IT governance is a structure of processes that govern decision making around investment decisions, client relationships, project management and other important IT operational areas. Governance at the University of South Florida is detailed in a set of Policies, Standards and Procedures.

Policies are documents that make a specific statement requiring that a rule must be met.  They are usually point-specific, covering a single area.  Policies tend to be general in nature and usually do not have to be updated on a regular basis.  For instance: "Social Security Numbers must be protected according to industry standards."

Standards are a set of requirements to be used to conform to policies.  A standard is typically collections of system-specific or procedural-specific requirements that must be met by everyone.  Standards are be reviewed annually.  An example of a standard would be "Social Security Numbers must be encrypted."

Procedures are exactly the steps you take to perform a function and meet the requirements presented by the Standards.  Procedures should be documented to enable others to achieve the same result when the same or similar task is complete.  On our SSN example, a procedure would state "download XYZ encryption software and set encryption to ..."