I work for a financial institution and we are required to maintain policies for everything from Data Encryption standards to Acceptable VPN and Wireless usage. I recently was asked by auditors to provide some sort of evidence that my users had read and accepted every policy that pertains to them. Of course this is going to be a big pain in the butt.

How do you all handle policy distribution and make sure that everyone that needs to read a certain policy has read, understands and has accepted it? I was thinking about developing an intranet application to help with this, but was wondering if there was already a similar solution available out there?