To make sure employees comply with security policies and procedures, follow these best practices:

1. **Write understandable documents**: Tailor the documents to the audience, using simple language for smaller companies and familiar formats for larger ones.
2. **Review and get input**: Send documents for review to several people who will need to comply with them to gather valuable input and gain their commitment.
3. **Approval by authority**: Ensure documents are approved by an authorized person with authority to increase compliance likelihood.
4. **Training**: Train employees on new activities or technologies defined by the documents to prevent incorrect actions or avoidance.
5. **Awareness**: Make employees aware of the importance of these documents to prevent negative attitudes.
6. **Regular updates**: Update documents regularly to prevent them from being ignored.

Additionally, integrate these practices into your Quality Management System and foster a culture of awareness where employees are encouraged to report vulnerabilities and contribute to continuous improvement.