Organizations use policies and procedures to outline rules outline courses of action to deal with problems. Organization's policies and procedures to make employees understand the organization’s views and values on specific issues, and what will occur if they are not followed. Policies are general statements of how an organization want to behave and procedures define exactly how to do a task or perform step by step .A policy can be security related also and that can be used to identify risks and mitigate risks.
Example: Organization can have a policy to implement physical security and prevent unauthorized access inside the office premise. This policy is applicable to everyone in the organization and general public and must be followed strictly, without deviation. Policy may state that public can access only up to the reception and beyond reception only employees are allowed. Procedure is the step-by-step instruction given to the reception area how to deal with anyone who is trying to cross reception and trying to enter inside the office.
All the employees must identify themselves with an two-factor identification process. Using identity card and with biometric finger print scan to enter inside the office area.
1) Anyone who is trying to enter the office area from reception must cross the first security guard check point.
2) All the employees must have the identity card and show their identity card to the security guard for verification.
3) The security guard must thoroughly check the identity card, photo of the employee, name of the employee and card issuer's signature in the identity card to make sure that he is an employee of the company.
4) The face of the employee must be clearly visible for security inspection.
5) Once the security identity that the employee is genuine, he can move forward and scan his fingerprint to access the office.
6) If the employee’s face is not similar to that in identity card, the security guard must contact the senior officer of the employee or human resources department for a verification.
7) If any person who is trying to enter the office from reception cannot be verified as a genuine employee, they must be guided out of the building by the security guard.
Standards and Guidelines
A standard is used to specify the technologies which must be used for a specific task and guidelines are only suggestions and are not mandatory.