An IT policy is a document that defines the rules, standards, and procedures for the use, management, and security of IT resources within an organization. An IT policy should be aligned to the business requirements, which are the needs, expectations, and objectives of the business stakeholders, such as customers, employees, managers, partners, regulators, etc. An IT policy that is aligned to the business requirements can help support the business strategy, improve the business performance, and enhance the business value. A key performance indicator (KPI) is a metric that measures the achievement of a specific goal or objective. A KPI should be relevant, measurable, achievable, realistic, and time-bound. The best KPI for determining how well an IT policy is aligned to the business requirements is the number of exceptions to the policy. An exception to the policy is a deviation or violation of the policy rules, standards, or procedures, which may be intentional or unintentional, authorized or unauthorized, justified or unjustified. The number of exceptions to the policy can indicate how well the policy is understood, communicated, implemented, and enforced within the organization. The number of exceptions to the policy can also indicate how well the policy reflects the current and future business needs and expectations, and how flexible and adaptable the policy is to the changing business environment. A low number of exceptions to the policy can suggest that the policy is well aligned to the business requirements, while a high number of exceptions to the policy can suggest that the policy is misaligned or outdated, and may need to be reviewed or revised. References = Key Performance Indicator (KPI): Definition, Types, andExamples, Business KPIs: 5 important characteristics to be effective, What is a KPI? How To Choose the Best KPIs for Your Business - HubSpot Blog.