A policy is simply, An official or prescribed plan or course of action.

A policy itself, provides no compliance and no enforcement.

Guidelines for making an effective Policy are as follows:

  • Policy as far as possible should be in writing.
  • They should be clearly understood by those who are supposed to implement them.
  • They should reflect the objectives of the Organizational Entity.
  • To ensure successful implementation of a Policy, the top managers and the subordinates who are supposed to implement them must participate in their formulation.
  • Conditions change and policies must also change accordingly. Hence, a Policy must strike reasonable balance between stability and flexibility.
  • Different policies in the Organizational Entity should not pull in different directions and should support one another.
  • Policies should not be detrimental to the interests of society.
  • Policies should be periodically reviewed in order to see whether they are to be modified, changed or completely abandoned.

Policy Structure#

A provider of the Policy is a Policy Information Point.

The digital representation of the Policy is provided by the Policy Information Point to the policy Decision Point which then passes the decision to the Policy Enforcement Point where the access is permitted or denied.

Obviously in some systems, all of the entities:

May reside within the same application of the same host.

A Policy Based Management System is one where the system’s operation is determined by a set of Policies evaluated when triggered by an event.

More Information#

There might be more information for this subject on one of the following: