An organization needs to define official requirements for employees that address data handling, remote work guidelines, and passphrase rules. This document requires stakeholder approval and aligns with broad objectives. Which governance document is best suited for this situation?
A policy acts as a high-level directive that sets overall rules and expectations to guide the workforce. It typically has leadership approval and addresses a broad range of organizational security areas. An informal set of recommendations lacks formality and recognition. A procedure provides detailed steps rather than broad governance. Department-based rules do not cover the organization as a whole.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What distinguishes a policy from a procedure in organizational governance?
Open an interactive chat with Bash
Why is stakeholder approval crucial for a policy document?
Open an interactive chat with Bash
What are some common areas addressed by organizational security policies?