policy goes a LONG WAY towards protecting the company legally.
...which, after all, is an administrative hole that cannot necessarily be filled by a technological solution. It's that case where you have done what you can technologically to prevent the (L)users doing bad things to the network or to prevent them from exposing the organization to liability knowing full well that some enterprising young hot dog will find a way to break your best plans. That is the point where your lawyer waves the policy at the court to show that the company has done everything it can to avoid the situation but that this (L)user wilfully circumvented the technology and blatantly disregarded the policy in order to create the situation leading to the liability.