Policy.
A policy is a high-level statement of management intent that formally establishes requirements to guide decisions and achieve rational outcomes.
Essentially, a policy is a statement of expectation, that is enforced by standards and further implemented by procedures.
External influencers, such as statutory, regulatory, or contractual obligations, are commonly the root cause for a policy’s existence.

Standard.
Standards are formally-established requirements in regard to processes, actions, and configurations.
Standards are finite, quantifiable requirements that satisfy Control Objectives.
Exceptions are always to Standards and never to Policies. If a standard cannot be met, it is generally necessary to implement a compensating control to mitigate the risk associated with that deficiency.