A SAM policy is an important part of your SAM programme and like any other policy, it is designed to ensure rules are followed and communicated appropriately.
There are two types of policy, one aimed at the end user which covers things like software use and security aspects, and the second which is an operating policy, covering aspects of SAM more from an operational governance perspective.
The business goals of your organisation will dictate the tightness of your SAM policy, creating a trade-off of user/IT enablement versus risk management. However, at any level you must ensure that for the policy to be effective, it must be clearly defined, communicated, enforced and managed.
Defining the SAM Policy
So, how do you start putting together a coherent and comprehensive SAM policy?