/kəmˈplaɪəns/
noun — “following the rules so your systems don’t end up on the corporate naughty list.”
Compliance is the practice of ensuring that an organization’s policies, processes, and technology adhere to legal, regulatory, and industry standards. In IT and cybersecurity, this means implementing controls and reporting procedures that satisfy frameworks like GDPR, HIPAA, PCI-DSS, or ISO/IEC 27001. Compliance is closely tied to Risk Management, Cybersecurity Framework, and Security Operations Center, because following standards helps prevent security incidents and protects an organization from legal or financial penalties.
The compliance process typically involves identifying applicable regulations, assessing current practices against those requirements, implementing policies and technical controls, monitoring adherence, and performing audits. Automated tools, logging, and reporting systems make it easier to maintain continuous compliance while supporting operational efficiency.
In practice, IT compliance might include:
// Verifying user access controls
sudo cat /etc/passwd | grep restricted_user
// Ensuring encryption standards
openssl enc -aes-256-cbc -in confidential.txt -out encrypted.txt
// Maintaining audit logs
tail -f /var/log/auth.log
// Generating compliance reports
compliance-tool --generate-report --format pdf
// Reviewing firewall and network policies
sudo ufw status verboseCompliance is like having a guidebook for walking through a minefield: follow the instructions carefully, and you avoid costly explosions.
See Risk Management, Cybersecurity Framework, Business Continuity, Security Operations Center, Vulnerability Management.