Information security program policies

  How will the information security program policies and procedures be communicated to employees and be enforced? What are the applicable measurements and requirements for a successful information security program?