So, how do you keep your security policies current? Use them! Use them! Use them! Security policies aren’t a hoop to be jumped through. They aren’t a burden to bear. Your policies are tools to help you and your organization! When you actively use your security policies to keep your organization secure, train the people in your organization, and support the sales process, you are making sure that your policies get the attention that they deserve from across the organization...which incentivizes you to keep them up to date.
Another big benefit to keeping your InfoSec policies up to date is that you never know when you might be asked to get a security certification such as SOC 2 or ISO 27001, and if you have been keeping up on your InfoSec program, it will be much easier and faster for you to achieve.
Although it’s common to review your security policies annually, they shouldn’t be treated like holiday decorations that you take out once a year to look at. They are tools to be used all year long...and with that use, they will stay current and relevant and you will stay secure and successful.