Information protection policy

Definition
An information protection policy is

"[a]n artifact of the systems security engineering process that captures the results of security-relevant analyses, the stakeholder security requirements, and other security-relevant information."