The Review Committee
Ideally, the review committee would consist of representatives from all stakeholders affected by the policies. These are the same stakeholders that were involved in writing the policies. Aside from the executives, managers, and the various information technology administrators, the committee also should include a representative of the organization’s Human Resources Department and an attorney. If the review is examining policies that requires certain legal knowledge, such as encryption policies, then an attorney versed in those laws should either be present or consulted regarding the changes.
In reality, some organizations might have problems convening a committee. Smaller organizations whose resources are stretched thin ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access