Policies & Standards
Information Technology policies outline specific organizational requirements or rules that must be followed, and specific actions that are not permitted, and include statements of consequences for violations. For example, the Responsible Use of Information Technology Resources policy (PDF) covers the rules for appropriate use of the University's information technology resources, and states what actions are in violation of the policy.
Information Technology standards are specific requirements that must be met by everyone. These may be internal requirements or those from an external standards body. For example, the Strong Password Standard includes such things as required password length and composition that will produce an acceptably "strong" password that protects sensitive resources.