In this talk Chris will trace back the origins of how policies are often incepted, how it can get out of hand, be slow if not impossible to update and measure compliance, and often lead us to question of is the policy helping or hindering. From this talk you'll learn how to use a software development pattern and product ways of thinking towards how your organization can manage policy; achieve continual updates to policy allowing the risk mitigations to move as fast as the risk does, not get in the way and be easy to measure compliance. Key take aways: - Policy often causes more harm than good, is slow to update, exemptions are harder still to manage, measuring compliance at scale is near on impossible. - Throwing some curly braces at a problem is not the solution. Policy if it is articulated as code, needs to embrace all the best practices of code. - Purposeless policy is potentially practically pointless. (now say it 5 times quickly) Other talks at this conference 🚀🪐 https://www.conf42.com/im2022 — 0:00 Intro 0:39 Talk