Summary
Security policy documents should be living documents, changing and evolving as the organization and technology changes. Policies must undergo periodic review to ensure they are kept up to date. The final policy you write is the one that will establish the review process that will incorporate the information collected as part of enforcement.
Periodic reviews of policy documents:
There is no rule as to how often the policy documents are reviewed. However, it is suggested that they be reviewed sometime between six months and one year.
A provision of the review process should include the ability to create an ad hoc review committee when there is an immediate requirement for a significant change to the policies.
What the policy reviews ...
Get Writing Information Security Policies now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
