“Standards cover a variety of topics and issues; they may be normative--
setting requirements for quality and actions, or informative--describing and guiding the use of methods. In all cases they represent agreements that are generally, but not always, considered to be best practice. “(Source: Aligning national approaches in Digital Preservation, 2012)
Whether the organisation applies external standards should be clear in the Policy. In this document the focus is on standards related to digital preservation, not on IT and Security.
For a good overview of relevant standards see the above mentioned document.
Many current policies of organisations not only describe that they want to adhere to standards, but they also are willing to participate in the creation of standards.