Management: Procedures: What procedures are implemented and how?
Procedures cover [all / most / some] of the activities by which [policies are implemented / protection activities are carried out / user activities are carried out], are defined and implemented in [writing / a workflow system / checklists / ad-hoc methods / a fully automated system], and are [carried out only by authorized parties / documented as carried out / tracked / audited / measured / optimized (specify against what criteria) / adapted over time]
Procedures are the sequences of steps and conditionals associated with enacting the mandates of policies and related activities. While ideally there are procedures for everything, the cost of specifying them may exceed the value they bring, especially for immature low consequence situations. As maturity and consequences increase, more and more of the activities by which policies are implemented, protection activities are carried out, and user activities are carried out are defined, automated, documented, tracked, audited, measured, optimized, and adapted over time.