Compliance

Compliance management involves identifying applicable requirements (legal, regulatory, contractual, internal), implementing controls to meet those requirements, monitoring adherence, and reporting on compliance status. Common compliance frameworks include SOX (financial reporting), HIPAA (healthcare data), PCI DSS (payment card data), GDPR (EU data protection), and ISO 27001 (information security). In ITIL® 5 and COBIT®, compliance is addressed through governance activities. Non-compliance can result in financial penalties, reputational damage, legal liability, and loss of business.