Over the years, numerous studies on employee compliance with information security policies (ISPs) have been conducted, contributing valuable insights to enhance information security in organisations. However, our literature review reveals that few ISP compliance studies adopt a longitudinal approach. It is well known that cross-sectional research often provides limited insight into how constructs such as ISP compliance evolve over time. While researchers have called for more longitudinal ISP compliance studies, there is little guidance on how to conduct them. To address this gap, we propose a set of seven guidelines to support both quantitative and qualitative longitudinal ISP compliance research.