It is unfortunate that many policies are written and then left to slowly rot over time. What was a good policy five years ago may not be the right policy today. Those out-of-date but still existent policies can expose the organization to risk if they are not enforced and complied with in the organization.
MetricStream co-developed this illustration on "Policy Measurement & Evaluation" that brings out the best practices organizations require to follow in ensuring the policies are being maintained and updated. Effective policy management requires that the policy lifecycle have a regular maintenance schedule. A complete history of revisions, collaborations, communications, training and acceptance, exceptions, and enforcement actions should be carefully preserved. This, along with a program to proactively identify and respond to business changes that impact the policy environment will ensure an organization can actively demonstrate and defend a strong policy governance program.