An organisation's rules for protecting information and records from unauthorised access, loss, or , balanced against legitimate findability and re-use.
An information security policy sets the rules for protecting information and records from unauthorised access, loss, or damage, as part of overall IRM governance. Security has to be balanced with legitimate findability and re-use.
IAR turns terms like this into working practice: assets classified against your disposal authority, stewarded by position, and ready to evidence.