The purpose of information security policies, standards, processes and procedures are to establish and maintain a standard of due care to prevent misuse or loss of GPC information assets. GPC information security policies are compulsory for all faculty members, staff, students, contractors and all other workers, unless explicitly exempted otherwise.
Policy provides management direction for information security based on business requirements, laws, and risks to the business, and administrative policies.
Standards are the specifications that contain measurable, mandatory rules to be applied to a process, technology, and/or action in support of a policy.
Procedures are the specific series of actions that are taken in order to comply with policies and standards.
Guidelines are more general recommendations that are optional and not mandatory like policies and standards.