Annually review IT and security policies to ensure they reflect current threats, technologies, and regulatory requirements. Distribute and communicate any changes to staff.