Skip to content
Log in

Standard

Definition

A document that translates a policy requirement into specific, measurable criteria. For example, a password policy may require strong authentication; the accompanying standard specifies minimum length, character complexity, and rotation interval. Approved by the CISO or information security steering committee.

Related terms

Document control
The systematic management of all procedural documents in a quality management system, ensuring that the current approved version is in use, all...
Information Security Policy
A high-level governance document that states what the organisation intends to achieve in protecting information, assigns accountability to roles, and sets the...
Operating effectiveness
The assessment of whether a control has consistently functioned as designed over the audit period. Requires evidence of actual operation, such as...
Policy Exception
A formal, time-bounded approval to deviate from a policy or standard requirement when the standard control is not achievable. Exceptions must be...
Procedure
A step-by-step operational instruction that tells a specific role how to carry out a task in conformance with the relevant standard. Procedures...

Explained in

  • Information Security Policy HierarchyA document that translates a policy requirement into specific, measurable criteria. For example, a password policy may require strong authentication; the accom...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account