Sumner Blount of CA puts together his thoughts on the lifecycles of policies:Policy Lifecycles: The Foundation for a Unified GRC Approach. As you can easily see, it’s a constant feedback loop, where policies are devised, controls are created and tested, and risks adjusted based on the success of those controls. Read more »