To ensure the appropriate information security is one of the basic tasks of every company. Information security is ensured by implementing purposive technical equipment and programming tools and also by the appropriate actions of the employees. The employees in the companies represent one of the key elements in achieving information security. Often, the employees are exactly those who are targeted by the intrusion vector and, consequently, threatening information security. In the master thesis, we conceptualize the key factors which influence the congruity of the employees with information security policy and present forming a relevant survey questionnaire which is based on the indicators originating from the scientific literature and the ISO/IEC 27001:2013 standard. Furthermore, we analyze the influence of the recorded factors on the congruity of the employees with information security policy by the analysis of the data gained in the cooperating energy companies. The analysis shows that informal norms of the employees (moral obligation and opinion that all the employees should respect the information security policy) have the biggest influence on the congruity of the employees with information security policy. The master’s thesis and the concepts and indicators recorded in the thesis represent the basis for further research of congruity of the employees with information security policy for the companies which wish to address and ascertain the actual conditions, as well as for further research of the influence of the employees on information security policy.