Defines the frequency with which to review and update the organization-wide information security program plan.