This is where the rubber meets the road. Once policies are defined, information security standards must also be developed, published and communicated in order to implement the controls necessary to meet policy requirements.
Focusing on your organizational needs, standards will be developed at the appropriate level of granularity to best suit your organizational needs and associated levels of controls. As the "how-to" for implementing organizational policy requirements, information security standards are also benchmarked against international standards and industry best practices. Our information security standards provide specific guidance and assign accountability for organizational stakeholders and users.