IT Policy is derived from authorities provided to the Chief Information Officer via the University of Iowa Operations Manual. IT policies inform the community as to their roles and responsibilities, as well as enforcement mechanisms for non-conformance with these expectations. Policies are managed via the Enterprise IT Policy Development and Approval Process.
IT Standards describe technical requirements for conformance with policies; they may describe specific configurations, timelines, or processes to meet these requirements.
IT Guidelines describe best practices for an area that is not yet covered by IT Policies & Standards. As guidelines are communicated to and implemented by the community, they may evolve into policy & standards over time.
Compliance describes how the institution addresses regulatory or industry-standard control requirements. These are normally formulated as Security Management Plans.