“Simply adhering to the letter of the law of policies or standards many times is not enough.”

Bob Ganim, chief information security officer at Neuberger Berman, as quoted by The Wall Street Journal