Measuring policy compliance

[Daryl Haines <darylhaines () liberata com>]

Hi, 

What's the most effective solution for measuring policy compliance for
non-technical policies?  Technical policy compliance can be measured using
vulnerability assessments etc based on baselining.  But how would you
measure compliance for say your Acceptable Use Policy.  Does anyone use
scorecards?  If so, is using a scorecard a good means to measuring policy
compliance as opposed to standards compliance?  Any thoughts on this subject would be much appreciated

Thanks 

Daryl Haines
Information Security Officer

---------------------------------------------------------------------------
----------------------------------------------------------------------------