Information policy... or is it a guideline or standard?

I have found that the meaning and usage of the terms ‘policy’, ‘standard’ and ‘guidelines’ is variable and interchangeable; however Bryson (1) provides the following definitions which give some clarity:

• Policy: is a high level statement that guides the decision making process and course of action to be taken. Policies usually are mandatory.
• Policy statement: describes the policy and may be supplemented by additional statements covering: policy objective and scope; responsibility for implementation, review and audit; background issues and implementation strategies.
• Standard: provides rules about the choice and management of information and its supporting technologies, such as: protocols, data capture and transfer standards; metadata and taxonomy standards; data quality; standards for record keeping; and service levels. Compliance is recommended and often required in the case of legislative standards.
• Guideline: is usually practice based and address implementation and operational issues associated with policies and standards. Guidelines are an analysis and synthesis of related policies and standards. Guidelines inform the development of processes and procedures.

The following table provides a summary of the various features that distinguish policy, standard and guideline from each other.

	Policy	Standard	Guideline
Purpose	High level statement guiding decision making process and course of action (1)	Rules about the choice and management of information and its supporting technologies (1)	Practical guide to addressing implementation and operational issues associated with policies and standards (1) Informs development of processes and procedures
Document inclusions	Statement covering purpose, objectives,  responsibility, related documents etc. (1)	Statement covering purpose, objectives,  responsibility, related documents etc. (1)	Statement covering purpose, audience, scope, background, related documents. Implementation and operational practices.
Level of compliance	Mandatory – high level of compliance required (2)	Compliance recommended or required (2, 4) Can have an associated  performance measurement (1, 3)	Optional but recommended (2, 4) Flexibility in interpretation (3, 4)
Lifespan	Relatively long life span; i.e. 5 years (3)	Variable life span due to changes environment, such as legislation (2)	Life span depend on associated policies and standards
Example	QGEA Policy: Information Policy	QG Information Security (IS18)	QGEA Guideline: Information Management Work Plan Guide

An information policy can also be guided by an organisation's information principles, for example Queensland Government Enterprise Architecture & Strategy Unit (QGEA) has produced Information principles, which “are a set of ambitions or values that departments should aspire to when making decisions regarding their information and its overall management” (2). Furthermore, information policy is set within an information framework which “is not only concerned with carefully defined legal rights or restrictions on the circulation and dissemination of information… [and] the provision of a legal and regulatory framework within which information can be stored and disseminated”, but takes into consideration technological changes and issues that impact on the development of an information literate society (6).

References:

1. Bryson, J. (2007). Managing information services: A transformational approach. Burlington, Vt.: Ashgate. [Adobe Digital Editions], pp. 129-130.
2. Creeson, C. (2005). Information security policies: Distinct from guidelines and standards. Excerpt from Chapter 2 In Information security policies made easy, Version 10 [online]. Retrieved from http://searchsecurity.techtarget.com/feature/Information-security-policies-Distinct-from-guidelines-and-standards
3. Battista, R., Hodge, M.J., & Vineis, P. (1995). Medicine, practice and guidelines: The uneasy juncture of science and art. Journal of Clinical Epidemilogy, 48(7), 875-880. Retrieved from Science Direct
4. Hendricks, H.J.M., Bekkering, G.E., van Ettekoven, H., Brandsma, J.W., van der Wees, P.J., & de Bie, R.A. (2000) Development and implementation of national practice guidelines: A prospect for continuous quality improvement in Physiotherapy. Physiotherapy, 86(10), 535-547. Retrieved from Science Direct.
5. Enterprise Architecture and Strategy Unit. (2009). Information principles. (2009, September, v 1.0.0). Queensland Government Enterprise Architecture Principles. Queensland Government Chief Information Office. Retrieved from http://www.qgcio.qld.gov.au/SiteCollectionDocuments/Architecture%20and%20Standards/QGEA%202.0/Information%20Management/Information%20principles.pdf, p. 4, point 2
6. Dearnley, J., & Feather, J. (2001). Information policy. The wired world: An introduction to the theory and practice of the information society (pp. 60-93). London: Library Association. [CSU Reserve], p. 85, para. 4