A system is configured for assessing information security in a network. The system identifies portions of documents that contain information that is responsive to questions about an entity's compliance with network user requirements. The system then determines whether the identified information meets network user requirements. The system also calculates a confidence interval for its determinations. A report is generated to display the system's determinations and the associated confidence intervals for those determinations.