Back to Glossary
Governance & RiskHigh

Compliance

Adherence to laws, regulations, and industry standards to ensure data protection and security

Skill Paths:
Compliance ManagementRisk ManagementAudit and AssessmentSecurity Governance
Job Paths:
Compliance OfficerRisk ManagerSecurity AuditorPrivacy Officer
Relevant Certifications:
CISSPCISMCIPPCRISCISO 27001 Lead Auditor
Content

What is Compliance?

Compliance refers to following established laws, regulations, and industry standards to protect sensitive data and maintain security. It ensures organizations meet legal requirements and industry best practices.

Common Frameworks

  • ISO 27001 – Information security management
  • NIST Cybersecurity Framework – Risk management
  • GDPR – European data protection
  • HIPAA – Healthcare data protection
  • SOX – Financial reporting requirements

Compliance Strategy

  • Identify applicable regulations
  • Assess current compliance gaps
  • Implement required controls
  • Monitor and audit regularly
  • Update policies and procedures
Quick Facts
Severity Level
8/10
Frameworks

ISO 27001, NIST, GDPR, HIPAA

Focus

Data protection, privacy, security controls

Audit Cycle

Annual assessments, continuous monitoring

Example

Implementing GDPR requirements for EU data

Related Terms
Risk Assessment

Evaluating potential threats and their impact

Security Audit

Comprehensive review of security controls

Data Protection

Safeguarding sensitive information

Learn More
Compliance Framework OverviewGDPR Compliance Guide