Security Policy Management on IBM z/VM
Most organizations have a security policy that typically states the rules for controlling access to data. There also are statements for data ownership and there are rules about granting the least access that is necessary for each role.
However, there might be few instructions about the practical scenario of implementation. There might be little mention of any of the IT platforms that are involved. Thus, there might be little or no link between that policy and the security procedures that must exist.