To make sure employees comply with security policies and procedures, you can:

1. Conduct interviews with employees to assess their familiarity with the documentation, asking questions about key documents such as the Information Security Policy, confidentiality clauses, acceptable use of assets, and the Access Control Policy.

2. Look for evidence that employees are complying with the documented procedures, such as checking records, meeting minutes, training attendance lists, and other evidence that policies are being reviewed and followed.

3. Implement best practices such as writing documents that make sense for employees, sending documents for review to several people in the company, having documents approved by an authorized person, training employees on new activities or technology, making employees aware of the importance of these documents, and updating the documents regularly.

4. Set up a process for defining, approving, publishing, communicating, and reviewing/updating information security policies.

5. Make employees aware of why information security policies are needed and train them on how to identify required policies and manage them.