GRM-09: Policy Reviews
Control Family:
CSF v1.1 References:
PF v1.0 References:
Control Statement
The organization’s business leadership (or other accountable business role or function) shall review the information security policy at planned intervals or as a result of changes to the organization to ensure its continuing alignment with the security strategy, effectiveness, accuracy, relevance, and applicability to legal, statutory, or regulatory compliance obligations.