In addition to adopting physical security measures, management should also establish a code of conduct for company employees, based upon surveys of the vulnerable points in company operations. This code should be published and made available to all employees. In the Standard Oil Company of California, extensive policy manuals are maintained, along with the highlighting of important aspects of policy through special employee bulletins or other publications; e.g., a pocket-sized pamphlet was issued to indicate company policy on such issues as conflict of interest, antitrust laws, multinational operations, government relations, and environmental protection. Policy statements should also deal with conformity to laws relating to employee health and safety. Managers in the field should be informed of and be required to conform to health and safety laws. This could include the use of special teams to perform selective audits of facilities to determine how policies are being implemented. While the specifics of each company's security policy will vary, any policy should indicate the company's posture on compliance with the law, treatment of company property, and on-the-job behavior. Penalties for violation of the code should also be explained. An important part of enforcement is to give the security manager quick access to top management so that quick decisions can be made under extraordinary circumstances. Security policies should be continually reviewed in the context of changing conditions.