Compliance means conforming to specifications, policies, standards, regulations, rules, laws, etc., as required or requested (e.g., compliance with federal laws, device compliance with industry standards, compliance with company policies, etc.). Regulatory compliance describes goals that corporations or public agencies aspire to in their efforts to ensure that personnel are aware of and take steps to comply with relevant laws, standards, and regulations. Examples of such rules, standards, etc. include International Organization for Standardization (ISO) standards, Gramm-Leach-Bliley Act (GLBA) standards, Federal Information Security Management Act (FISMA) standards, Health Insurance Portability and Accountability Act (HIPAA) standards, the control objectives for information and related technology (COBIT) framework, National Institute of Standards and Technology (NIST) standards, etc.
Compliance data is defined as all data belonging or pertaining to an entity or included in the law, which can be used for the purpose of implementing or validating compliance. One way organizations (e.g., corporations, public agencies, etc.) attempt to measure compliance is to collect compliance data via compliance questionnaires. An organization may disseminate the compliance questionnaires to its employees, and may determine the organization's compliance based on answers provided to the compliance questionnaires.