NIST has just released its first Framework for Improving Critical Infrastructure Cybersecurity v1. http://www.nist.gov/cyberframework/index.cfm
The Framework takes a risk-based approach to managing cybersecurity risk, and is composed of three parts: the Framework Core, the Framework Implementation Tiers, and the Framework Profiles.
The Framework Implementation Tiers section will give you a quick ruler to determine at a high level where you are and as you will see, it requires formality when it comes to policies, procedures and risk assessments.
In addition, all federal data privacy regulations (FERPA, HIPAA, GLBA, RFR, FISMA) including PCI now reference NIST...