Step 1. | Determine the general policy needed. |
Step 2. | State the high-level purpose for the policy. |
Step 3. | Perform risk assessment. Collect assets. Review threats. Generate costs.
|
Step 4. | Present the risk assessment and proposed policy purpose to departmental managers. |
Step 5. | Determine the policy structure (one large or several small ones). |
Step 6. | Prepare the policy outline. Purpose Scope Policy Enforcement Terms/glossary
|
Step 7. | Get the final signoff of the policy from all departmental managers. |
Step 8. | Issue the policy to employees, and have them sign it if required. |
Step 9. | Implement or activate the new policy. |
Step 10. | Continually review the policy for flaws, and update it as required. |