A policy is a set of principles, rules, and guidelines that are formulated or adopted by an organization to reach its long-term goals. Policies are designed to influence major decisions and actions, and all activities take place within the boundaries set by them. They are used in Process Control and Risk Management.

A policy contains a written description of an organization's position on important subjects and its response to specific situations. Policies support managerial decision-making, to help the company achieve its objectives. Policies are an element of a complete governance process. This process involves an analysis of regulations, best practices, and corporate business objectives, after which they are codified into policies affecting the business actions of all employees.

Policies need to be created, reviewed, approved, and distributed; there is an ongoing process of policy acknowledgment, self-assessment, and updates. Policies must be managed throughout their lifecycle.