legal team.

  • Policies: Intended to be a set of overarching principles, they do not have to be long or complicated.
  • Standards: Outline a set of minimum requirements which must be met when commissioning a new asset.  For example, the minimum requirements for locking down the Windows operating system; or a standard used to assess eligibility for security clearance.
  • Guidelines: Intended to outline best practice - they are not mandatory, but help employees follow the rules while allowing for flexibility and common sense in different scenarios.
  • Procedures: These are how the policies should be enacted in the organisation.  They should enable and encourage employees to fulfil a task securely.  They should be clear, logical and meet legal requirements.

All of the above should seek to maintain operational effectiveness, whilst doing so in a secure manner.

Existing Products

Beginners

Personnel Security: An Ongoing Responsibility

It's OK to Say Overview

Video - 'Fly in the ointment'

10 Steps to Cyber Security: Incident Management (NCSC)

10 Steps to Cyber Security: Home and Mobile Working (NCSC)

10 Steps to Cyber Security: User Education and Awareness (NCSC)

The Principles of Supply Chain Security

Security Professionals

Protective Security Management Systems (PSeMS)

Remote Working

Online Social Networking

Ongoing Personnel Security

Personnel Security and Contractors

Offshore centres guidance

Security Messages for New Joiners

Search & Screening (Physical)

Password guidance (NCSC)

It's OK to say

5 E's to Behaviour Change

Supply Chain Security Guidance

Secure Transportation of Sensitive Items (Physical)

Mail Screening Matters (Physical)

Secure Destruction (Physical)

Tamper Indication (Physical)

Exit Procedures Guidance

Did you find this page useful? Yes No