I read in one site that IT documents can be classified as
1. Policies (I think this one requires very senior mgmt approval & non-adherences have to recorded into deviation list for regular review )
2. Standards (this one needs deviation list too if non-compliant)
3. Procedure (sort of instructional doc)
4. Guidelines (don't need to be adhered to strictly, just for guidance & allows for non-adherences without maintaining deviations)
(guess there are more, say "Checklists" but I'm excluding manuals & handbooks)
There's some debates as to whether to classify the following into one of the above categories:
1. Cloud Computing Implmentation :
A list of how to assess a CSP & requirements for onboarding a system to a cloud
I think it's "Guidelines" as googling around for “Cloud Onboarding”, shows mostly it’s a guide.
Depending on the criticality of the system that is onboarded to Cloud, the requirements may differ
2. Risk Assessment for Cloud Solution Sample :
Classify as Checklist (or if there’s no such category, then a Procedure)
3. End User Computing Handbook v1.5 :
I think it's a Guideline or Guide
What about Framework? Does ISO27001 has any mention of how to classify them?