What is the goal of the Maintenance phase in a common development process of a security policy?

A.
to review the document on the specified review date

B.
publication within the organization

C.
to write a proposal to management that states the objectives of the policy

D.
to present the document to an approving body

Explanation:
It is decided during the development phase that the security policy will be reviewed on the review date. The
purpose of the maintenance phase is to review the document on the specified review date. During this review,
the continuing viability of the document is decided. If the document is no longer required, then it is withdrawn or
cancelled. If viability is determined and changes are needed, the team jumps into the development cycle at
Phase Two and the cycle begins again.
Incorrect Answers:
B: Publication within the organization is performed in the publication phase, not the maintenance phase.
C: Writing a proposal to management that states the objectives of the policy is performed in the Initiating and
Evaluation phase.D: Presenting the document to an approving body is performed in the Approval phase.

Information Security Management Handbook, Fourth Edition, Volume 3. Harold F. Tipton. Page: 380-382.