Please, #infosec and #compliance professionals, I am BEGGING you, WRITE YOUR POLICIES AND PROCEDURES IN THE PRESENT TENSE.
Yes: "…risk assessment results guide appropriate management action…"
*NO*: "…risk assessment results *will* guide appropriate management action…"
Policies and procedures say what the organization DOES, not what it WILL do.
(continued)
When writing a policy or procedure which has not yet been implemented, you say that in the introduction, then write the rest of the document in the present tense.
Otherwise when you implement the policy or procedure you have to go back into the document and change all the future tense to present tense to make it accurate. Do you really want to have to do that? No, you fucking do not.