IT Procedures

A Procedure is designed to describe Who, How, Where, When, and Why by means of establishing corporate accountability in support of the implementation of a “policy”. The “How” is further documented by each organizational unit in the form of “Work Instructions” which aims to further support a procedure by providing greater detail.

Understand that policies differ from processes and procedures. You will need to carefully consider the necessary security processes and procedures after you have policy. The procedures must be created to support the policies. The procedure answer the “HOW” part i.e. how these tasks are to be accomplished.