A strictly enforceable rule set that determines how a task should be completed.

A policy that governs employees' use of company equipment and Internet services. ISPs may also apply AUPs to their customers.

A document or series of documents that are backed by senior management and that detail requirements for protecting technology and information assets from threats and misuse.

A collection of processes that enable an organization to maintain normal business operations in the face of some adverse event.

A documented and resourced plan showing actions and responsibilities to be used in response to critical incidents.

The processes of planning, analysis, design, implementation, and maintenance that often govern software and systems development.

Best practice recommendations and advice for configuration items where detailed, strictly enforceable policies and standards are impractical.