Read as
Why this module exists. Security policy architecture — the hierarchy of policy, standards, procedures, and baselines — is the structural backbone that turns regulator demands and risk appetite into operational rules engineers can follow. Most Indian enterprises have a policy document that nobody reads and procedures scattered across SharePoint and tribal knowledge. This module is the structural pattern for a documentation set that actually drives behaviour.
Why this module exists. Auditors ask for “the policy.” Engineers want “the rule.” Both are right; they are asking different questions of different layers. A coherent policy architecture answers both without contradiction. This module is the four-layer model and the operational guidance for building each layer.
The four-layer model
| Layer | What it states | Approval level | Cadence |
|---|---|---|---|
| Policy | Intent. “What” the org commits to. | Board / Risk Committee | Annual review |
| Standard | Mandatory rule. “What good looks like.” | CISO / Function head | Annual review |
| Procedure | Step-by-step “how.” | Process owner | As required |
| Baseline / config | Concrete settings, parameters, version numbers. | Technical owner | Continuous |
DPDP Act in your stack?
Get a DPDP gap assessment
Free 30-minute call. We map your data flows against DPDP §8 obligations and tell you exactly which gaps to fix first. Auditor-defensible output.
Book DPDP scoping call
Replies in 4 working hrs · India-only · Senior consultants