To remain viable, security policies must have a responsible individual, a schedule of reviews, a method for making recommendations for reviews, and a policy issuance and planned revision date.
Security policies must have all this so as to protect the organization from threats, including computer security threats, and how to handle situations when they do occur.
