As things change, you should schedule a regular review of security posture. This should involve reviewing whether the current policy is appropriate. Consider the following:
Whether there are any outstanding alerts
Changes in the nature of the data you are storing that might require further policy adjustment
Compliance is now required with a new regulatory framework
How regularly this should be reviewed (quarterly is recommended)