ABSTRACT
There are 11 functions that must be performed throughout
the life of security policy documentation, from cradle to
grave. These can be categorized in four fairly distinct
phases of a policy’s life. During its development a policy
is created, reviewed, and approved. This is followed by an
implementation phase where the policy is communicated
and either complied with or given an exception. Then,
during the maintenance phase, the policy must be kept
up-to-date, awareness of it must be maintained, and com-
pliance with it must be monitored and enforced. Finally,
during the disposal phase, the policy is retired when it is no
longer required.