Skip to content

Term of the Week: Policy

What is it?

A set of mandatory requirements that apply to specific areas of an organization’s operations, including cybersecurity.

Why is it important?

Policies are important because they define the strategic intent for rules, regulations, protocols, and procedures that the organization or industry implement.

Why does a business professional need to know this?

Without effective policies, governance becomes challenging -- if not impossible.

Writing effective information security policies requires knowledge of a broad range of issues that might affect your organization. Concise policies, written in simple and unambiguous language, are more likely to be read, understood, and followed. Policies should cover how to track compliance, how to handle exceptions, and the consequences for not complying with the policy.

Research for writing effective policies must include exploration of relevant legal considerations.

Policies adopted by the executive body within an organization need reinforcement in the form of guidelines, procedures, and protocols on how the policies are to be implemented.

Business professionals need to ensure that corporate policies support an information security management strategy that guides cybersecurity specialists in the right direction to secure the organization’s information. If your cybersecurity specialists do not understand these mandates, they are likely to overlook management requirements.


  • (Wikihow Procedures) How to Write Policies and Procedures for Your Business: WikiHow. Discusses at a high level how to craft written policies and procedures and to provide them in a format accessible to all employees.
  • (PLAIN) Why Use Plain Language?: US Government. The Plain Language Action and Information Network (PLAIN) is a group of federal employees from different agencies and specialties who support the use of clear communication in government writing.

About Rodney Richardson

Photo of Rodney Richardson

Rodney Richardson has offered senior risk management expertise in leadership positions at some of the top financial institutions in the world. He is currently a vice president in the Group Audit division at Deutsche Bank, focusing on cybersecurity. Rodney was a vice president on the Strategy, Planning, and Governance team at Citigroup and also served as global head of security technology management at BNY Mellon.

Term: Policy



Leave a Reply