Annual reviews ensure policies remain relevant, align with organizational goals, and adapt to changing risks, regulations, and technology landscapes.
Compliance with standards like ISO 27001 often requires at least annual reviews.
Why This is Correct:
Annual reviews provide a balance between thoroughness and practicality, ensuring policies stay effective without overburdening resources.
Why Other Options Are Incorrect:
A. Every 6 months: Too frequent and unnecessary unless in high-risk environments.
B. Quarterly: Typically for operational reports, not policy reviews.
C. Before an audit: Reactive and not aligned with proactive policy management.
References:
EC-Council stresses regular, scheduled reviews of security policies, typically annually, to maintain alignment and compliance.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit