Definition

Compliance

Compliance is an organization's systematic adherence to applicable laws, regulations, norms and standards.

Compliance involves identification, assessment and proactive management of all legal, regulatory, contractual and voluntary obligations. ISO 37301 provides the certifiable framework. An effective program includes non-compliance risk assessment, policies, training, monitoring, whistleblowing and continual improvement.

Key aspects

Obligation identification

Requires maintaining an updated register of all applicable obligations: laws, regulations, contracts and voluntary standards.

Compliance culture

Requires a culture where ethics and legality are shared values, from top management to every employee.

Continuous monitoring

Includes monitoring mechanisms, performance indicators and periodic reports to top management.

Frequently asked questions

ISO 37301:2021 is the certifiable standard. It replaced ISO 19600 and establishes auditable requirements.

Compliance is the ongoing state of adherence. Audit is a point-in-time verification. Audit evaluates compliance, but complying is permanent.

Comparison

Ready to act on these findings?

Need an assessment in this area?

Request diagnosis→View research→

Loading content…

Compliance

Key aspects

Obligation identification

Compliance culture

Continuous monitoring

Frequently asked questions

ISO 27001 vs NIST CSF: cybersecurity frameworks compared

ISO 42001 vs EU AI Act: voluntary standard vs mandatory regulation

How to implement ISO 27001 in your organization

How to implement ISO 42001 for AI management

Shadow AI: artificial intelligence use without formal governance

Failed certification audit: nonconformity diagnosis and recovery plan

Ready to act on these findings?

Compliance

Key aspects

Obligation identification

Compliance culture

Continuous monitoring

Frequently asked questions

ISO 27001 vs NIST CSF: cybersecurity frameworks compared

ISO 42001 vs EU AI Act: voluntary standard vs mandatory regulation

How to implement ISO 27001 in your organization

How to implement ISO 42001 for AI management

Shadow AI: artificial intelligence use without formal governance

Failed certification audit: nonconformity diagnosis and recovery plan

Ready to act on these findings?

Compliance

Key aspects

Obligation identification

Compliance culture

Continuous monitoring

Frequently asked questions

Related content

ISO 27001 vs NIST CSF: cybersecurity frameworks compared

ISO 42001 vs EU AI Act: voluntary standard vs mandatory regulation

How to implement ISO 27001 in your organization

How to implement ISO 42001 for AI management

Shadow AI: artificial intelligence use without formal governance

Failed certification audit: nonconformity diagnosis and recovery plan

Ready to act on these findings?

Compliance

Key aspects

Obligation identification

Compliance culture

Continuous monitoring

Frequently asked questions

Related content

ISO 27001 vs NIST CSF: cybersecurity frameworks compared

ISO 42001 vs EU AI Act: voluntary standard vs mandatory regulation

How to implement ISO 27001 in your organization

How to implement ISO 42001 for AI management

Shadow AI: artificial intelligence use without formal governance

Failed certification audit: nonconformity diagnosis and recovery plan

Ready to act on these findings?