J. Clarke
In article <2013112613041422380-savageduck1@REMOVESPAMmecom>, savageduck1@{REMOVESPAM}me.com says...

Savageduck
On 2013-11-26 20:51:19 +0000, Tony Cooper <tonycooper214@gmail.com>said:

Tony Cooper
On Tue, 26 Nov 2013 14:54:57 -0500, "J. Clarke" <jclarkeusenet@cox.net>wrote:

J. Clarke
Tony, just a comment here but someone working in IT would typically use "policy" to describe what you are referring to as a "protocol", which could be part the reason that people are being so argumentative.

Tony Cooper
I don't know that usage. I'm not involved in IT in any way, so if there's a jargon use for "policy", then it's new to me.

I'd appreciate a definition of "policy" as it applies to IT work. Preferably, a definition in your own words rather than a link. Link definitions tend to contain references that need definitions.

To me, a "policy" would be a set of regulations that determine how a situation will be handled. A "protocol", though, is a set of steps that will be followed in performing a task. A policy determines what people do, but the protocol determines what a program does.

Correct me if I'm wrong about a policy in an IT context.

Savageduck
A corporate policy when it comes to IT could be anything from "No Apple computers permitted on our network", to "mandatory back-up of current work prior to log off", or restrictions on installing and running non-IT approved software on corporate machines. A company might have a policy requiring mandatory backup, but a protocol has to be executed to implement that policy.

J. Clarke
I'm leading you down the primrose path here a little bit but would you say that if the company had a policy that passwords much have a given level of complexity, be changed every three weeks, and be locked out for 24 hours after 5 failed login attempts, a protocol had to be executed to implement that policy?