Information security policy

An information security policy is the “[a]ggregate of directives, regulations, rules, and practices that prescribe how an organization manages, protects, and distributes information.”