What is the document that outlines your company's cloud controls and security policies called?

The document that outlines your company's cloud controls and security policies is referred to as a security policy. A security policy serves as a formal document that sets forth the guidelines, principles, and practices your organization will follow to protect its digital assets, particularly in a cloud environment. This policy encompasses aspects such as access controls, data protection measures, incident response plans, and compliance requirements. By clearly defining these parameters, the security policy helps ensure that all employees and stakeholders understand their responsibilities in maintaining the security posture of the organization's cloud services.

In contrast, while a compliance standard may relate to regulatory requirements and may influence the development of a security policy, it does not specifically outline the company's policies. Similarly, regulatory documents often pertain to legal obligations rather than internal policy frameworks, and cloud governance is a broader concept that involves overall cloud management and strategy, encompassing governance, risk management, compliance, and security but not solely focusing on policies. Therefore, the term best suited for a document that explicitly states security policies is a security policy.