Policies are enforceable measures intended to promote appropriate use. They can be developed by

governments, businesses, and private groups or individuals. They normally consist of rules governing

access to, or use of, information, hardware and software. For example, a national policy on IT security

would need to define what constitutes unlawful access to networks and how to treat transgression.

Policies also affect the exchange of information, for example, by making it subject to copyright laws. In

general, policies can promote or restrict access, modify behaviour or require the fulfillment of certain

conditions prior to or during use.

Standards are social or technical rules and conventions that enable compatibility and therefore facilitate

communication or interoperability between different IT systems and their components. They might

govern the design and use of hardware, software and information. For example, communication protocols

used on the Internet, the ASCII representation for characters, or the design of the printer port on a personal

computer are all governed by standards.