Back to Glossary

Policies and Procedures

Policies and procedures are structured guidelines and guiding principles that define how an organization and its employees should operate. Policies define the what and why of company operations, and procedures outline the how and when.

A policy is a high-level statement that describes a company’s position on a subject or area of operation. It outlines what should be done but does not specify how.

A procedure is a step-by-step description of how to implement a policy. It describes how to perform a specific task or activity related to that policy.

  • Policy: “Data security is a top priority for our organization, ensuring our customer, company, and employee data is highly secure.”
  • Procedure: “The procedure for reporting a security incident involves contacting the IT help desk, completing an incident report form, and notifying the security officer.”