Need-to-pick-a-Governance-Regulatory-or-Compliance-GRC-topic-and-develop-a-policy-

/in /by

Need to pick a Governance, Regulatory, or Compliance (GRC) topic and develop a policy related to that topic. Make sure your policy:

  • Can be enforceable. Don’t create a policy that cannot be enforced.
  • Does not need to be constantly updated. Policies are relatively static (similar to the US Constitution).
  • Does not mix standards, procedures, or guidelines.

Your policy should contain (at a minimum) the following:

  • Overview
  • Policy creation date / policy implementation date / policy review date
  • Purpose
  • Scope
  • Actual content of the policy
  • Reference any related standards, policies, or processes
  • Definition and terms

Please see SANS for example policies:

https://www.sans.org/security-resources/policies/g…

4-5 Pages is enough.