To ensure employees comply with security policies and procedures, you can:

1. Conduct interviews with employees to assess their familiarity with the documentation, asking questions about key documents such as the Information Security Policy and Access Control Policy.
2. Look for evidence that employees are complying with documented procedures, such as checking backup logs for compliance with backup policies.
3. Check records, meeting minutes, training attendance lists, and other evidence that policies are being reviewed and followed.
4. Write documents that make sense for employees, using easy-to-understand language for smaller companies and familiar formats for larger corporations.
5. Send documents for review to several people in the company to get valuable inputs and commitment.
6. Ensure documents are approved by an authorized person to increase compliance likelihood.
7. Train employees on new activities or technologies defined by new documents to prevent wrong activities or avoidance.
8. Make employees aware of the importance of these documents to avoid negative attitudes.
9. Regularly update documents to prevent avoidance.