Best approach for updating legacy policies?
Our organization has many policies that have not been updated in 5+ years. What is the best approach for systematically reviewing and updating these legacy policies? Should we prioritize by risk level or review everything at once?
1 Answers
I would probably take a stock of all policies and follow the following steps: 1. Assess the currency (current relevance) of the Policy. Do we still need it? If Not withdraw the policy. 2. If still relevant, assess if it needs to be updated? If Yes, assess the efforts required. 3. Based on this subset of policies which are relevant and need to be updated, you could take one of the following approach: a. Quick Wins: Quickly update policies where efforts required are low, followed by others b. Quickly assess the priority based on business requirements, regulatory compliance etc and update accordingly
Sign in to answer this question
Sign In