Writing policies is one of those things that you wish your fairy godmother could do with a jiggle of her wand. Unfortunately, you need to expend considerable thought and effort into these documents. Just as you have them down, along comes an auditor who will ask you to make a change here, a change their and you are returned to the drawing board.
I write policy documents and ensure that all stakeholders are satisfied. I can change them if your auditors ask you to.
The process I follow is below.
I understand the objective of your policy.
I discuss the scope of the policy with you.
I refer to any standards I need to for policy creation. For example, the ISO 27,001 standard has specific guidelines on policy creation.
I then create specific questions for any stakeholders whom I need information from.
I collate the responses I receive and draft the policy.
I amend the policy based on your feedback.
I would be happy to revise the policy if necessary. A revision may be required due to customer feedback, audit observations or changing business needs.
For more information, please contact me by using the contact link in the sidebar.