How mature is your information security policy program? Do you have a set of outdated documents stored in a binder or intranet site? Or do you have a documented management program that keeps your policies up to date, your users informed and your internal auditors sleeping at night?
Information security policy development should not be a one-time event. In order to effectively reduce risk and maintain a proper governance structure, organizations must periodically update written security policies as part of an ongoing management process.