Home / IT Governance and Policy / Policy / What is a Standard?

What is a Standard?

The traditional definition of standard is a basis for comparison, a reference point against which other things can be evaluated. In the case of information security, a standard is a document that is based on a governance area that is more specific than a policy and typically high level. A standard is specific but not detailed; the detailed aspect of governance is typically called a guideline or a procedure. At ASU our definition of a standard is any document that sets a level for which a bare minimum of requirements are to be met. It should be noted that a standard is not a step-by-step manual on how to complete a task. Documents below will open in PDF format.