Definition

compliance

By

Alexander S. Gillis, Technical Writer and Editor
Jacqueline Biscobing, Senior Managing Editor, News

Published: Oct 13, 2021

What is compliance?

Compliance is the state of being in accordance with established guidelines or specifications, or the process of becoming so. Software, for example, may be developed in compliance with specifications created by a standards body, and then deployed by user organizations in compliance with a vendor's licensing agreement. The definition of compliance can also encompass efforts to ensure that organizations are abiding by both industry regulations and government legislation.

Compliance is a prevalent business concern, partly because of an ever-increasing number of regulations that require companies to be vigilant about maintaining a full understanding of their regulatory requirements for compliance. To adhere to compliance standards, an organization must follow requirements or regulations imposed by either itself or government legislation.

Regulatory compliance examples

Some prominent regulations, standards and legislation that organizations may need to be compliant with include the following:

Sarbanes-Oxley Act of 2002. The Sarbanes-Oxley Act was enacted in response to the high-profile Enron and WorldCom financial scandals to protect shareholders and the general public from accounting errors and fraudulent practices. Among other provisions, the law sets rules on storing and retaining business records in IT systems.
Can Spam Act of 2003. The Can Spam Act requires businesses to label commercial emails as advertising, use legitimate return email addresses, provide recipients with opt-out options and process opt-out requests within 10 business days.
Health Insurance Portability and Accountability Act (HIPAA) of 1996. HIPAA Title II includes an administrative simplification section that mandates standardization of electronic health records systems and includes security mechanisms designed to protect data privacy and patient confidentiality.
Dodd-Frank Act. Enacted in 2010, this act aims to reduce federal dependence on banks by subjecting them to regulations that enforce transparency and accountability to protect customers.
Payment Card Industry Data Security Standard (PCI DSS). PCI DSS is a set of policies and procedures created in 2004 by Visa, MasterCard, Discover and American Express to ensure the security of credit, debit and cash card transactions.
Federal Information Security Management Act (FISMA). Signed into law in 2002, FISMA requires federal agencies to conduct annual reviews of information security programs. This is done to keep risks to data at or below specified acceptable levels.
Occupational Safety and Health Administration (OSHA). The OSHA requirements were introduced by the U.S. Congress in 1971 to protect worker health and safety in the U.S.
General Data Protection Regulation (GDPR). GDPR is legislation that went into effect in the European Union in 2018 that updated and unified data privacy laws. The purpose of GDPR is to protect individuals and the data that describes them and to ensure organizations that collect this data do so in a responsible manner.

IT compliance guidelines vary by country; Sarbanes-Oxley Act, for example, is U.S. legislation. Similar legislation in other countries includes Germany's Deutscher Corporate Governance Kodex and Australia's Corporate Law Economic Reform Program Act 2004. As a result, multinational organizations must be cognizant of the regulatory compliance requirements of each country they operate within. For example, GDPR applies to all organizations that are based outside the European Union, as long as they also operate in the EU.

Regulatory compliance vs. corporate compliance

There are two main types of compliance that denote where the framework is coming from: corporate and regulatory. Both corporate and regulatory compliance consist of a framework of rules, regulations and practices to follow.

Corporate compliance applies to the rules, regulations and practices an organization puts into place for compliance -- according to both external regulations and internal policies.
Regulatory compliance applies to the rules, regulations and practices an organization puts into place for compliance -- according to external regulations.

Corporate and regulatory compliance are very similar, with their main difference being whether their policies come from internal or external regulations.

Chief compliance officer and other compliance roles

As regulations and other guidelines have increasingly become a concern for corporate management, companies are turning more frequently to specialized compliance software and IT compliance consultancies. Many organizations have even added compliance jobs, such as the role of chief compliance officer (CCO).

The main responsibilities of a CCO include ensuring the organization is able to both manage compliance risk and pass a compliance audit. The exact nature of a compliance audit will vary, depending on factors such as the organization's industry, whether it is a public or private company, and the nature of the data it creates, collects and stores. Other responsibilities of a CCO include identifying the potential risks an organization faces, assessing the effectiveness of any risk-prevention processes and resolving any compliance issues.

Chief compliance officer roles and responsibilities — This image shows the roles of a chief compliance officer.

Other possible compliance roles include the following:

Compliance analysts. Compliance analysts help organizations remain compliant with regulations and prepare them for audits.
Compliance services associates. This role focuses on identifying, prioritizing and resolving issues for clients.
Compliance coordinator. This role focuses on preparing and completing regulatory and compliance documents, as well as making sure they adhere to federal, state and government requirements.
Compliance director. This role focuses on ensuring organizations conform to all rules, regulations and laws placed upon them. They are also responsible for managing and correcting any violations that occur.

Best practices and strategies for corporate compliance

To ensure an organization follows compliance laws or regulations, they should follow these best practices:

Determine compliance goals. Focus on the areas of compliance the organization needs to improve the most, such as a specific regulation, law or a violation that is costing the organization money.
Know the regulatory environment. Laws and regulations may change over time, so having staff members -- either as a part of a compliance department or otherwise -- who keep up to date on new regulations relevant to the organization's industry is a good idea.
Implement compliance tools. Compliance tools can automatically track data, aiding in compliance risk management.
Hold compliance audits. An in-depth review of regulatory compliance areas ensures an organization is following compliance regulations correctly and can help identify areas an organization needs to improve.
Review compliance regulations regularly. A regular review helps find weak points and gives an organization a chance to improve and keep its compliance efforts up to date.
Train employees for compliance policy. If employees cannot follow compliance policies, then the organization cannot fully adhere to the policies. Employees should be trained and made aware of relevant policies and be held accountable when policies are not followed.

Learn more about compliance and its related security concerns in this article.

Continue Reading About compliance

How compliance provides stakeholders evidence of success

How can a compliance strategy improve customer trust?

Data protection compliance costs less than noncompliance

Top five threats to compliance during the pandemic

Binance CEO says 'compliance is a journey' as world's largest crypto exchange faces growing crackdown

Dig Deeper on Data governance

Search Business Analytics

Qlik adds trust score to aid data prep for AI development
By measuring dimensions such as diversity and timeliness, the vendor's new tool helps users understand if their data is properly ...
Agents, semantic layers among top data, analytics trends
The top 10 predictions for the next few years are all influenced by the increasing deployment of AI to help make business ...
ThoughtSpot evolving as BI becomes driven by AI
Recent releases, including the Agentic Analytics Platform and Agentic Semantic Layer, demonstrate that the vendor continues to be...

Search AWS

Compare Datadog vs. New Relic for IT monitoring in 2024
Compare Datadog vs. New Relic capabilities including alerts, log management, incident management and more. Learn which tool is ...
AWS Control Tower aims to simplify multi-account management
Many organizations struggle to manage their vast collection of AWS accounts, but Control Tower can help. The service automates ...
Break down the Amazon EKS pricing model
There are several important variables within the Amazon EKS pricing model. Dig into the numbers to ensure you deploy the service ...

Search Content Management

CMS and e-commerce: How they differ and work together
Understanding the differences between CMSes and e-commerce platforms is vital for businesses. Yet, together, they help companies ...
8 Drupal security best practices
Drupal offers advanced security features, but admins must know how to implement and configure them. Best practices include using ...
5 steps to integrate a personalization engine into a CMS
Customer experience is a top focus in the modern business world, and personalized content can go a long way toward delivering ...

Search Oracle

Oracle sets lofty national EHR goal with Cerner acquisition
With its Cerner acquisition, Oracle sets its sights on creating a national, anonymized patient database -- a road filled with ...
With Cerner, Oracle Cloud Infrastructure gets a boost
Oracle plans to acquire Cerner in a deal valued at about $30B. The second-largest EHR vendor in the U.S. could inject new life ...
Supreme Court sides with Google in Oracle API copyright suit
The Supreme Court ruled 6-2 that Java APIs used in Android phones are not subject to American copyright law, ending a ...

Search SAP

SAP agrees to allow Celonis data access until case resolved
SAP agrees to allow Celonis customers to access data from its systems as their legal battle continues, but customers will be best...
Grow with SAP fuels Phoenix Global's digital transition
Phoenix Global implemented S/4HANA Cloud via Grow with SAP to replace outdated systems, digitize manual processes and enable AI ...
SAP Sapphire 2025 news, trends and analysis
SAP showcased new business AI applications and continued to make the case for S/4HANA Cloud as the future of SaaS-based ERP ...

Close