How to organize a lot of policies?

Hello,

I am currently working on rewriting / re-working security policies and
there are a *lot* of policies. I'm thinking it's probably not a good
idea to have users sign them all (especialy if they don't apply to
them). What I would like to do is structure them in an easy to
organize/update scheme.

I have a couple of strategies in mind and would appreciate some input.

1. Have a mother-security policiy which will basically say "be nice",
then point to other specific policies (email use, VPN use,
developper's code of conduit, etc.) for more specific details. This
approach is really a "company wide" approach where 1 signature means
the user agrees to all the policies in place. It's easy but there is
no or very low customization possible.

2. Have a fair usage policies that is wider than the one above and ask
the user's supervisor to make sure the users signs the right ones. I
guess this could be seen as a role-based. If a user is a developper,
he would have to sign X number of policies that would apply to him. I
think this is hard to track.

One of the major goal is to be able to have specific
policies/standards/procedures that are easily understandable by the
common user and not just a "sign here" type of document. By focusing
on the role of the user, I hope he/she will take the time to read what
applies to himself.

Any thoughts?
Thanks!
(N)