The Review Committee
Ideally, the review committee would consist of representatives from all stakeholders affected by the policies. These are the same stakeholders that were involved in writing the policies. Aside from the executives, managers, and the various information technology administrators, the committee also should include a representative of the organization’s Human Resources Department and an attorney. If the review is examining policies that requires certain legal knowledge, such as encryption policies, then an attorney versed in those laws should either be present or consulted regarding the changes.
In reality, some organizations might have problems convening a committee. Smaller organizations whose resources are stretched thin ...
Get Writing Information Security Policies now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
