What is the Difference Between Policies and Standards?

This question is one that I have been asked a lot over the years, and has led to some interesting debates! But before I dive into my thoughts on the matter, I think that there is another question that needs to be asked (and answered first):

Why the confusion?

Why do these two terms cause so much confusion? After all, they are commonly used business terms. It’s not as though they are specialist data management jargon. The Oxford English Dictionary defines these two terms as follows:

Policy: A course or principle of action adopted or proposed by an organization or individual (Wikipedia elaborates this further saying that: A policy is a deliberate system of principles to guide decisions and achieve rational outcomes. A policy is a statement of intent, and is implemented as a procedure or protocol.)

Standard: A required or agreed level of quality or attainment

The way I use these terms in the context of data governance pretty much follows the above standard definitions. However, confusion arises as many people use the term policies when I would use standards, so whereas I would say that in data governance terms an organisation will have one Data Policy and many Data Quality Standards, I know that a lot of practitioners say that an organisation will have many data quality policies. So to clarify, the definitions I use are:

Data Policy: a formal document that describes an organization’s approach to managing data quality i.e. what will be done

Data Quality Standard: The standard that a certain field or data set needs to achieve e.g. that a field must always be completed or the value sit within a defined range.


So which should you use? Well I believe that it is fine to use them how you wish (and whichever fits best with your organisation’s culture) as long as you define what you mean and communicate that definition with your audience. As with most things, confusion only arises when no explanation of what is meant is provided and those on the receiving end of your messages are left to make their own (varied) interpretations.

Not defining terms is a common mistake or omission that many organisations make, but although it causes frustration and confusion, it is not the biggest problem you will face and it is easily rectified.