What is a policy?

A policy is a governing document describing what an organization does to ensure security and compliance. It outlines responsibilities and general procedures meant to implement and maintain specific security and compliance controls. An organization will generally outline specific procedures in separate procedure documents.