UnixTime

Research Note

Template - Policy Review Checklist

Use this during planned policy reviews or event-driven reviews after significant changes.

On this page

When to use this

Practical use

Use this as a working artifact. Fill it with real owners, dates, decisions, evidence locations, and review status.

Use this during planned policy reviews or event-driven reviews after significant changes.

Review question Yes/No Notes Action required
Is the policy still aligned with the ISMS scope?
Is the policy still aligned with current risks?
Have there been incidents requiring updates?
Have there been new vulnerabilities or threats?
Have there been technology changes?
Have there been legal, regulatory, or contractual changes?
Have there been organizational changes?
Are responsibilities still accurate?
Are references to supporting documents still valid?
Is the policy clear and understandable?
Is implementation still cost-effective and proportionate?
Are communication and acknowledgement requirements defined?
Does the policy need revision?
Has the review been recorded?