This summary report examines an end user security policy and provides recommendations for improvement. It finds that the password policy lacks detail on complexity, length, and frequency. It also notes that company devices are not required to have antivirus software installed. Recommendations include implementing a detailed password standard, requiring antivirus on all devices, and defining acceptable and unacceptable internet usage.