Parties having knowledge and experience for the given policy or those the policy would have direct impact on. Most certainly, representatives from Legal, Human Resources, Audit, Systems and Computer Resource Management should always be involved. By obtaining buy-in early in the policy development life cycle, wasted time and resistance is decreased. I have always been a fan of appointing a user advocate. By having a "link" to the user community, acceptance for policies being implemented is greater, because users feel they do have input into the process and feel less alienated. The last feeling you want your user community to have is that their suggestions are being made to deaf ears. While in all probability, you will not be able to implement the request, the open communication will allow all parties to see the issues from another perspective.
Dig Deeper on Information security policies, procedures and guidelines
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.