Compliance with your organisation's Information Security Policy is mandatory. This topic discusses ways of ensuring that compliance is achieved and failures to comply are actioned.
The compliance monitoring process could lead to resentment among staff, unless it is handled sensitively.
Complacency over Information Security Policy compliance may inadvertently expose your organisation to legal action.
Regular use of software tools to monitor technical compliance will provide your organisation with information about strengths and weaknesses of your Information Security.
Initiate periodic internal assessments ('Internal Audit') and / or external assessors (where appropriate) to assess the degree of compliance with your Information Security Policy.
Plot the results of assessment and perform a gap analysis to pinpoint problems and identify successes. Feed the results into your Information Security Plan.
The integrity of an Information Security audit can be threatened where software tools (for probing and analysis) are accessible to unauthorised users who might corrupt / modify the results. See Access Control.
Protect access to the tools (for probing and analysis) and their associated data files to safeguard the integrity of the results. See Access Control.