Compliance

Compliance is the practice of ensuring that an organization's people, processes, and technology adhere to the laws, regulations, industry standards, and contractual obligations applicable to its business. In cybersecurity, this typically covers data-protection laws (GDPR, CCPA, HIPAA), industry frameworks (PCI DSS, SOC 2, ISO/IEC 27001), and sector-specific rules (SOX, GLBA, FedRAMP). A compliance programme defines control objectives, maps them to authoritative sources, generates evidence (policies, logs, attestations), and is verified through internal audits and external assessments. Although compliance is often confused with security, it is a minimum baseline rather than an end state — being compliant does not guarantee being secure.