What is Compliance?

Understanding Compliance

Adherence to a mandate; both the actions demonstrating adherence and the tools, processes, and documentation that are used in adherence. Compliance refers to the state of meeting requirements imposed by laws, regulations, industry standards, contractual obligations, or internal policies. It involves implementing controls, policies, and procedures to satisfy requirements and being able to demonstrate this adherence through documentation and evidence. Compliance programs are required by numerous regulations including GDPR, HIPAA, SOX, PCI DSS, and frameworks like ISO 27001. Organizations implement compliance through governance structures, control frameworks, risk assessments, training, monitoring, and regular audits. For example, a healthcare provider might implement a comprehensive HIPAA compliance program including privacy policies, security controls, staff training, and regular compliance assessments. Related terms: Regulatory compliance, Governance, Audit, Attestation, Due diligence, Risk management, Control framework.