Policies are considered the first and highest level of documentation, from which the lower-level
elements of standards, procedures, and guidelines flow. Drag and drop each policy statement
according to its hierarchy level (i.e. from top to bottom).
Answer: 
Explanation:
A policy statement is a well-written policy. It is an important and fundamental element of a good
security practice. Policies are the foremost and uppermost level of documentation, from which the
lower-level elements of standards, procedures, and guidelines flow. The policy statement hierarchy
from top to bottom is as follows:
1.Senior Management Statement of policy
2.General Organizational Policies
3.Functional Policies
4.Mandatory Standards
5.Recommended Guidelines
6.Detailed Procedures
The CISM Prep Guide: Mastering the Five Domains of Information Security Management,
Contents: “Information Security Governance”