UCSF IT Security Policy/ Standards Hierarchy

At the top layer of the hierarchy, policies, are general management directives. The second layer, standards, are specific mandatory controls which are to be implemented within a given environment. The third layer is additional subordinate guidance and procedures created to facilitate adherence to the policies and standards. 

UCOP IS-3 Electronic Information Security Policy and Associated Standards

UCSF IT Security Policies, Standards, and Guidance