Lately I've seen too many ISA Firewall Policies with all of the custom created rules sitting at the top of the firewall policy. At the top isn't always the best place for a new rule. New rules should be placed according to function. There is a great TechNet article that explains how to determine where to place your new rule.
The article starts like this and then goes into further detail about how to order the rules within these categories:
Ordering the rule base
We recommend that you organize your access rules in this order:
Global deny rules. Rules that deny specific access to all users. These rules should use the rule elements that require simple networking information. An example of such a rule would be a rule that denies all users access from anywhere to anywhere on protocols used for peer-to-peer file sharing.
Global allow rules. Rules that allow specific access to all users. These rules should use the rule elements that require simple networking information. An example of this would be a rule allowing access on the Domain Name System (DNS) protocol from the Internal network to the External network.
Rules for specific computers. Rules that allow or deny access for specific computers, for example, a rule allowing UNIX computers access to the Internet.
Rules for specific users, URLs, and MIME types, and also publishing rules. Rules that contain rule elements that require additional networking information, and that enforce policy for specific users, or for specific Uniform Resource Locators (URLs) or Multipurpose Internet Mail Extensions (MIME) types. Publishing rules should also occur at this point in the rule order.
Other allow rules. Rules that handle traffic that does not match rules that occur previously in the list of rules, assuming the traffic is allowed by your corporate policy. For example, a rule allowing all traffic from the Internal network to the Internet.