Hi ,
I am closely worked for SOP in prevous company, U can do below
1)start with just monitoring and user awarenes (Escalation and closure with cautioning the users)
2Incident management (false negative incident identification-escalation-closure with remark)
3)Preparing inputs for false positive incidents reduction (Whitelist and IP filtering technology) for network and enpoints
4)Providing diffrent types of vialation report to Information Securty dept for policy review
5)Stabalization DLP and maturing the policy to block the confidentail data with creation some responce rule
6)Once policy matured appropriate level start taking action on genuine incidents
5) Provideng monthlt/quaterly presentation for progress ti ISG stakeholders.