I. OBJECTIVE & PURPOSE
To define a policy and procedures for reviewing and revising departmental policies.
II. STATEMENT OF POLICY
To ensure the accuracy and completeness of departmental policies and procedures, the Chief Information Security Officer (CISO) or their delegate will conduct an annual review of all IT security policies.
Policies that are obsolete or otherwise no longer required will be retired. Once retired, these policies will be maintained as an archived file for a minimum of one year. Proposed policy revisions will be drafted and submitted for appropriate review and approval.