2) Once you have your main points, you can run through some common scenarios to see if you are missing anything that could jeopardize the data. It’s good practice to review it and practice the protocol as part of your business operation.
3) When your policy is confirmed on paper, share it with your team. Your policy is only as good as your people who have to follow it. And it only works if your guidelines are consistently put into practice.
Don’t assume your customers know your procedures for keeping their data secure. Some of the policies you write down may seem like common sense to you, but not necessarily common sense to everyone else. So, write it out, and publish it for you, your staff, and your customers’ knowledge. Everyone will be better off for having strict guidelines to know and follow.