We have a lot of nomenclature problems with that definition. Our developers like to refer to everything as "policy development". As far as the gateway is concerned there does seem to be a definitive difference. I consider anything that is "addressable" via a gateway URL to be a "service". These are mostly created from the "publish" functions in the Policy Manager main menu, SOAP Web Service, Web API (REST), etc. This may seem misleading to some, as the actual "service" may be something you route to from the gateway, with the gateway providing only "management" functions (security, authentication, orchestration, etc.).
A "policy" on the other hand tends to refer to fragments. These are things you can include in a "service" but are not directly addressable themselves. You can't get to them via a url. In programming terms one might refer to them as sub routines. I believe in product speak these also include Encapsulated Assertions (EA's), which have broader utility and flexibility than fragments, but still are not directly callable from outside the gateway.
At least that's my interpretation.