IT Examiner School - Oct 2025

Internal Use Only

Policy Framework: What are Standards? Standards are more detailed statements of what must be done to comply with policy. • Standards are mandatory requirements (i.e., activities, actions, rules or regulations) designed to provide policies with a support structure and specific direction they require to be meaningful and effective. Simplistic example Policy: Access to

Standards: Users are required to have a unique User ID and a confidential password.

company information systems is restricted to authorized users only.

9

These materials are for internal training purposes for NYS DFS Staff. It may not be distributed outside the department.

Internal Use Only

Policy Framework: What are Guidelines Guidelines are recommendations designed to achieve a policy’s objectives by providing a context for implementing the policy’s standards. Simplistic example

Policy: Access to company information systems is restricted to authorized users only.

Standard: Users are required to have a unique User Id and a confidential password.

Guidelines: Passwords should be eight or more alpha numeric characters in length.

10

These materials are for internal training purposes for NYS DFS Staff. It may not be distributed outside the department.