Compliance
What is Compliance?
ComplianceThe discipline of meeting legal, regulatory, contractual, and internal security requirements through documented controls, evidence collection, and ongoing assessment.
Compliance is the practice of ensuring that an organization's people, processes, and technology adhere to the laws, regulations, industry standards, and contractual obligations applicable to its business. In cybersecurity, this typically covers data-protection laws (GDPR, CCPA, HIPAA), industry frameworks (PCI DSS, SOC 2, ISO/IEC 27001), and sector-specific rules (SOX, GLBA, FedRAMP). A compliance programme defines control objectives, maps them to authoritative sources, generates evidence (policies, logs, attestations), and is verified through internal audits and external assessments. Although compliance is often confused with security, it is a minimum baseline rather than an end state — being compliant does not guarantee being secure.
● Examples
- 01
A SaaS provider undergoing a SOC 2 Type II audit to satisfy enterprise customers.
- 02
A retailer maintaining PCI DSS controls to process payment card data.
● Frequently asked questions
What is Compliance?
The discipline of meeting legal, regulatory, contractual, and internal security requirements through documented controls, evidence collection, and ongoing assessment. It belongs to the Compliance & Frameworks category of cybersecurity.
What does Compliance mean?
The discipline of meeting legal, regulatory, contractual, and internal security requirements through documented controls, evidence collection, and ongoing assessment.
How do you defend against Compliance?
Defences for Compliance typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Compliance?
Common alternative names include: Regulatory compliance, Security compliance.