Classification of IT documents

I read in one site that IT documents can be classified as
1. Policies    (I think this one requires very senior mgmt approval & non-adherences have to recorded into deviation list for regular review )
2. Standards (this one needs deviation list too if non-compliant)
3. Procedure (sort of instructional doc)
4. Guidelines (don't need to be adhered to strictly, just for guidance & allows for non-adherences without maintaining deviations)
5. Framework
(guess there are more, say "Checklists" but I'm excluding manuals & handbooks)

There's some debates as to whether to classify the following into one of the above categories:

1. Cloud Computing Implmentation :
    A list of how to assess a CSP & requirements for onboarding a system to a cloud
    I think it's "Guidelines" as googling around for “Cloud Onboarding”, shows mostly it’s a guide.
    Depending on the criticality of the system that is onboarded to Cloud, the requirements may differ

2.      Risk Assessment for Cloud Solution Sample :
        Classify as  Checklist (or if there’s no such category, then a Procedure)

3.       End User Computing Handbook  v1.5 :
         I think it's a Guideline or Guide

What about Framework?  Does ISO27001 has any mention of how to classify them?
sunhuxAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

bbaoIT ConsultantCommented:
basically ISO 27001 belongs to the Standards, sepecifically a group of ISO standards.

commonly, Framework in context for this manner of clarifying documentation categories should be technical frameworks which your team should follow in project management, product development, and infrastructure engineering, such as COBIT.

theoretically, Frameworks may also refer to those in defined in your Standards, such as ISMS framework in ISO 27001.

does it help?
sunhuxAuthor Commented:
Perhaps  I'll paste a sample document's content & need your advice if it's
more appropriate to be classified as policy, framework, guideline or ... :

refer to attached for a sample content : does such content belong more
to a policy, guideline or framework?  I plan to forward it to vendors who
are tendering to place our systems in a cloud
CloudImple.JPG
bbaoIT ConsultantCommented:
thanks for sharing the sample content. It is actually a cheklist for given security risks and the possible actions to reduce the risks respectively. It is not policy nor framework nor guideline.

you may consider it is a guideline if you have to choose one from the three, but it is too simple (hence checklist) as a guideline commonly gives more info such as problem, explanation, solution ans steps (what, why and how to do).

does it make sense?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
ITIL

From novice to tech pro — start learning today.