Tag Archives: updating security policies

How often should we update information security policies?

A good rule of thumb is this:  Information security policy documents should be updated at least once a year, or whenever a major change occurs in the business that would impact the risk of the organization.  Examples of these changes could be a merger, a new product or line of business, a major downsizing or […]