Many policies are written and then left to slowly rot over time. What was a good policy five years ago may not be the right policy today. Those out-of-date but still existent policies can expose the organization to risk if they are not enforced and complied with in the organization. Effective policy management requires that the policy lifecycle have a regular maintenance schedule. Some organizations rank their policies on different risk levels that tie into periodic review cycles—some annually, others every other year, and others every three years. Best practice is for every policy to undergo an annual review.
The latest installment of OCEG's GRC Illustrated Series outlines how various groups can work together to ensure policies are properly implemented and enforced throughout the organization.